Merge pull request #187 from JupiterOne/update-documentation-1.319.0

Author: i5o

cloudformation/iam-cloudformation-detailed/cloudformation-template.json

@@ -146,6 +146,8 @@
                 "ec2:DescribeTransitGatewayVpcAttachments",
                 "ec2:DescribeVolumes",
                 "ec2:DescribeVpcEndpoints",
+                "ec2:DescribeVpcEndpointServicePermissions",
+                "ec2:DescribeVpcEndpointServices",
                 "ec2:DescribeVpcPeeringConnections",
                 "ec2:DescribeVpcs",
                 "ec2:DescribeVpnConnections",
@@ -243,10 +245,7 @@
                 "iam:ListAccessKeys",
                 "iam:ListAccountAliases",
                 "iam:ListEntitiesForPolicy",
-                "iam:ListGroupPolicies",
-                "iam:ListGroups",
-                "iam:ListInstanceProfiles",
-                "iam:ListMFADevices"
+                "iam:ListGroupPolicies"
               ]
             }
           ]
@@ -266,6 +265,9 @@
               "Effect": "Allow",
               "Resource": "*",
               "Action": [
+                "iam:ListGroups",
+                "iam:ListInstanceProfiles",
+                "iam:ListMFADevices",
                 "iam:ListOpenIDConnectProviders",
                 "iam:ListOpenIDConnectProviderTags",
                 "iam:ListPolicies",

cloudformation/iam-cloudformation-detailed/managed-policy.md

@@ -109,6 +109,8 @@
         "ec2:DescribeTransitGatewayVpcAttachments",
         "ec2:DescribeVolumes",
         "ec2:DescribeVpcEndpoints",
+        "ec2:DescribeVpcEndpointServicePermissions",
+        "ec2:DescribeVpcEndpointServices",
         "ec2:DescribeVpcPeeringConnections",
         "ec2:DescribeVpcs",
         "ec2:DescribeVpnConnections",
@@ -206,10 +208,7 @@
         "iam:ListAccessKeys",
         "iam:ListAccountAliases",
         "iam:ListEntitiesForPolicy",
-        "iam:ListGroupPolicies",
-        "iam:ListGroups",
-        "iam:ListInstanceProfiles",
-        "iam:ListMFADevices"
+        "iam:ListGroupPolicies"
       ]
     }
   ]
@@ -226,6 +225,9 @@
       "Effect": "Allow",
       "Resource": "*",
       "Action": [
+        "iam:ListGroups",
+        "iam:ListInstanceProfiles",
+        "iam:ListMFADevices",
         "iam:ListOpenIDConnectProviders",
         "iam:ListOpenIDConnectProviderTags",
         "iam:ListPolicies",

cloudformation/iam-cloudformation-detailed/terraform.tf

@@ -135,6 +135,8 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy" {
         "ec2:DescribeTransitGatewayVpcAttachments",
         "ec2:DescribeVolumes",
         "ec2:DescribeVpcEndpoints",
+        "ec2:DescribeVpcEndpointServicePermissions",
+        "ec2:DescribeVpcEndpointServices",
         "ec2:DescribeVpcPeeringConnections",
         "ec2:DescribeVpcs",
         "ec2:DescribeVpnConnections",
@@ -232,10 +234,7 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy" {
         "iam:ListAccessKeys",
         "iam:ListAccountAliases",
         "iam:ListEntitiesForPolicy",
-        "iam:ListGroupPolicies",
-        "iam:ListGroups",
-        "iam:ListInstanceProfiles",
-        "iam:ListMFADevices"
+        "iam:ListGroupPolicies"
       ]
     }
   ]
@@ -257,6 +256,9 @@ resource "aws_iam_policy" "jupiterone_security_audit_policy_2" {
       "Effect": "Allow",
       "Resource": "*",
       "Action": [
+        "iam:ListGroups",
+        "iam:ListInstanceProfiles",
+        "iam:ListMFADevices",
         "iam:ListOpenIDConnectProviders",
         "iam:ListOpenIDConnectProviderTags",
         "iam:ListPolicies",