search

lacework / terraform-aws-agentless-scanning

Terraform module for configuring an integration with Lacework and AWS for agentless scanning
MIT License
4 stars 9 forks source link

fix: Scope down create tag permissions #108

Closed jacobkilby closed 11 months ago

jacobkilby commented 11 months ago

Summary

This fixes https://lacework.atlassian.net/browse/RAIN-75027. This changes our terraform to follow best practices and further scope down the permission KmsGrant to only allow use on AWS resources.

Issue https://lacework.atlassian.net/browse/RAIN-75027

How did you test this change?

How did you test this change? I made this change in a local version of our Terraform provider and created a new agentless integration with it, confirming that scans still run and succeed as expected.

Issue

https://lacework.atlassian.net/browse/RAIN-75027

theopolis commented 11 months ago

I have this change deployed and I am running several end to end automated tests to build more confidence.