Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(RAIN-90870): Add permission for five waf-regional APIs #83

Merged
merged 6 commits into from
Nov 15, 2023
Merged

feat(RAIN-90870): Add permission for five waf-regional APIs #83

merged 6 commits into from
Nov 15, 2023

Conversation

jjzhangjjzhang
Copy link
Contributor

@jjzhangjjzhang jjzhangjjzhang commented Nov 9, 2023
edited
Loading

Summary

AWS securityaudit policy doesn't have permission for these five waf APIs, we need these APIs in link ticket https://lacework.atlassian.net/browse/RAIN-90597

How did you test this change?

Without this PR and the terraform apply, we see errors like

17:04:46.545 dev8.k8s.local aws-cfg-collector-shard-default 2023-11-10 01:04:46.545 +0000  ERROR    [pid: 23238] [ThreadPoolExecutor-1_0] pyservicecrawler.crawlers - envGuid="DEV8_B895FFBB65A0D5A2E543F62A2CB3CD9343293637C75D5C9BA80", startTime="1699585380000", assignmentSerial="00000475-of-00001853", msg="Exceptions were seen when fetching page with the message:", error_msg="An error occurred (AccessDeniedException) when calling the ListRules operation (reached max retries: 0): User: arn:aws:sts::631664038012:assumed-role/madroxqan-laceworkcwssarole/LACEWORK-CFG-external is not authorized to perform: waf-regional:ListRules on resource: arn:aws:waf-regional:eu-south-1:631664038012:rule/* because no identity-based policy allows the waf-regional:ListRules action", service="waf-regional", method_name="list_rules"

With this PR and terraform apply, the error is gone.

Issue

@jjzhangjjzhang jjzhangjjzhang changed the title Add permission for 5 waf-regional APIs feat(RAIN-90870): Add permission for five waf-regional APIs Nov 10, 2023
@jjzhangjjzhang jjzhangjjzhang marked this pull request as ready for review November 10, 2023 01:14
@jjzhangjjzhang jjzhangjjzhang merged commit b868fe3 into main Nov 15, 2023
2 checks passed
@jjzhangjjzhang jjzhangjjzhang deleted the wafRegionalPermission branch November 15, 2023 21:28
@lacework-releng lacework-releng mentioned this pull request Jan 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmurray-lacework dmurray-lacework dmurray-lacework approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jjzhangjjzhang @dmurray-lacework