From 236615188fba6bcb8149a15bdd299e3f4fd789a3 Mon Sep 17 00:00:00 2001
From: Jose Pablo Camacho <jose.camacho@sysdig.com>
Date: Wed, 29 Oct 2025 16:17:05 -0600
Subject: [PATCH] SSPROD-62451 - add cspm permissions

---
 modules/config-posture/main.tf | 42 ++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/modules/config-posture/main.tf b/modules/config-posture/main.tf
index 50e03e8..a085231 100644
--- a/modules/config-posture/main.tf
+++ b/modules/config-posture/main.tf
@@ -146,6 +146,48 @@ resource "aws_iam_role_policy" "cspm_role_policy" {
         Effect   = "Allow"
         Resource = "*"
       },
+      {
+        Sid      = "GetAnomalyMonitors"
+        Action   = "ce:GetAnomalyMonitors"
+        Effect   = "Allow"
+        Resource = "*"
+      },
+      {
+        Sid      = "GetClassificationExportConfiguration"
+        Action   = "macie2:GetClassificationExportConfiguration"
+        Effect   = "Allow"
+        Resource = "*"
+      },
+      {
+        Sid      = "GetRecommendationSummaries"
+        Action   = "compute-optimizer:GetRecommendationSummaries"
+        Effect   = "Allow"
+        Resource = "*"
+      },
+      {
+        Sid      = "GetReservationCoverage"
+        Action   = "ce:GetReservationCoverage"
+        Effect   = "Allow"
+        Resource = "*"
+      },
+      {
+        Sid      = "GetLifecyclePolicies"
+        Action   = "dlm:GetLifecyclePolicies"
+        Effect   = "Allow"
+        Resource = "*"
+      },
+      {
+        Sid      = "ListAddons"
+        Action   = "eks:ListAddons"
+        Effect   = "Allow"
+        Resource = "*"
+      },
+      {
+        Sid      = "ListWorkloads"
+        Action   = "wellarchitected:ListWorkloads"
+        Effect   = "Allow"
+        Resource = "*"
+      },
     ]
   })
 }