Versions Compared

Version Old Version 4 New Version 5
Changes made by

Paul Tompkins (Unlicensed)

Paul Tompkins (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

As part of the SaaS deployment, AUTOMATE+ streamlines the enablement and configuration of a number of native AWS services, detailed here.

...


The deployment permissions are unique depending on if you are deployment AUTOMATE (read only) or AUTOMATE+ (continuous compliance).

AUTOMATE+ (with remediation functionality)

6pillars-access
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:ListRules",
"states:StartExecution"

6pillars-drs-control-access
"ec2:DescribeInstances",
"drs:DescribeSourceServers",
"drs:GetReplicationConfiguration",
"drs:DescribeJobs",
"drs:DescribeRecoverySnapshots",
"drs:StartRecovery"

6pillars-read-only-access
"securityhub:UpdateStandardsControl",
"securityhub:DescribeStandardsControls",
"securityhub:GetEnabledStandards",
"securityhub:GetFindings",
"wellarchitected:CreateWorkload",
"wellarchitected:UpdateAnswer",
"wellarchitected:CreateMilestone",
"wellarchitected:DeleteWorkload",
"wellarchitected:List*",
"wellarchitected:Get*"

6pillars-security-hub-integration-access
"securityhub:EnableImportFindingsForProduct",
"securityhub:BatchImportFindings",
"securityhub:GetInsights",
"securityhub:ListMembers"

6pillars-support-control-access
"support:DescribeSeverityLevels",

AUTOMATE+ (with remediation functionality)

6pillars-access
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:ListRules",
"states:StartExecution"

...