Skip to content

Commit 20f2d71

Browse files
ravinadhruve10ravinadhruve10
authored
Update permissions in AWS trust-relationship CFT templates (#117)
* Remove unnecessary permission in AWS trust-relationship CFT templates Removing account:GetContactInformation since it is no longer a required permission for the CSPM feature to work. * Add macie2:ListClassificationJobs permission
1 parent e3afb31 commit 20f2d71

File tree

6 files changed

+9
-9
lines changed

6 files changed

+9
-9
lines changed

templates_cspm/CloudAgentlessRole.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ Resources:
6363
- "arn:aws:waf-regional:*:*:rule/*"
6464
- "arn:aws:waf-regional:*:*:rulegroup/*"
6565
- Effect: "Allow"
66-
Action: "account:GetContactInformation"
66+
Action: "macie2:ListClassificationJobs"
6767
Resource: "*"
6868

6969
Outputs:

templates_cspm/OrgCloudAgentlessRole.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ Resources:
6565
- "arn:aws:waf-regional:*:*:rule/*"
6666
- "arn:aws:waf-regional:*:*:rulegroup/*"
6767
- Effect: "Allow"
68-
Action: "account:GetContactInformation"
68+
Action: "macie2:ListClassificationJobs"
6969
Resource: "*"
7070
RoleStackSet:
7171
Type: AWS::CloudFormation::StackSet
@@ -136,5 +136,5 @@ Resources:
136136
- "arn:aws:waf-regional:*:*:rule/*"
137137
- "arn:aws:waf-regional:*:*:rulegroup/*"
138138
- Effect: "Allow"
139-
Action: "account:GetContactInformation"
139+
Action: "macie2:ListClassificationJobs"
140140
Resource: "*"

templates_cspm_cloudlogs/FullInstall.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ Resources:
7676
- "arn:aws:waf-regional:*:*:rule/*"
7777
- "arn:aws:waf-regional:*:*:rulegroup/*"
7878
- Effect: "Allow"
79-
Action: "account:GetContactInformation"
79+
Action: "macie2:ListClassificationJobs"
8080
Resource: "*"
8181
CloudLogsRole:
8282
Type: "AWS::IAM::Role"

templates_cspm_cloudlogs/OrgFullInstall.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ Resources:
8181
- "arn:aws:waf-regional:*:*:rule/*"
8282
- "arn:aws:waf-regional:*:*:rulegroup/*"
8383
- Effect: "Allow"
84-
Action: "account:GetContactInformation"
84+
Action: "macie2:ListClassificationJobs"
8585
Resource: "*"
8686
CloudLogsRole:
8787
Type: "AWS::IAM::Role"
@@ -190,5 +190,5 @@ Resources:
190190
- "arn:aws:waf-regional:*:*:rule/*"
191191
- "arn:aws:waf-regional:*:*:rulegroup/*"
192192
- Effect: "Allow"
193-
Action: "account:GetContactInformation"
193+
Action: "macie2:ListClassificationJobs"
194194
Resource: "*"

templates_cspm_eventbridge/FullInstall.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ Resources:
8888
- "arn:aws:waf-regional:*:*:rule/*"
8989
- "arn:aws:waf-regional:*:*:rulegroup/*"
9090
- Effect: "Allow"
91-
Action: "account:GetContactInformation"
91+
Action: "macie2:ListClassificationJobs"
9292
Resource: "*"
9393
EventBridgeRole:
9494
Type: AWS::IAM::Role

templates_cspm_eventbridge/OrgFullInstall.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ Resources:
132132
- "arn:aws:waf-regional:*:*:rule/*"
133133
- "arn:aws:waf-regional:*:*:rulegroup/*"
134134
- Effect: "Allow"
135-
Action: "account:GetContactInformation"
135+
Action: "macie2:ListClassificationJobs"
136136
Resource: "*"
137137
EventBridgeRole:
138138
Type: AWS::IAM::Role
@@ -245,7 +245,7 @@ Resources:
245245
- "arn:aws:waf-regional:*:*:rule/*"
246246
- "arn:aws:waf-regional:*:*:rulegroup/*"
247247
- Effect: "Allow"
248-
Action: "account:GetContactInformation"
248+
Action: "macie2:ListClassificationJobs"
249249
Resource: "*"
250250
EventBridgeRole:
251251
Type: AWS::IAM::Role

0 commit comments

Comments
 (0)