Skip to content

Commit cee7459

Browse files
miguelpaismiguelpais
authored
[SSPROD-40007] Adding necessary permissions for CFT serverless scanning (#118)
1 parent 20f2d71 commit cee7459

File tree

6 files changed

+27
-0
lines changed

6 files changed

+27
-0
lines changed

templates_cspm/CloudAgentlessRole.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,9 @@ Resources:
6565
- Effect: "Allow"
6666
Action: "macie2:ListClassificationJobs"
6767
Resource: "*"
68+
- Effect: "Allow"
69+
Action: "lambda:GetRuntimeManagementConfig"
70+
Resource: "*"
6871

6972
Outputs:
7073
RoleARN:

templates_cspm/OrgCloudAgentlessRole.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,9 @@ Resources:
6767
- Effect: "Allow"
6868
Action: "macie2:ListClassificationJobs"
6969
Resource: "*"
70+
- Effect: "Allow"
71+
Action: "lambda:GetRuntimeManagementConfig"
72+
Resource: "*"
7073
RoleStackSet:
7174
Type: AWS::CloudFormation::StackSet
7275
Properties:
@@ -138,3 +141,6 @@ Resources:
138141
- Effect: "Allow"
139142
Action: "macie2:ListClassificationJobs"
140143
Resource: "*"
144+
- Effect: "Allow"
145+
Action: "lambda:GetRuntimeManagementConfig"
146+
Resource: "*"

templates_cspm_cloudlogs/FullInstall.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,9 @@ Resources:
7878
- Effect: "Allow"
7979
Action: "macie2:ListClassificationJobs"
8080
Resource: "*"
81+
- Effect: "Allow"
82+
Action: "lambda:GetRuntimeManagementConfig"
83+
Resource: "*"
8184
CloudLogsRole:
8285
Type: "AWS::IAM::Role"
8386
Properties:

templates_cspm_cloudlogs/OrgFullInstall.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,9 @@ Resources:
8383
- Effect: "Allow"
8484
Action: "macie2:ListClassificationJobs"
8585
Resource: "*"
86+
- Effect: "Allow"
87+
Action: "lambda:GetRuntimeManagementConfig"
88+
Resource: "*"
8689
CloudLogsRole:
8790
Type: "AWS::IAM::Role"
8891
Properties:
@@ -192,3 +195,6 @@ Resources:
192195
- Effect: "Allow"
193196
Action: "macie2:ListClassificationJobs"
194197
Resource: "*"
198+
- Effect: "Allow"
199+
Action: "lambda:GetRuntimeManagementConfig"
200+
Resource: "*"

templates_cspm_eventbridge/FullInstall.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,9 @@ Resources:
9090
- Effect: "Allow"
9191
Action: "macie2:ListClassificationJobs"
9292
Resource: "*"
93+
- Effect: "Allow"
94+
Action: "lambda:GetRuntimeManagementConfig"
95+
Resource: "*"
9396
EventBridgeRole:
9497
Type: AWS::IAM::Role
9598
Properties:

templates_cspm_eventbridge/OrgFullInstall.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,9 @@ Resources:
134134
- Effect: "Allow"
135135
Action: "macie2:ListClassificationJobs"
136136
Resource: "*"
137+
- Effect: "Allow"
138+
Action: "lambda:GetRuntimeManagementConfig"
139+
Resource: "*"
137140
EventBridgeRole:
138141
Type: AWS::IAM::Role
139142
Properties:
@@ -247,6 +250,9 @@ Resources:
247250
- Effect: "Allow"
248251
Action: "macie2:ListClassificationJobs"
249252
Resource: "*"
253+
- Effect: "Allow"
254+
Action: "lambda:GetRuntimeManagementConfig"
255+
Resource: "*"
250256
EventBridgeRole:
251257
Type: AWS::IAM::Role
252258
Properties:

0 commit comments

Comments
 (0)