From 5a86fe449f4bb4cfa4e2e636c073460a80c37e8a Mon Sep 17 00:00:00 2001 From: James Woolfenden Date: Mon, 30 Jan 2023 12:22:29 +0000 Subject: [PATCH] aws_iam_user_group_membership --- src/aws.go | 1 + src/files.go | 3 ++ terraform/aws/role/aws_iam_policy.basic.tf | 5 ++-- todo_aws.md | 33 ++++++++-------------- 4 files changed, 18 insertions(+), 24 deletions(-) diff --git a/src/aws.go b/src/aws.go index ebb8ab2c..6533013a 100644 --- a/src/aws.go +++ b/src/aws.go @@ -398,6 +398,7 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) { "aws_applicationinsights_application": awsApplicationinsightsApplication, "aws_resourcegroups_group": awsResourcegroupsGroup, "aws_s3_bucket_inventory": awsS3BucketInventory, + "aws_iam_user_group_membership": awsIamUserGroupMembership, } var Permissions []string diff --git a/src/files.go b/src/files.go index 90ed0193..2b4dbb20 100644 --- a/src/files.go +++ b/src/files.go @@ -1002,3 +1002,6 @@ var awsResourcegroupsGroup []byte //go:embed mapping/aws/resource/s3/aws_s3_bucket_inventory.json var awsS3BucketInventory []byte + +//go:embed mapping/aws/resource/iam/aws_iam_user_group_membership.json +var awsIamUserGroupMembership []byte diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index 41d56764..74fad173 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,8 +7,9 @@ resource "aws_iam_policy" "basic" { "Sid" : "0", "Effect" : "Allow", "Action" : [ - "s3:GetInventoryConfiguration", - "s3:PutInventoryConfiguration" + "iam:AddUserToGroup", + "iam:ListGroupsForUser", + "iam:RemoveUserFromGroup" ], "Resource" : "*", } diff --git a/todo_aws.md b/todo_aws.md index 627185ec..f4695103 100644 --- a/todo_aws.md +++ b/todo_aws.md @@ -240,37 +240,26 @@ aws_controltower_controls aws_cur_report_definition -./resource.ps1 aws_wafv2_web_acl_association -./resource.ps1 aws_docdb_cluster -./resource.ps1 aws_docdb_cluster_instance -./resource.ps1 aws_docdb_cluster -./resource.ps1 aws_docdb_cluster_instance ./resource.ps1 aws_api_gateway_authorizer ./resource.ps1 aws_cloudfront_origin_access_identity +./resource.ps1 aws_docdb_cluster +./resource.ps1 aws_docdb_cluster_instance +./resource.ps1 aws_ec2_transit_gateway_vpc_attachment_accepter +./resource.ps1 aws_elasticache_user +./resource.ps1 aws_elasticache_user_group ./resource.ps1 aws_lambda_invocation ./resource.ps1 aws_msk_cluster -./resource.ps1 aws_ec2_transit_gateway_vpc_attachment_accepter -./resource.ps1 aws_vpc_endpoint_subnet_association -./resource.ps1 aws_vpc_endpoint_subnet_association -./resource.ps1 aws_elasticache_user -./resource.ps1 aws_elasticache_user_group -./resource.ps1 aws_elasticache_user -./resource.ps1 aws_elasticache_user_group ./resource.ps1 aws_servicequotas_service_quota +./resource.ps1 aws_ses_configuration_set +./resource.ps1 aws_ses_domain_dkim ./resource.ps1 aws_ses_domain_identity ./resource.ps1 aws_ses_domain_identity_verification ./resource.ps1 aws_ses_domain_mail_from -./resource.ps1 aws_ses_domain_dkim -./resource.ps1 aws_ses_configuration_set -./resource.ps1 aws_ses_event_destination -./resource.ps1 aws_ses_event_destination -./resource.ps1 aws_ses_event_destination -./resource.ps1 aws_ses_identity_notification_topic -./resource.ps1 aws_ses_identity_notification_topic -./resource.ps1 aws_iam_user_group_membership +./resource.ps1 aws_ses_event_destination +./resource.ps1 aws_ses_identity_notification_topic ./resource.ps1 aws_transfer_server -./resource.ps1 aws_wafv2_web_acl_association -./resource.ps1 aws_wafv2_web_acl_association +./resource.ps1 aws_vpc_endpoint_subnet_association +./resource.ps1 aws_wafv2_web_acl_association ./resource.ps1 aws_wafv2_web_acl_logging_configuration