This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
I've deployed this solution successfully using an AWSAdministrator role, however I'd like to create a new role with least-privileged access. Generating this using the access analyzer in a Control Tower account is very clunky, as it is necessary to grant cross-account access to cloudtrail logs in a different account. Can a sample IAM role be added to this repository?
Thanks for the enhancement request. We will add this to our backlog to be evaluated for future releases. In the mean time, you could create your custom IAM role in Cloudformation and follow the deployment steps in the readme as a current work around.
I've deployed this solution successfully using an AWSAdministrator role, however I'd like to create a new role with least-privileged access. Generating this using the access analyzer in a Control Tower account is very clunky, as it is necessary to grant cross-account access to cloudtrail logs in a different account. Can a sample IAM role be added to this repository?