flexera-public · XOmniverse · Mar 28, 2024 · Mar 28, 2024 · Mar 28, 2024 · Mar 28, 2024
@@ -0,0 +1,45 @@
+name: Generate Meta Parent Policy Templates
+
+on:
+  # Trigger this workflow on pushes to master
+  push:
+    branches:
+      - master
+
+  # Workflow dispatch trigger allows manually running workflow
+  workflow_dispatch:
+    branches:
+      - master
+
+jobs:
+  meta-parent-policy-templates:
+    name: "Generate AWS CloudFormation Template"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # Speed up checkout by not fetching history
+
+      - uses: ruby/setup-ruby@v1
+
+      - name: Generate AWS CloudFormation Template
+        working-directory: tools/cloudformation-template
+        run: |
+          ruby aws_cft_generator.rb
+
+      - name: Create Pull Request
+        id: cpr
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: "Update AWS CloudFormation Template"
+          title: "Update AWS CloudFormation Template"
+          body: "Update AWS CloudFormation Template from GitHub Actions Workflow [${{ github.workflow }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})"
+          branch: "task/update-aws-cloudformation-template"
+          delete-branch: true
+          labels: "automation"
+
+      - name: Check outputs
+        if: ${{ steps.cpr.outputs.pull-request-number }}
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
@@ -585,6 +585,9 @@ FSM
 ByteCount
 PacketCount
 balancers
+OUs
+README
+readme
 backfill
 FNMS
 CBI

@@ -52,7 +52,7 @@ This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Auto
   - `ec2:DescribeRegions`
   - `tag:GetResources`
   - `tag:TagResources`*
-  - `organizations:TagResources`*
+  - `organizations:TagResource`*
 
   \* Only required for taking action (adding tags); the policy will still function in a read-only capacity without these permissions.
 
@@ -69,7 +69,7 @@ This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Auto
                   "ec2:DescribeRegions",
                   "tag:GetResources",
                   "tag:TagResources",
-                  "organizations:TagResources"
+                  "organizations:TagResource"
               ],
               "Resource": "*"
           }

@@ -36,7 +36,7 @@ For administrators [creating and managing credentials](https://docs.flexera.com/
   - `s3:ListAllMyBuckets`
   - `s3:GetBucketLocation`
   - `s3:GetBucketTagging`
-  - `s3:GetBucketIntelligentTieringConfiguration`
+  - `s3:GetIntelligentTieringConfiguration`
   - `sts:GetCallerIdentity`
 
   Example IAM Permission Policy:
@@ -51,7 +51,7 @@ For administrators [creating and managing credentials](https://docs.flexera.com/
                   "s3:ListAllMyBuckets",
                   "s3:GetBucketLocation",
                   "s3:GetBucketTagging",
-                  "s3:GetBucketIntelligentTieringConfiguration",
+                  "s3:GetIntelligentTieringConfiguration",
                   "sts:GetCallerIdentity"
               ],
               "Resource": "*"

@@ -650,7 +650,7 @@
               "description": "Only required for taking action (adding tags); the policy will still function in a read-only capacity without these permissions."
             },
             {
-              "name": "organizations:TagResources",
+              "name": "organizations:TagResource",
               "read_only": false,
               "required": false,
               "description": "Only required for taking action (adding tags); the policy will still function in a read-only capacity without these permissions."
@@ -2510,7 +2510,7 @@
               "required": true
             },
             {
-              "name": "s3:GetBucketIntelligentTieringConfiguration",
+              "name": "s3:GetIntelligentTieringConfiguration",
               "read_only": true,
               "required": true
             },
@@ -2821,72 +2821,6 @@
         }
       ]
     },
-    {
-      "id": "./cost/aws/superseded_instances/aws_superseded_instances.pt",
-      "name": "AWS Superseded EC2 Instances",
-      "version": "2.3.0",
-      "providers": [
-        {
-          "name": "aws",
-          "permissions": [
-            {
-              "name": "ec2:DescribeRegions",
-              "read_only": true,
-              "required": true
-            },
-            {
-              "name": "ec2:DescribeInstances",
-              "read_only": true,
-              "required": true
-            },
-            {
-              "name": "ec2:DescribeInstanceStatus",
-              "read_only": false,
-              "required": false,
-              "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions."
-            },
-            {
-              "name": "ec2:DescribeTags",
-              "read_only": true,
-              "required": true
-            },
-            {
-              "name": "ec2:ModifyInstanceAttribute",
-              "read_only": false,
-              "required": false,
-              "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions."
-            },
-            {
-              "name": "ec2:StartInstances",
-              "read_only": false,
-              "required": false,
-              "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions."
-            },
-            {
-              "name": "ec2:StopInstances",
-              "read_only": false,
-              "required": false,
-              "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions."
-            },
-            {
-              "name": "sts:GetCallerIdentity",
-              "read_only": true,
-              "required": true
-            }
-          ]
-        },
-        {
-          "name": "flexera",
-          "permissions": [
-            {
-              "name": "billing_center_viewer",
-              "read_only": true,
-              "required": true
-            }
-          ]
-        }
-      ]
-    },
     {
       "id": "./cost/aws/unused_albs/aws_unused_albs.pt",
       "name": "AWS Unused Application Load Balancers",
@@ -8432,7 +8366,7 @@
               "required": true
             },
             {
-              "name": "s3:ListBuckets",
+              "name": "s3:ListAllMyBuckets",
               "read_only": true,
               "required": true
             },
@@ -8479,7 +8413,7 @@
               "required": true
             },
             {
-              "name": "s3:ListBuckets",
+              "name": "s3:ListAllMyBuckets",
               "read_only": true,
               "required": true
             },
@@ -8532,7 +8466,7 @@
               "required": true
             },
             {
-              "name": "s3:ListBuckets",
+              "name": "s3:ListAllMyBuckets",
               "read_only": true,
               "required": true
             },
@@ -8547,7 +8481,7 @@
               "required": true
             },
             {
-              "name": "s3:GetPublicAccessBlock",
+              "name": "s3:GetBucketPublicAccessBlock",
               "read_only": true,
               "required": true
             }
@@ -8579,7 +8513,7 @@
               "required": true
             },
             {
-              "name": "s3:ListBuckets",
+              "name": "s3:ListAllMyBuckets",
               "read_only": true,
               "required": true
             },
@@ -8626,7 +8560,7 @@
               "required": true
             },
             {
-              "name": "s3:ListBuckets",
+              "name": "s3:ListAllMyBuckets",
               "read_only": true,
               "required": true
             },
@@ -8641,12 +8575,12 @@
               "required": true
             },
             {
-              "name": "s3:GetBucketEncryption",
+              "name": "s3:GetEncryptionConfiguration",
               "read_only": true,
               "required": true
             },
             {
-              "name": "s3:PutBucketEncryption",
+              "name": "s3:PutEncryptionConfiguration",
               "read_only": false,
               "required": false,
               "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions."

@@ -368,7 +368,7 @@
       required: false
       description: Only required for taking action (adding tags); the policy will
         still function in a read-only capacity without these permissions.
-    - name: organizations:TagResources
+    - name: organizations:TagResource
       read_only: false
       required: false
       description: Only required for taking action (adding tags); the policy will
@@ -1444,7 +1444,7 @@
     - name: s3:GetBucketTagging
       read_only: true
       required: true
-    - name: s3:GetBucketIntelligentTieringConfiguration
+    - name: s3:GetIntelligentTieringConfiguration
       read_only: true
       required: true
     - name: sts:GetCallerIdentity
@@ -1626,49 +1626,6 @@
     - name: billing_center_viewer
       read_only: true
       required: true
-- id: "./cost/aws/superseded_instances/aws_superseded_instances.pt"
-  name: AWS Superseded EC2 Instances
-  version: 2.3.0
-  :providers:
-  - :name: aws
-    :permissions:
-    - name: ec2:DescribeRegions
-      read_only: true
-      required: true
-    - name: ec2:DescribeInstances
-      read_only: true
-      required: true
-    - name: ec2:DescribeInstanceStatus
-      read_only: false
-      required: false
-      description: Only required for taking action; the policy will still function
-        in a read-only capacity without these permissions.
-    - name: ec2:DescribeTags
-      read_only: true
-      required: true
-    - name: ec2:ModifyInstanceAttribute
-      read_only: false
-      required: false
-      description: Only required for taking action; the policy will still function
-        in a read-only capacity without these permissions.
-    - name: ec2:StartInstances
-      read_only: false
-      required: false
-      description: Only required for taking action; the policy will still function
-        in a read-only capacity without these permissions.
-    - name: ec2:StopInstances
-      read_only: false
-      required: false
-      description: Only required for taking action; the policy will still function
-        in a read-only capacity without these permissions.
-    - name: sts:GetCallerIdentity
-      read_only: true
-      required: true
-  - :name: flexera
-    :permissions:
-    - name: billing_center_viewer
-      read_only: true
-      required: true
 - id: "./cost/aws/unused_albs/aws_unused_albs.pt"
   name: AWS Unused Application Load Balancers
   version: 0.2.0
@@ -4842,7 +4799,7 @@
     - name: sts:GetCallerIdentity
       read_only: true
       required: true
-    - name: s3:ListBuckets
+    - name: s3:ListAllMyBuckets
       read_only: true
       required: true
     - name: s3:GetBucketLocation
@@ -4868,7 +4825,7 @@
     - name: sts:GetCallerIdentity
       read_only: true
       required: true
-    - name: s3:ListBuckets
+    - name: s3:ListAllMyBuckets
       read_only: true
       required: true
     - name: s3:GetBucketLocation
@@ -4899,7 +4856,7 @@
     - name: sts:GetCallerIdentity
       read_only: true
       required: true
-    - name: s3:ListBuckets
+    - name: s3:ListAllMyBuckets
       read_only: true
       required: true
     - name: s3:GetBucketLocation
@@ -4908,7 +4865,7 @@
     - name: s3:GetBucketTagging
       read_only: true
       required: true
-    - name: s3:GetPublicAccessBlock
+    - name: s3:GetBucketPublicAccessBlock
       read_only: true
       required: true
   - :name: flexera
@@ -4925,7 +4882,7 @@
     - name: sts:GetCallerIdentity
       read_only: true
       required: true
-    - name: s3:ListBuckets
+    - name: s3:ListAllMyBuckets
       read_only: true
       required: true
     - name: s3:GetBucketLocation
@@ -4951,7 +4908,7 @@
     - name: sts:GetCallerIdentity
       read_only: true
       required: true
-    - name: s3:ListBuckets
+    - name: s3:ListAllMyBuckets
       read_only: true
       required: true
     - name: s3:GetBucketLocation
@@ -4960,10 +4917,10 @@
     - name: s3:GetBucketTagging
       read_only: true
       required: true
-    - name: s3:GetBucketEncryption
+    - name: s3:GetEncryptionConfiguration
       read_only: true
       required: true
-    - name: s3:PutBucketEncryption
+    - name: s3:PutEncryptionConfiguration
       read_only: false
       required: false
       description: Only required for taking action; the policy will still function