From 10aa7e55ba2ca6152b423758ef2be725d7f2d063 Mon Sep 17 00:00:00 2001 From: j1-internal-automation Date: Mon, 1 Jul 2024 21:28:02 +0000 Subject: [PATCH] update CloudFormation documentation --- .../cloudformation-template.json | 7 ++++--- .../iam-cloudformation-detailed/managed-policy.md | 7 ++++--- cloudformation/iam-cloudformation-detailed/terraform.tf | 7 ++++--- .../iam-cloudformation/cloudformation-template.json | 1 + cloudformation/iam-cloudformation/managed-policy.md | 1 + cloudformation/iam-cloudformation/terraform.tf | 1 + 6 files changed, 15 insertions(+), 9 deletions(-) diff --git a/cloudformation/iam-cloudformation-detailed/cloudformation-template.json b/cloudformation/iam-cloudformation-detailed/cloudformation-template.json index 3aa93c3..526a674 100644 --- a/cloudformation/iam-cloudformation-detailed/cloudformation-template.json +++ b/cloudformation/iam-cloudformation-detailed/cloudformation-template.json @@ -79,6 +79,7 @@ "autoscaling:DescribePolicies", "backup:GetBackupVaultAccessPolicy", "backup:ListBackupVaults", + "backup:ListRecoveryPointsByBackupVault", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "batch:DescribeJobQueues", @@ -243,9 +244,7 @@ "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAccessKeys", - "iam:ListAccountAliases" + "iam:GetUserPolicy" ] } ] @@ -265,6 +264,8 @@ "Effect": "Allow", "Resource": "*", "Action": [ + "iam:ListAccessKeys", + "iam:ListAccountAliases", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", diff --git a/cloudformation/iam-cloudformation-detailed/managed-policy.md b/cloudformation/iam-cloudformation-detailed/managed-policy.md index 53f2c09..d7d5de0 100644 --- a/cloudformation/iam-cloudformation-detailed/managed-policy.md +++ b/cloudformation/iam-cloudformation-detailed/managed-policy.md @@ -42,6 +42,7 @@ "autoscaling:DescribePolicies", "backup:GetBackupVaultAccessPolicy", "backup:ListBackupVaults", + "backup:ListRecoveryPointsByBackupVault", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "batch:DescribeJobQueues", @@ -206,9 +207,7 @@ "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAccessKeys", - "iam:ListAccountAliases" + "iam:GetUserPolicy" ] } ] @@ -225,6 +224,8 @@ "Effect": "Allow", "Resource": "*", "Action": [ + "iam:ListAccessKeys", + "iam:ListAccountAliases", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", diff --git a/cloudformation/iam-cloudformation-detailed/terraform.tf b/cloudformation/iam-cloudformation-detailed/terraform.tf index b657ce6..2718036 100644 --- a/cloudformation/iam-cloudformation-detailed/terraform.tf +++ b/cloudformation/iam-cloudformation-detailed/terraform.tf @@ -68,6 +68,7 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy" { "autoscaling:DescribePolicies", "backup:GetBackupVaultAccessPolicy", "backup:ListBackupVaults", + "backup:ListRecoveryPointsByBackupVault", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "batch:DescribeJobQueues", @@ -232,9 +233,7 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy" { "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAccessKeys", - "iam:ListAccountAliases" + "iam:GetUserPolicy" ] } ] @@ -256,6 +255,8 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy_2" { "Effect": "Allow", "Resource": "*", "Action": [ + "iam:ListAccessKeys", + "iam:ListAccountAliases", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", diff --git a/cloudformation/iam-cloudformation/cloudformation-template.json b/cloudformation/iam-cloudformation/cloudformation-template.json index 6e53842..e3515e6 100644 --- a/cloudformation/iam-cloudformation/cloudformation-template.json +++ b/cloudformation/iam-cloudformation/cloudformation-template.json @@ -47,6 +47,7 @@ "Effect": "Allow", "Resource": "*", "Action": [ + "backup:List*", "batch:Describe*", "batch:List*", "cloudhsm:Describe*", diff --git a/cloudformation/iam-cloudformation/managed-policy.md b/cloudformation/iam-cloudformation/managed-policy.md index a4d8779..342df55 100644 --- a/cloudformation/iam-cloudformation/managed-policy.md +++ b/cloudformation/iam-cloudformation/managed-policy.md @@ -8,6 +8,7 @@ "Effect": "Allow", "Resource": "*", "Action": [ + "backup:List*", "batch:Describe*", "batch:List*", "cloudhsm:Describe*", diff --git a/cloudformation/iam-cloudformation/terraform.tf b/cloudformation/iam-cloudformation/terraform.tf index f205ef4..fb86535 100644 --- a/cloudformation/iam-cloudformation/terraform.tf +++ b/cloudformation/iam-cloudformation/terraform.tf @@ -36,6 +36,7 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy" { "Effect": "Allow", "Resource": "*", "Action": [ + "backup:List*", "batch:Describe*", "batch:List*", "cloudhsm:Describe*",