Skip to content

Commit bf4346d

Browse files
miguelpaismiguelpais
authored
[SSPROD-40004] Adding permissions for aws-templates for the getFunction call (#119)
* Adding permissions for templates * grouping * small fix
1 parent cee7459 commit bf4346d

File tree

6 files changed

+27
-9
lines changed

6 files changed

+27
-9
lines changed

templates_cspm/CloudAgentlessRole.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,9 @@ Resources:
6666
Action: "macie2:ListClassificationJobs"
6767
Resource: "*"
6868
- Effect: "Allow"
69-
Action: "lambda:GetRuntimeManagementConfig"
69+
Action:
70+
- "lambda:GetRuntimeManagementConfig"
71+
- "lambda:GetFunction"
7072
Resource: "*"
7173

7274
Outputs:

templates_cspm/OrgCloudAgentlessRole.yaml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,9 @@ Resources:
6868
Action: "macie2:ListClassificationJobs"
6969
Resource: "*"
7070
- Effect: "Allow"
71-
Action: "lambda:GetRuntimeManagementConfig"
71+
Action:
72+
- "lambda:GetRuntimeManagementConfig"
73+
- "lambda:GetFunction"
7274
Resource: "*"
7375
RoleStackSet:
7476
Type: AWS::CloudFormation::StackSet
@@ -142,5 +144,7 @@ Resources:
142144
Action: "macie2:ListClassificationJobs"
143145
Resource: "*"
144146
- Effect: "Allow"
145-
Action: "lambda:GetRuntimeManagementConfig"
147+
Action:
148+
- "lambda:GetRuntimeManagementConfig"
149+
- "lambda:GetFunction"
146150
Resource: "*"

templates_cspm_cloudlogs/FullInstall.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,9 @@ Resources:
7979
Action: "macie2:ListClassificationJobs"
8080
Resource: "*"
8181
- Effect: "Allow"
82-
Action: "lambda:GetRuntimeManagementConfig"
82+
Action:
83+
- "lambda:GetRuntimeManagementConfig"
84+
- "lambda:GetFunction"
8385
Resource: "*"
8486
CloudLogsRole:
8587
Type: "AWS::IAM::Role"

templates_cspm_cloudlogs/OrgFullInstall.yaml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,9 @@ Resources:
8484
Action: "macie2:ListClassificationJobs"
8585
Resource: "*"
8686
- Effect: "Allow"
87-
Action: "lambda:GetRuntimeManagementConfig"
87+
Action:
88+
- "lambda:GetRuntimeManagementConfig"
89+
- "lambda:GetFunction"
8890
Resource: "*"
8991
CloudLogsRole:
9092
Type: "AWS::IAM::Role"
@@ -196,5 +198,7 @@ Resources:
196198
Action: "macie2:ListClassificationJobs"
197199
Resource: "*"
198200
- Effect: "Allow"
199-
Action: "lambda:GetRuntimeManagementConfig"
201+
Action:
202+
- "lambda:GetRuntimeManagementConfig"
203+
- "lambda:GetFunction"
200204
Resource: "*"

templates_cspm_eventbridge/FullInstall.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,9 @@ Resources:
9191
Action: "macie2:ListClassificationJobs"
9292
Resource: "*"
9393
- Effect: "Allow"
94-
Action: "lambda:GetRuntimeManagementConfig"
94+
Action:
95+
- "lambda:GetRuntimeManagementConfig"
96+
- "lambda:GetFunction"
9597
Resource: "*"
9698
EventBridgeRole:
9799
Type: AWS::IAM::Role

templates_cspm_eventbridge/OrgFullInstall.yaml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,9 @@ Resources:
135135
Action: "macie2:ListClassificationJobs"
136136
Resource: "*"
137137
- Effect: "Allow"
138-
Action: "lambda:GetRuntimeManagementConfig"
138+
Action:
139+
- "lambda:GetRuntimeManagementConfig"
140+
- "lambda:GetFunction"
139141
Resource: "*"
140142
EventBridgeRole:
141143
Type: AWS::IAM::Role
@@ -251,7 +253,9 @@ Resources:
251253
Action: "macie2:ListClassificationJobs"
252254
Resource: "*"
253255
- Effect: "Allow"
254-
Action: "lambda:GetRuntimeManagementConfig"
256+
Action:
257+
- "lambda:GetRuntimeManagementConfig"
258+
- "lambda:GetFunction"
255259
Resource: "*"
256260
EventBridgeRole:
257261
Type: AWS::IAM::Role

0 commit comments

Comments
 (0)