diff --git a/modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf b/modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf index 13e4674..90d1024 100644 --- a/modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf +++ b/modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf @@ -36,8 +36,6 @@ resource "aws_iam_policy" "CloudHealth-Policy" { { "Action": [ "autoscaling:Describe*", - "aws-portal:ViewBilling", - "aws-portal:ViewUsage", "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudformation:DescribeStacks", @@ -82,6 +80,7 @@ resource "aws_iam_policy" "CloudHealth-Policy" { "es:DescribeReservedElasticsearchInstances", "firehose:ListDeliveryStreams", "firehose:DescribeDeliveryStream", + "fsx:Describe*", "iam:List*", "iam:Get*", "iam:GenerateCredentialReport", @@ -92,6 +91,7 @@ resource "aws_iam_policy" "CloudHealth-Policy" { "kms:ListKeys", "lambda:List*", "logs:Describe*", + "logs:List*", "organizations:ListAccounts", "organizations:ListTagsForResource", "redshift:Describe*", @@ -123,7 +123,26 @@ resource "aws_iam_policy" "CloudHealth-Policy" { "sqs:ListQueues", "storagegateway:List*", "storagegateway:Describe*", - "workspaces:Describe*" + "workspaces:Describe*", + "account:Get*", + "billing:Get*", + "billing:List*", + "ce:Describe*", + "ce:Get*", + "ce:List*", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cur:Get*", + "cur:ValidateReportDestination", + "freetier:Get*", + "invoicing:Get*", + "invoicing:List*", + "payments:Get*", + "payments:List*", + "purchase-orders:Get*", + "purchase-orders:List*", + "tax:Get*", + "tax:List*" ], "Resource": "*", "Effect": "Allow"