Content Comparison

Post Deployment Permissions

6pillars-access
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:ListRules",
"states:StartExecution"

6pillars-drs-control-access
"ec2:DescribeInstances",
"drs:DescribeSourceServers",
"drs:GetReplicationConfiguration",
"drs:DescribeJobs",
"drs:DescribeRecoverySnapshots",
"drs:StartRecovery"

6pillars-read-only-access
"securityhub:UpdateStandardsControl",
"securityhub:DescribeStandardsControls",
"securityhub:GetEnabledStandards",
"securityhub:GetFindings",
"wellarchitected:CreateWorkload",
"wellarchitected:UpdateAnswer",
"wellarchitected:CreateMilestone",
"wellarchitected:DeleteWorkload",
"wellarchitected:List*",
"wellarchitected:Get*"

6pillars-security-hub-integration-access
"securityhub:EnableImportFindingsForProduct",
"securityhub:BatchImportFindings",
"securityhub:GetInsights",
"securityhub:ListMembers"

6pillars-support-control-access
"support:DescribeSeverityLevels",

Code Block

language	json

[
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "securityhub:UpdateStandardsControl",
                "securityhub:DescribeStandardsControls",
                "securityhub:GetEnabledStandards",
                "securityhub:GetFindings",
                "securityhub:ListMembers",
                "securityhub:ListStandardsControlAssociations",
                "securityhub:BatchUpdateStandardsControlAssociations"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "wellarchitected:CreateWorkload",
                "wellarchitected:UpdateAnswer",
                "wellarchitected:CreateMilestone",
                "wellarchitected:DeleteWorkload",
                "wellarchitected:List*",
                "wellarchitected:Get*"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "support:DescribeSeverityLevels",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudtrail:DescribeTrails",
                "sns:ListTopics",
                "sns:GetTopicAttributes"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "sns:Subscribe",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ssm:GetParameter",
                "ssm:PutParameter"
            ],
            "Resource": [
                "arn:aws:ssm:*:*:parameter/Solutions/SO0111/Metrics_LogGroupName",
                "arn:aws:ssm:*:*:parameter/Solutions/SO0111/SNS_Topic_CIS3.x"
            ],
            "Effect": "Allow"
        },
        {
            "Action": "cloudtrail:UpdateTrail",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::*:role/SO0111-CloudTrailToCloudWatchLogs",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:ListRolePolicies",
                "iam:GetRolePolicy"
            ],
            "Resource": [
                "arn:aws:iam::*:role/SixPillarsEnableGuardDutyRole",
                "arn:aws:iam::*:role/SixPillarsEnableMacieRole",
                "arn:aws:iam::*:role/SixPillarsEnableInspectorRole"
            ],
            "Effect": "Allow"
        }
    ]
}
]

Version	Old Version 2	New Version Current
Changes made by	Paul Tompkins (Unlicensed)	6pillars
Saved on	Jun 05, 2024	Mar 17, 2025

Versions Compared

Key