Skip to content

Commit

Permalink
Add AWS permission for sesv2 APIS
Browse files Browse the repository at this point in the history
  • Loading branch information
@LMAX-iwnf
LMAX-iwnf committed Nov 6, 2024
1 parent 50c06a7 commit 0095691
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 4 deletions.
27 changes: 24 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@

# terraform-aws-config

[![GitHub release](https://img.shields.io/github/release/lacework/terraform-aws-config.svg)](https://github.com/lacework/terraform-aws-config/releases/)
[![GitHub release](https://img.shields.io/github/release/lacework/terraform-aws-config.svg)](https://github.com/lacework/terraform-aws-config/relea ses/)
[![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/lacework/terraform-modules%2Ftest-compatibility?type=cf-1&key=eyJhbGciOiJIUzI1NiJ9.NWVmNTAxOGU4Y2FjOGQzYTkxYjg3ZDEx.RJ3DEzWmBXrJX7m38iExJ_ntGv4_Ip8VTa-an8gBwBo)]( https://g.codefresh.io/pipelines/edit/new/builds?id=607e25e6728f5a6fba30431b&pipeline=test-compatibility&projects=terraform-modules&projectId=607db54b728f5a5f8930405d)

Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration assessment.
Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration as sessment.

<!-- BEGIN_TF_DOCS -->
## Requirements
Expand Down Expand Up @@ -118,4 +118,25 @@ The audit policy is comprised of the following permissions:
| | codebuild:BatchGetBuilds | |
| SNS | sns:GetDataProtectionPolicy | * |
| | sns:ListPlatformApplications | |
| | sns:GetSubscriptionAttributes | |
| | sns:GetSubscriptionAttributes | |
| SES | ses:ListContactLists | * |
| | ses:GetContactList | |
| | ses:ListContacts | |
| | ses:GetContact | |
| | ses:ListCustomVerificationEmailTemplates | |
| | ses:GetCustomVerificationEmailTemplate | |
| | ses:GetDedicatedIpPool | |
| | ses:GetBlacklistReports | |
| | ses:GetDedicatedIp | |
| | ses:ListDeliverabilityTestReports | |
| | ses:GetDeliverabilityTestReport | |
| | ses:ListEmailIdentities | |
| | ses:GetEmailIdentity | |
| | ses:GetEmailIdentityPolicies | |
| | ses:ListEmailTemplates | |
| | ses:GetEmailTemplate | |
| | ses:ListImportJobs | |
| | ses:GetImportJob | |
| | ses:ListRecommendations | |
| | ses:ListSuppressedDestinations | |
| | ses:GetSuppressedDestination | |
29 changes: 28 additions & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
actions = ["glacier:ListTagsForVault"]
resources = ["*"]
}

statement {
sid = "WAFREGIONAL"
actions = ["waf-regional:ListRules",
Expand Down Expand Up @@ -155,6 +155,33 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
actions = ["states:ListTagsForResource"]
resources = ["*"]
}

statement {
sid = "SES"
actions = ["ses:ListContactLists",
"ses:GetContactList",
"ses:ListContacts",
"ses:GetContact",
"ses:ListCustomVerificationEmailTemplates",
"ses:GetCustomVerificationEmailTemplate",
"ses:GetDedicatedIpPool",
"ses:GetBlacklistReports",
"ses:GetDedicatedIp",
"ses:ListDeliverabilityTestReports",
"ses:GetDeliverabilityTestReport",
"ses:ListEmailIdentities",
"ses:GetEmailIdentity",
"ses:GetEmailIdentityPolicies",
"ses:ListEmailTemplates",
"ses:GetEmailTemplate",
"ses:ListImportJobs",
"ses:GetImportJob",
"ses:ListRecommendations",
"ses:ListSuppressedDestinations",
"ses:GetSuppressedDestination",
]
resources = ["*"]
}
}

resource "aws_iam_policy" "lacework_audit_policy" {
Expand Down

0 comments on commit 0095691

Please sign in to comment.