Versions Compared

Version Old Version 4 New Version Current
Changes made by

6pillars

6pillars

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Post Deployment Permissions

Code Block
languagejson
[
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "securityhub:UpdateStandardsControl",
                "securityhub:DescribeStandardsControls",
                "securityhub:GetEnabledStandards",
                "securityhub:GetFindings",
                "securityhub:ListMembers",
                "securityhub:ListStandardsControlAssociations",
                "securityhub:BatchUpdateStandardsControlAssociations"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "wellarchitected:CreateWorkload",
                "wellarchitected:UpdateAnswer",
                "wellarchitected:CreateMilestone",
                "wellarchitected:DeleteWorkload",
                "wellarchitected:List*",
                "wellarchitected:Get*"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "support:DescribeSeverityLevels",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudtrail:DescribeTrails",
                "sns:ListTopics",
                "sns:GetTopicAttributes"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "sns:Subscribe",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ssm:GetParameter",
                "ssm:PutParameter"
            ],
            "Resource": [
                "arn:aws:ssm:*:*:parameter/Solutions/SO0111/Metrics_LogGroupName",
                "arn:aws:ssm:*:*:parameter/Solutions/SO0111/SNS_Topic_CIS3.x"
            ],
            "Effect": "Allow"
        },
        {
            "Action": "cloudtrail:UpdateTrail",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::*:role/SO0111-CloudTrailToCloudWatchLogs",
            "Effect": "Allow"
        }
    ]
},
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:ListRolePolicies",
                "iam:GetRolePolicy"
            ],
            "Resource": [
                "arn:aws:iam::*:role/SixPillarsEnableGuardDutyRole",
                "arn:aws:iam::*:role/SixPillarsEnableMacieRole",
                "arn:aws:iam::*:role/SixPillarsEnableInspectorRole"
            ],
            "Effect": "Allow"
        }
    ]
}
]