Merge pull request #13 from Levetty/feature/add-cspm

tsutsun17 · web-flow · commit 7de669c05283 · 2024-05-16T15:14:20.000+09:00
add: backupやesなどの権限追加
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ terraform aws module for cloudbase
 ```
 module "cloudbase" {
   source  = "Levetty/cloudbase/aws"
-  version = "0.9.0"
+  version = "0.10.0"
 
   external_id = "xxx" # required
   role_name   = "Cloudbase" # optional: default value is "Cloudbase"
@@ -26,7 +26,7 @@ module "cloudbase" {
 ```
 module "cloudbase" {
   source  = "Levetty/cloudbase/aws"
-  version = "0.9.0"
+  version = "0.10.0"
 
   external_id = "xxx" # required
   role_name   = "Cloudbase" # optional: default value is "Cloudbase"
@@ -43,7 +43,7 @@ module "cloudbase" {
 ```
 module "cloudbase" {
   source  = "Levetty/cloudbase/aws"
-  version = "0.9.0"
+  version = "0.10.0"
 
   external_id = "xxx" # required
   role_name   = "Cloudbase" # optional: default value is "Cloudbase"
diff --git a/policies/cspm_read.json b/policies/cspm_read.json
@@ -14,13 +14,18 @@
         "athena:GetQueryExecution",
         "athena:GetWorkGroup",
         "auditmanager:GetSettings",
+        "backup:GetBackupPlan",
+        "backup:GetBackupSelection",
         "backup:DescribeRegionSettings",
         "backup:ListBackupPlans",
         "backup:ListBackupVaults",
+        "backup:ListBackupSelections",
+        "backup:ListTags",
         "codeartifact:ListDomains",
         "codebuild:ListSourceCredentials",
         "codeconnections:ListConnections",
         "codepipeline:ListWebhooks",
+        "codepipeline:ListTagsForResource",
         "connect:ListInstances",
         "databrew:ListJobs",
         "dax:DescribeClusters",
@@ -32,6 +37,7 @@
         "elasticTranscoder:ListJobsByPipeline",
         "elasticfilesystem:DescribeAccessPoints",
         "elastictranscoder:ListPipelines",
+        "es:ListVpcEndpointAccess",
         "finspace:ListEnvironments",
         "forecast:ListDatasets",
         "forecast:ListForecastExportJobs",
@@ -104,12 +110,14 @@
         "timestream:DescribeEndpoints",
         "timestream:ListDatabases",
         "voiceid:ListDomains",
+        "waf-regional:GetRule",
         "waf-regional:GetLoggingConfiguration",
         "waf-regional:GetRuleGroup",
         "waf-regional:ListRateBasedRules",
         "waf-regional:ListRuleGroups",
         "waf-regional:ListRules",
         "waf:GetLoggingConfiguration",
+        "waf:GetRule",
         "waf:GetRuleGroup",
         "waf:ListRuleGroups",
         "waf:ListRules",
