Skip to content

Commit

Permalink
feat(RAIN-91433): Add permission for get-api-keys in apigateway and a…
Browse files Browse the repository at this point in the history 
…pigatewayv2 (#87)

* Change apigateway Permission
  • Loading branch information
@jjzhangjjzhang
jjzhangjjzhang authored Dec 20, 2023
1 parent 4f6dfe6 commit 6e4c28f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 73 deletions.
35 changes: 1 addition & 34 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,41 +101,8 @@ The audit policy is comprised of the following permissions:
| SSO | sso:DescribeAccountAssignmentDeletionStatus | * |
| | sso:DescribeInstanceAccessControlAttributeConfiguration | |
| | sso:GetInlinePolicyForPermissionSet | |
| APIGATEWAY | apigateway:GetApiKeys | * |
| | apigateway:GetAuthorizers | |
| | apigateway:GetBasePathMappings | |
| | apigateway:GetClientCertificates | |
| | apigateway:GetDeployments | |
| | apigateway:GetDocumentationParts | |
| | apigateway:GetDocumentationVersions | |
| | apigateway:GetDomainNames | |
| | apigateway:GetGatewayResponses | |
| | apigateway:GetModels | |
| | apigateway:GetModelTemplate | |
| | apigateway:GetRequestValidators | |
| | apigateway:GetResources | |
| | apigateway:GetRestApis | |
| | apigateway:GetSdk | |
| | apigateway:GetSdkTypes | |
| | apigateway:GetStages | |
| | apigateway:GetTags | |
| | apigateway:GetUsagePlanKeys | |
| | apigateway:GetUsagePlans | |
| | apigateway:GetVpcLinks | |
| APIGATEWAYV2 | apigatewayv2:GetApis | * |
| | apigatewayv2:GetApiMappings | |
| | apigatewayv2:GetAuthorizers | |
| | apigatewayv2:GetDeployments | |
| | apigatewayv2:GetDomainNames | |
| | apigatewayv2:GetIntegrations | |
| | apigatewayv2:GetIntegrationResponses | |
| | apigatewayv2:GetModelTemplate | |
| | apigatewayv2:GetModels | |
| | apigatewayv2:GetRoute | |
| | apigatewayv2:GetRouteResponses | |
| | apigatewayv2:GetStages | |
| | apigatewayv2:GetVpcLinks | |
| GLACIER | glacier:ListTagsForVault | * |
| APIGATEWAY | apigateway:GET | arn:aws:apigateway:*::/apikeys, arn:aws:apigateway:*::/apikeys/* |
| WAFREGIONAL | waf-regional:ListRules | * |
| | waf-regional:GetRule | |
| | waf-regional:ListRuleGroups | |
Expand Down
42 changes: 3 additions & 39 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,52 +93,16 @@ data "aws_iam_policy_document" "lacework_audit_policy" {

statement {
sid = "APIGATEWAY"
actions = ["apigateway:GetApiKeys",
"apigateway:GetAuthorizers",
"apigateway:GetBasePathMappings",
"apigateway:GetClientCertificates",
"apigateway:GetDeployments",
"apigateway:GetDocumentationParts",
"apigateway:GetDocumentationVersions",
"apigateway:GetDomainNames",
"apigateway:GetGatewayResponses",
"apigateway:GetModels",
"apigateway:GetModelTemplate",
"apigateway:GetRequestValidators",
"apigateway:GetResources",
"apigateway:GetRestApis",
"apigateway:GetSdk",
"apigateway:GetSdkTypes",
"apigateway:GetStages",
"apigateway:GetTags",
"apigateway:GetUsagePlanKeys",
"apigateway:GetUsagePlans",
"apigateway:GetVpcLinks"]
resources = ["*"]
actions = ["apigateway:GET"]
resources = ["arn:aws:apigateway:*::/apikeys", "arn:aws:apigateway:*::/apikeys/*"]
}

statement {
sid = "APIGATEWAYV2"
actions = ["apigatewayv2:GetApis",
"apigatewayv2:GetApiMappings",
"apigatewayv2:GetAuthorizers",
"apigatewayv2:GetDeployments",
"apigatewayv2:GetDomainNames",
"apigatewayv2:GetIntegrations",
"apigatewayv2:GetIntegrationResponses",
"apigatewayv2:GetModelTemplate",
"apigatewayv2:GetModels",
"apigatewayv2:GetRoute",
"apigatewayv2:GetRouteResponses",
"apigatewayv2:GetStages",
"apigatewayv2:GetVpcLinks"]
resources = ["*"]
}
statement {
sid = "GLACIER"
actions = ["glacier:ListTagsForVault"]
resources = ["*"]
}

statement {
sid = "WAFREGIONAL"
actions = ["waf-regional:ListRules",
Expand Down

0 comments on commit 6e4c28f

Please sign in to comment.