File tree Expand file tree Collapse file tree 2 files changed +15
-22
lines changed Expand file tree Collapse file tree 2 files changed +15
-22
lines changed Original file line number Diff line number Diff line change @@ -94,20 +94,17 @@ Resources:
9494 Statement :
9595 - Effect : Allow
9696 Action :
97- - " s3:Get*"
98- - " s3:List*"
99- - " s3:Put*"
100- - " s3:Head*"
101- - " securityhub:GetFindings"
102- - " securityhub:BatchImportFindings"
103- - ' logs:DescribeLogStreams'
104- - ' logs:GetLogEvents'
105- - ' logs:FilterLogEvents'
106- - ' logs:PutLogEvents'
97+ - " s3:GetObject"
98+ - " s3:ListBucket"
99+ - " s3:PutObject"
100+ Resource : ' *'
101+ - Effect : Allow
102+ Action :
107103 - ' sqs:DeleteMessage'
108104 - ' sqs:DeleteMessageBatch'
109105 - ' sqs:ReceiveMessage'
110- Resource : ' *'
106+ Resource :
107+ - !Sub " arn:aws:sqs:*:${AWS::AccountId}:*"
111108
112109 ExecutionRole :
113110 Type : AWS::IAM::Role
@@ -169,12 +166,6 @@ Resources:
169166 ingestors :
170167 - cloudtrail-sns-sqs :
171168 queueURL : ${CloudTrailQueue}
172- notifiers :
173- - cloudwatch :
174- logGroup : ${LogGroup}
175- logStream : ${AlertsLogStream}
176- # - securityhub:
177- # productArn: arn:aws:securityhub:${AWS::Region}::product/sysdig/sysdig-secure-for-cloud
178169
179170 Image : quay.io/sysdig/cloud-connector-s3-bucket-config:latest
180171 Essential : false
Original file line number Diff line number Diff line change @@ -106,14 +106,16 @@ Resources:
106106 Statement :
107107 - Effect : Allow
108108 Action :
109- - " s3:Get*"
110- - " s3:List*"
111- - " s3:Put*"
112- - " s3:Head*"
109+ - " s3:GetObject"
110+ - " s3:ListBucket"
111+ Resource : ' *'
112+ - Effect : Allow
113+ Action :
113114 - ' sqs:DeleteMessage'
114115 - ' sqs:DeleteMessageBatch'
115116 - ' sqs:ReceiveMessage'
116- Resource : ' *'
117+ Resource :
118+ - !Sub " arn:aws:sqs:*:${AWS::AccountId}:*"
117119 - PolicyName : !Sub "${AWS::StackName}-TriggerScan"
118120 PolicyDocument :
119121 Statement :
You can’t perform that action at this time.
0 commit comments