xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: fine-grained billing access

Browse Source
This commit is contained in:
xpk 2023-07-17 21:48:16 +08:00
parent ab9634c895
commit 561904d529
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf
View File

@ -36,8 +36,6 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
{ {
"Action": [ "Action": [
"autoscaling:Describe*", "autoscaling:Describe*",
"aws-portal:ViewBilling",
"aws-portal:ViewUsage",
"cloudformation:ListStacks", "cloudformation:ListStacks",
"cloudformation:ListStackResources", "cloudformation:ListStackResources",
"cloudformation:DescribeStacks", "cloudformation:DescribeStacks",
@ -82,6 +80,7 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
"es:DescribeReservedElasticsearchInstances", "es:DescribeReservedElasticsearchInstances",
"firehose:ListDeliveryStreams", "firehose:ListDeliveryStreams",
"firehose:DescribeDeliveryStream", "firehose:DescribeDeliveryStream",
"fsx:Describe*",
"iam:List*", "iam:List*",
"iam:Get*", "iam:Get*",
"iam:GenerateCredentialReport", "iam:GenerateCredentialReport",
@ -92,6 +91,7 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
"kms:ListKeys", "kms:ListKeys",
"lambda:List*", "lambda:List*",
"logs:Describe*", "logs:Describe*",
"logs:List*",
"organizations:ListAccounts", "organizations:ListAccounts",
"organizations:ListTagsForResource", "organizations:ListTagsForResource",
"redshift:Describe*", "redshift:Describe*",
@ -123,7 +123,26 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
"sqs:ListQueues", "sqs:ListQueues",
"storagegateway:List*", "storagegateway:List*",
"storagegateway:Describe*", "storagegateway:Describe*",
"workspaces:Describe*" "workspaces:Describe*",
"account:Get*",
"billing:Get*",
"billing:List*",
"ce:Describe*",
"ce:Get*",
"ce:List*",
"consolidatedbilling:GetAccountBillingRole",
"consolidatedbilling:ListLinkedAccounts",
"cur:Get*",
"cur:ValidateReportDestination",
"freetier:Get*",
"invoicing:Get*",
"invoicing:List*",
"payments:Get*",
"payments:List*",
"purchase-orders:Get*",
"purchase-orders:List*",
"tax:Get*",
"tax:List*"
], ],
"Resource": "*", "Resource": "*",
"Effect": "Allow" "Effect": "Allow"