aws_iam_user_group_membership

JamesWoolfenden · Jan 30, 2023 · 5a86fe4 · 5a86fe4
1 parent 3695f37
commit 5a86fe4
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 24 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -398,6 +398,7 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 		"aws_applicationinsights_application":                awsApplicationinsightsApplication,
 		"aws_resourcegroups_group":                           awsResourcegroupsGroup,
 		"aws_s3_bucket_inventory":                            awsS3BucketInventory,
+		"aws_iam_user_group_membership":                      awsIamUserGroupMembership,
 	}
 
 	var Permissions []string

diff --git a/src/files.go b/src/files.go
@@ -1002,3 +1002,6 @@ var awsResourcegroupsGroup []byte
 
 //go:embed mapping/aws/resource/s3/aws_s3_bucket_inventory.json
 var awsS3BucketInventory []byte
+
+//go:embed mapping/aws/resource/iam/aws_iam_user_group_membership.json
+var awsIamUserGroupMembership []byte
diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf
@@ -7,8 +7,9 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          "s3:GetInventoryConfiguration",
-          "s3:PutInventoryConfiguration"
+          "iam:AddUserToGroup",
+          "iam:ListGroupsForUser",
+          "iam:RemoveUserFromGroup"
         ],
         "Resource" : "*",
       }

diff --git a/todo_aws.md b/todo_aws.md
@@ -240,37 +240,26 @@ aws_controltower_controls
 aws_cur_report_definition
 
 
-./resource.ps1 aws_wafv2_web_acl_association 
-./resource.ps1 aws_docdb_cluster 
-./resource.ps1 aws_docdb_cluster_instance 
-./resource.ps1 aws_docdb_cluster 
-./resource.ps1 aws_docdb_cluster_instance
 ./resource.ps1 aws_api_gateway_authorizer 
 ./resource.ps1 aws_cloudfront_origin_access_identity 
+./resource.ps1 aws_docdb_cluster 
+./resource.ps1 aws_docdb_cluster_instance
+./resource.ps1 aws_ec2_transit_gateway_vpc_attachment_accepter 
+./resource.ps1 aws_elasticache_user
+./resource.ps1 aws_elasticache_user_group
 ./resource.ps1 aws_lambda_invocation 
 ./resource.ps1 aws_msk_cluster 
-./resource.ps1 aws_ec2_transit_gateway_vpc_attachment_accepter 
-./resource.ps1 aws_vpc_endpoint_subnet_association 
-./resource.ps1 aws_vpc_endpoint_subnet_association 
-./resource.ps1 aws_elasticache_user 
-./resource.ps1 aws_elasticache_user_group 
-./resource.ps1 aws_elasticache_user 
-./resource.ps1 aws_elasticache_user_group 
 ./resource.ps1 aws_servicequotas_service_quota 
+./resource.ps1 aws_ses_configuration_set 
+./resource.ps1 aws_ses_domain_dkim 
 ./resource.ps1 aws_ses_domain_identity 
 ./resource.ps1 aws_ses_domain_identity_verification 
 ./resource.ps1 aws_ses_domain_mail_from 
-./resource.ps1 aws_ses_domain_dkim 
-./resource.ps1 aws_ses_configuration_set 
-./resource.ps1 aws_ses_event_destination 
-./resource.ps1 aws_ses_event_destination 
-./resource.ps1 aws_ses_event_destination 
-./resource.ps1 aws_ses_identity_notification_topic 
-./resource.ps1 aws_ses_identity_notification_topic 
-./resource.ps1 aws_iam_user_group_membership 
+./resource.ps1 aws_ses_event_destination
+./resource.ps1 aws_ses_identity_notification_topic
 ./resource.ps1 aws_transfer_server 
-./resource.ps1 aws_wafv2_web_acl_association 
-./resource.ps1 aws_wafv2_web_acl_association 
+./resource.ps1 aws_vpc_endpoint_subnet_association
+./resource.ps1 aws_wafv2_web_acl_association
 ./resource.ps1 aws_wafv2_web_acl_logging_configuration