Closed mdupras closed 10 months ago
Hello,
I believe the missing permissions are now added to the role, therefore I'll close this issue. I also wanted to point out that most of these permissions are used by our crawlers to audit an AWS account and are part of the AWS SecurityAudit policy. We require to attach this policy to the integration role in order to use most of our security products (documentation). Let us know if you a similar issue reoccurs
Expected Behavior
When we install the Datadog CloudFormation template, we don't have to add more roles to the datadog policy.
Actual Behavior
We have to manually add some missing permissions.
Steps to Reproduce the Problem
Specifications
Stacktrace
I have bunch of error, but to get a sample :
Solution
Add the missing permissions to this file : https://github.com/DataDog/cloudformation-template/blob/master/aws/datadog_integration_role.yaml#L96
So far I've seen the template is missing the following permissions:
kms:GetKeyRotationStatus
s3:GetAccountPublicAccessBlock
s3:GetBucketPolicyStatus
s3:GetBucketEncryption
s3:GetBucketAcl
s3:GetBucketPublicAccessBlock
s3:GetBucketVersioning
sns:GetTopicAttributes
iam:GetAccountPasswordPolicy
iam:GetLoginProfile
iam:ListAttachedRolePolicies
support:RefreshTrustedAdvisorCheck