@@ -317,7 +317,7 @@ Resources:
317317 LaceworkCWSAuditPolicy20251 :
318318 Type : ' AWS::IAM::ManagedPolicy'
319319 Properties :
320- ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy20251 -${AWS::AccountId}"
320+ ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy -${AWS::AccountId}-20251 "
321321 PolicyDocument :
322322 Version : 2012-10-17
323323 Statement :
@@ -554,7 +554,7 @@ Resources:
554554 LaceworkCWSAuditPolicy20252 :
555555 Type : ' AWS::IAM::ManagedPolicy'
556556 Properties :
557- ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy20252 -${AWS::AccountId}"
557+ ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy -${AWS::AccountId}-20252 "
558558 PolicyDocument :
559559 Version : 2012-10-17
560560 Statement :
@@ -685,7 +685,7 @@ Resources:
685685 LaceworkCWSAuditPolicy20253 :
686686 Type : AWS::IAM::ManagedPolicy
687687 Properties :
688- ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy20253 -${AWS::AccountId}"
688+ ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy -${AWS::AccountId}-20253 "
689689 PolicyDocument :
690690 Version : " 2012-10-17"
691691 Statement :
@@ -903,7 +903,65 @@ Resources:
903903 - ' *'
904904 Roles :
905905 - !Ref LaceworkCrossAccountAccessRole
906-
906+ LaceworkCWSAuditPolicy20254 :
907+ Type : AWS::IAM::ManagedPolicy
908+ Properties :
909+ ManagedPolicyName : !Sub "LaceworkCWSAuditPolicy-${AWS::AccountId}-20254"
910+ PolicyDocument :
911+ Version : " 2012-10-17"
912+ Statement :
913+ - Sid : SSM
914+ Action :
915+ - ' ssm:GetConnectionStatus'
916+ Effect : Allow
917+ Resource :
918+ - ' *'
919+ - Sid : EKS
920+ Action :
921+ - ' eks:DescribeAddon'
922+ - ' eks:ListAddons'
923+ Effect : Allow
924+ Resource :
925+ - ' *'
926+ - Sid : INSPECTOR2
927+ Action :
928+ - ' inspector2:BatchGetCodeSnippet'
929+ - ' inspector2:ListCisScanResultsAggregatedByChecks'
930+ - ' inspector2:ListCisScanResultsAggregatedByTargetResource'
931+ - ' inspector2:ListCisScanConfigurations'
932+ - ' inspector2:ListMembers'
933+ - ' inspector2:BatchGetFindingDetails'
934+ - ' inspector2:GetCisScanReport'
935+ - ' inspector2:GetCisScanResultDetails'
936+ - ' inspector2:ListCisScans'
937+ - ' inspector2:GetEncryptionKey'
938+ Effect : Allow
939+ Resource :
940+ - ' *'
941+ - Sid : WAF
942+ Action :
943+ - ' waf:GetRegexPatternSet'
944+ - ' waf:GetPermissionPolicy'
945+ - ' waf:ListIPSets'
946+ - ' waf:GetIPSet'
947+ - ' waf:GetRuleGroup'
948+ Effect : Allow
949+ Resource :
950+ - ' *'
951+ - Sid : WAFV2
952+ Action :
953+ - ' wafv2:GetManagedRuleSet'
954+ - ' wafv2:GetRegexPatternSet'
955+ - ' wafv2:GetPermissionPolicy'
956+ - ' wafv2:GetIPSet'
957+ - ' wafv2:ListIPSets'
958+ - ' wafv2:ListManagedRuleSets'
959+ - ' wafv2:GetRuleGroup'
960+ Effect : Allow
961+ Resource :
962+ - ' *'
963+ Roles :
964+ - !Ref LaceworkCrossAccountAccessRole
907965 LaceworkSnsCustomResource :
908966 Type : Custom::LaceworkSnsCustomResource
909967 DependsOn :
@@ -912,6 +970,7 @@ Resources:
912970 - LaceworkCWSAuditPolicy20251
913971 - LaceworkCWSAuditPolicy20252
914972 - LaceworkCWSAuditPolicy20253
973+ - LaceworkCWSAuditPolicy20254
915974 - LaceworkCrossAccountAccessRole
916975 Properties :
917976 Type : AWS_CFG
@@ -938,4 +997,3 @@ Outputs:
938997 TemplateVersion :
939998 Description : Template version
940999 Value : " 1.0"
941-
0 commit comments