Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(RAIN-94335): Adding permission for terraform version 0.19.0 #128

Merged
merged 4 commits into from
Jan 31, 2025
Merged

feat(RAIN-94335): Adding permission for terraform version 0.19.0 #128

merged 4 commits into from
Jan 31, 2025

Conversation

LMAX-iwnf
Copy link
Contributor

@LMAX-iwnf LMAX-iwnf commented Jan 31, 2025
edited
Loading

Summary

Adding readonly permissions for services:
memoryDB
qbusiness
qconnect
qapps
resourcegroups
servicecatalogappregistry
oam
clouddirectory
optimizationhub
budgets
billingconsole

How did you test this change?

Applied to dev aws account and tested the permission in the iam policy simulator
image

Issue

https://lacework.atlassian.net/browse/RAIN-94335

@LMAX-iwnf
Add permissions for services:
e215409 
memoryDB
qbusiness
resourcegroups
servicecatalogappregistry
oam
clouddirectory
optimizationhub
budgets
billingconsole
@LMAX-iwnf LMAX-iwnf changed the title feat(RAIN-94281): Adding permission for terraform version 0.19.0 feat(RAIN-94335): Adding permission for terraform version 0.19.0 Jan 31, 2025
Sairam-Arpavur-Natarajan
Sairam-Arpavur-Natarajan reviewed Jan 31, 2025
View reviewed changes
main.tf
@@ -241,6 +241,30 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
]
resources = ["*"]
}

statement {
sid = "KINESISVIDEO"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It will be good to sort the API's so its easy cross reference it with the helm config for permission.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applicable for all the services added / modified.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All these APIs are actually sorted, just in the way that AWS returns. No idea what order they are in, but they should be in the same order as read-me is.

Sairam-Arpavur-Natarajan
Sairam-Arpavur-Natarajan reviewed Jan 31, 2025
View reviewed changes
main.tf

statement {
sid = "AMP"
actions = ["aps:ListScrapers",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It will be good to sort the API's so its easy cross reference it with the helm config for permission.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All these APIs are actually sorted, just in the way that AWS returns. No idea what order they are in, but they should be in the same order as read-me is.

Sairam-Arpavur-Natarajan
Sairam-Arpavur-Natarajan reviewed Jan 31, 2025
View reviewed changes
main.tf
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:DescribeImageGenerationConfiguration",
sid = "MEMORYDB"
actions = ["memorydb:DescribeMultiRegionClusters",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It will be good to sort the API's so its easy cross reference it with the helm config for permission.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All these APIs are actually sorted, just in the way that AWS returns. No idea what order they are in, but they should be in the same order as read-me is.

jjzhangjjzhang
jjzhangjjzhang approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@jjzhangjjzhang jjzhangjjzhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since it is not encouraged to use List*, describe*, etc.. we need to list each individual API as in this PR. Look good to me

@LMAX-iwnf LMAX-iwnf merged commit c944e62 into main Jan 31, 2025
11 checks passed
@LMAX-iwnf LMAX-iwnf deleted the Adding_service_perission_for_19_2025_feb branch January 31, 2025 21:23
@lacework-releng lacework-releng mentioned this pull request Jan 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sairam-Arpavur-Natarajan Sairam-Arpavur-Natarajan Sairam-Arpavur-Natarajan left review comments

@jjzhangjjzhang jjzhangjjzhang jjzhangjjzhang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LMAX-iwnf @jjzhangjjzhang @Sairam-Arpavur-Natarajan