cloudandthings / terraform-aws-clickops-notifier

Get notified when actions are taken in the AWS Console.
https://registry.terraform.io/modules/cloudandthings/clickops-notifier/aws/latest
MIT License
208 stars 17 forks source link

feat: exclude grafana login and support #68

Closed nitrocode closed 1 year ago

nitrocode commented 1 year ago

what

why

All the write perms for support according to policy_sentry

✗ policy_sentry query action-table --service support --access-level write
[
    "support:AddAttachmentsToSet",
    "support:AddCommunicationToCase",
    "support:CreateCase",
    "support:InitiateCallForCase",
    "support:InitiateChatForCase",
    "support:PutCaseAttributes",
    "support:RateCaseCommunication",
    "support:RefreshTrustedAdvisorCheck",
    "support:ResolveCase"
]
nitrocode commented 1 year ago

cc: @baolsen @phzietsman please review when time permits. For now, I have added these perms locally to excluded_scoped_actions using the APPEND mode

nitrocode commented 1 year ago

Also unsure if this is a feat or a fix. Please advise.

baolsen commented 1 year ago

Thanks for the contribution (and the other issues logged)!

The new exclusions seem reasonable to me, I'll merge them in as a fix and release (dont worry about renaming things I can do it on merge)

Please first merge master onto this branch (or rebase); I made a small change to allow the checks to work again :)

phzietsman commented 1 year ago

@nitrocode thanks for the contribution!