Skip to content

Commit

Permalink
fix s3 bucket tag perms
Browse files Browse the repository at this point in the history
  • Loading branch information
@JamesWoolfenden
JamesWoolfenden committed Nov 7, 2024
1 parent 1dcf2df commit fd33649
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 50 deletions.
7 changes: 4 additions & 3 deletions src/coverage/aws.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# todo aws
# todo aws

Resource percentage coverage 73.70
Datasource percentage coverage 100.00
Resource percentage coverage 73.70
Datasource percentage coverage 99.82

./resource.ps1 aws_amplify_backend_environment
./resource.ps1 aws_amplify_webhook
Expand Down Expand Up @@ -382,3 +382,4 @@ Datasource percentage coverage 100.00
./resource.ps1 aws_wafregional_web_acl_association
./resource.ps1 aws_worklink_fleet
./resource.ps1 aws_worklink_website_certificate_authority_association
./resource.ps1 aws_spot_datafeed_subscription -type data
11 changes: 8 additions & 3 deletions src/coverage/azure.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# todo azure
# todo azure

Resource percentage coverage 4.66
Datasource percentage coverage 36.20
Resource percentage coverage 4.64
Datasource percentage coverage 36.20

./resource.ps1 azurerm_aadb2c_directory
./resource.ps1 azurerm_active_directory_domain_service
Expand Down Expand Up @@ -229,6 +229,7 @@ Datasource percentage coverage 36.20
./resource.ps1 azurerm_custom_provider
./resource.ps1 azurerm_dashboard
./resource.ps1 azurerm_dashboard_grafana
./resource.ps1 azurerm_dashboard_grafana_managed_private_endpoint
./resource.ps1 azurerm_data_factory
./resource.ps1 azurerm_data_factory_credential_service_principal
./resource.ps1 azurerm_data_factory_credential_user_managed_identity
Expand Down Expand Up @@ -281,6 +282,7 @@ Datasource percentage coverage 36.20
./resource.ps1 azurerm_data_protection_backup_instance_blob_storage
./resource.ps1 azurerm_data_protection_backup_instance_disk
./resource.ps1 azurerm_data_protection_backup_instance_kubernetes_cluster
./resource.ps1 azurerm_data_protection_backup_instance_mysql_flexible_server
./resource.ps1 azurerm_data_protection_backup_instance_postgresql
./resource.ps1 azurerm_data_protection_backup_instance_postgresql_flexible_server
./resource.ps1 azurerm_data_protection_backup_policy_blob_storage
Expand Down Expand Up @@ -545,6 +547,7 @@ Datasource percentage coverage 36.20
./resource.ps1 azurerm_mobile_network_sim_policy
./resource.ps1 azurerm_mobile_network_site
./resource.ps1 azurerm_mobile_network_slice
./resource.ps1 azurerm_mongo_cluster
./resource.ps1 azurerm_monitor_aad_diagnostic_setting
./resource.ps1 azurerm_monitor_action_group
./resource.ps1 azurerm_monitor_activity_log_alert
Expand Down Expand Up @@ -858,6 +861,8 @@ Datasource percentage coverage 36.20
./resource.ps1 azurerm_static_web_app_custom_domain
./resource.ps1 azurerm_static_web_app_function_app_registration
./resource.ps1 azurerm_storage_account_local_user
./resource.ps1 azurerm_storage_account_queue_properties
./resource.ps1 azurerm_storage_account_static_website
./resource.ps1 azurerm_storage_blob
./resource.ps1 azurerm_storage_blob_inventory_policy
./resource.ps1 azurerm_storage_container_immutability_policy
Expand Down
12 changes: 9 additions & 3 deletions src/coverage/google.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# todo google
# todo google

Resource percentage coverage 19.34
Datasource percentage coverage 75.94
Resource percentage coverage 19.25
Datasource percentage coverage 75.70

./resource.ps1 google_access_context_manager_access_level_condition
./resource.ps1 google_access_context_manager_service_perimeter_dry_run_egress_policy
Expand Down Expand Up @@ -49,6 +49,8 @@ Datasource percentage coverage 75.94
./resource.ps1 google_apphub_workload
./resource.ps1 google_artifact_registry_vpcsc_config
./resource.ps1 google_assured_workloads_workload
./resource.ps1 google_backup_dr_backup_plan
./resource.ps1 google_backup_dr_backup_plan_association
./resource.ps1 google_backup_dr_backup_vault
./resource.ps1 google_backup_dr_management_server
./resource.ps1 google_beyondcorp_app_connection
Expand Down Expand Up @@ -355,6 +357,7 @@ Datasource percentage coverage 75.94
./resource.ps1 google_dataproc_cluster_iam_binding
./resource.ps1 google_dataproc_cluster_iam_member
./resource.ps1 google_dataproc_cluster_iam_policy
./resource.ps1 google_dataproc_gdc_application_environment
./resource.ps1 google_dataproc_gdc_service_instance
./resource.ps1 google_dataproc_job
./resource.ps1 google_dataproc_job_iam_binding
Expand Down Expand Up @@ -497,6 +500,7 @@ Datasource percentage coverage 75.94
./resource.ps1 google_healthcare_workspace
./resource.ps1 google_iam_access_boundary_policy
./resource.ps1 google_iam_deny_policy
./resource.ps1 google_iam_principal_access_boundary_policy
./resource.ps1 google_iam_workforce_pool
./resource.ps1 google_iam_workforce_pool_provider
./resource.ps1 google_iam_workload_identity_pool
Expand Down Expand Up @@ -615,6 +619,7 @@ Datasource percentage coverage 75.94
./resource.ps1 google_network_connectivity_regional_endpoint
./resource.ps1 google_network_connectivity_service_connection_policy
./resource.ps1 google_network_connectivity_spoke
./resource.ps1 google_network_management_vpc_flow_logs_config
./resource.ps1 google_network_security_address_group
./resource.ps1 google_network_security_address_group_iam_binding
./resource.ps1 google_network_security_address_group_iam_member
Expand Down Expand Up @@ -817,6 +822,7 @@ Datasource percentage coverage 75.94
./resource.ps1 google_apphub_discovered_workload -type data
./resource.ps1 google_artifact_registry_docker_image -type data
./resource.ps1 google_artifact_registry_locations -type data
./resource.ps1 google_backup_dr_backup_plan_association -type data
./resource.ps1 google_bigquery_tables -type data
./resource.ps1 google_certificate_manager_certificates -type data
./resource.ps1 google_cloud_identity_group_transitive_memberships -type data
Expand Down
82 changes: 41 additions & 41 deletions src/mapping/aws/resource/s3/aws_s3_bucket.json
View file
Original file line number Diff line number Diff line change
@@ -1,41 +1,41 @@
[
{
"apply": [
"s3:DeleteBucket",
"s3:CreateBucket"
],
"attributes": {
"object_lock_enabled": [
"s3:GetBucketObjectLockConfiguration",
"s3:PutBucketObjectLockConfiguration",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObject"
],
"tag": [
"s3:PutBucketTagging"
]
},
"destroy": [
"s3:DeleteBucket"
],
"plan": [
"s3:GetLifecycleConfiguration",
"s3:GetBucketTagging",
"s3:GetBucketWebsite",
"s3:GetBucketLogging",
"s3:ListBucket",
"s3:GetAccelerateConfiguration",
"s3:GetBucketVersioning",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetReplicationConfiguration",
"s3:GetBucketObjectLockConfiguration",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetEncryptionConfiguration",
"s3:GetBucketRequestPayment",
"s3:GetBucketCORS"
]
}
]
[
{
"apply": [
"s3:DeleteBucket",
"s3:CreateBucket"
],
"attributes": {
"object_lock_enabled": [
"s3:GetBucketObjectLockConfiguration",
"s3:PutBucketObjectLockConfiguration",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObject"
],
"tags": [
"s3:PutBucketTagging"
]
},
"destroy": [
"s3:DeleteBucket"
],
"plan": [
"s3:GetLifecycleConfiguration",
"s3:GetBucketTagging",
"s3:GetBucketWebsite",
"s3:GetBucketLogging",
"s3:ListBucket",
"s3:GetAccelerateConfiguration",
"s3:GetBucketVersioning",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetReplicationConfiguration",
"s3:GetBucketObjectLockConfiguration",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetEncryptionConfiguration",
"s3:GetBucketRequestPayment",
"s3:GetBucketCORS"
]
}
]

0 comments on commit fd33649

Please sign in to comment.