IAM permissions

[akobir-arc]

hi @csepulveda thank you for starting this project, look forward to contributing where I can. I've hit the following error when using IRSA:

2024/10/23 21:48:08 Error importing findings to Security Hub: error importing findings to Security Hub: operation error SecurityHub: BatchImportFindings, https response error StatusCode: 403, RequestID: d4b23db7-db3d-4c8e-8026-b12149c7409b, api error AccessDeniedException: User: arn:aws:sts::<redacted>:assumed-role/trivy-operator-security-usw2/1729720088282019797 is not authorized to perform: securityhub:BatchImportFindings on resource: arn:aws:securityhub:us-west-2::product/aquasecurity/aquasecurity

For testing I've allowed the trivy-operator-security-usw2 role:

        {
            "Action": "securityhub:*",
            "Effect": "Allow",
            "Resource": "*"
        }

thoughts?

[akobir-arc]

missed this step:

aws securityhub enable-import-findings-for-product --product-arn arn:aws:securityhub:us-west-2::product/aquasecurity/aquasecurity