feat: add aws permissions Closes #29 (#30)

* feat: add aws permissions Closes #29

* feat: add aws permissions Closes #29

* feat: add aws permissions Closes #29

---------

Co-authored-by: jbonner7 <root@ip-172-31-42-156.us-west-2.compute.internal>

Author: jbonner7

templates/lacework-aws-cfg-member.template.yml

@@ -317,7 +317,7 @@ Resources:
   LaceworkCWSAuditPolicy20251:
       Type: 'AWS::IAM::ManagedPolicy'
       Properties:
-        ManagedPolicyName:  !Sub "LaceworkCWSAuditPolicy20251-${AWS::AccountId}"
+        ManagedPolicyName:  !Sub "LaceworkCWSAuditPolicy-${AWS::AccountId}-20251"
         PolicyDocument:
           Version: 2012-10-17
           Statement:
@@ -554,7 +554,7 @@ Resources:
   LaceworkCWSAuditPolicy20252:
       Type: 'AWS::IAM::ManagedPolicy'
       Properties:
-        ManagedPolicyName: !Sub "LaceworkCWSAuditPolicy20252-${AWS::AccountId}"
+        ManagedPolicyName: !Sub "LaceworkCWSAuditPolicy-${AWS::AccountId}-20252"
         PolicyDocument:
           Version: 2012-10-17
           Statement:
@@ -685,7 +685,7 @@ Resources:
   LaceworkCWSAuditPolicy20253:
     Type: AWS::IAM::ManagedPolicy
     Properties:
-      ManagedPolicyName:  !Sub "LaceworkCWSAuditPolicy20253-${AWS::AccountId}"
+      ManagedPolicyName:  !Sub "LaceworkCWSAuditPolicy-${AWS::AccountId}-20253"
       PolicyDocument:
         Version: "2012-10-17"
         Statement:
@@ -903,7 +903,65 @@ Resources:
               - '*'
       Roles:
         - !Ref LaceworkCrossAccountAccessRole
-
+  LaceworkCWSAuditPolicy20254:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      ManagedPolicyName:  !Sub "LaceworkCWSAuditPolicy-${AWS::AccountId}-20254"
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Sid: SSM
+            Action:
+              - 'ssm:GetConnectionStatus'
+            Effect: Allow
+            Resource:
+              - '*'
+          - Sid: EKS
+            Action:
+              - 'eks:DescribeAddon'
+              - 'eks:ListAddons'
+            Effect: Allow
+            Resource:
+              - '*'
+          - Sid: INSPECTOR2
+            Action:
+              - 'inspector2:BatchGetCodeSnippet'
+              - 'inspector2:ListCisScanResultsAggregatedByChecks'
+              - 'inspector2:ListCisScanResultsAggregatedByTargetResource'
+              - 'inspector2:ListCisScanConfigurations'
+              - 'inspector2:ListMembers'
+              - 'inspector2:BatchGetFindingDetails'
+              - 'inspector2:GetCisScanReport'
+              - 'inspector2:GetCisScanResultDetails'
+              - 'inspector2:ListCisScans'
+              - 'inspector2:GetEncryptionKey'
+            Effect: Allow
+            Resource:
+              - '*'
+          - Sid: WAF
+            Action:
+              - 'waf:GetRegexPatternSet'
+              - 'waf:GetPermissionPolicy'
+              - 'waf:ListIPSets'
+              - 'waf:GetIPSet'
+              - 'waf:GetRuleGroup'
+            Effect: Allow
+            Resource:
+              - '*'
+          - Sid: WAFV2
+            Action:
+              - 'wafv2:GetManagedRuleSet'
+              - 'wafv2:GetRegexPatternSet'
+              - 'wafv2:GetPermissionPolicy'
+              - 'wafv2:GetIPSet'
+              - 'wafv2:ListIPSets'
+              - 'wafv2:ListManagedRuleSets'
+              - 'wafv2:GetRuleGroup'
+            Effect: Allow
+            Resource:
+              - '*'
+      Roles:
+        - !Ref LaceworkCrossAccountAccessRole
   LaceworkSnsCustomResource:
     Type: Custom::LaceworkSnsCustomResource
     DependsOn:
@@ -912,6 +970,7 @@ Resources:
       - LaceworkCWSAuditPolicy20251
       - LaceworkCWSAuditPolicy20252
       - LaceworkCWSAuditPolicy20253
+      - LaceworkCWSAuditPolicy20254
       - LaceworkCrossAccountAccessRole
     Properties:
       Type: AWS_CFG
@@ -938,4 +997,3 @@ Outputs:
   TemplateVersion:
     Description: Template version
     Value: "1.0"
-