AWS Misconfigurations
Permissions required for Misconfigurations Detection
We have taken enough time and done through analysis to seek out the minimal permission set required to run effective audit against your AWS account.
Pre-defined Policies
Permissions
arn:aws:iam::aws:policy/SecurityAudit
arn:aws:iam::aws:policy/ReadOnlyAccess
Additional Permissions
Permissions
account:GetAccountInformation
s3:ListBucket
lambda:GetFunction
dynamodb:DescribeTableReplicaAutoScaling
sns:GetSubscriptionAttributes
cloudwatch:GetMetricStatistics
cloudwatch:ListMetrics
billing:Get*
payments:List*
budgets:Describe*
budgets:View*
ce:Get*
ce:Describe*
ce:List*
cur:Describe*
cur:GetUsage*
pricing:*
account:GetAccountInformation
savingsplans:Describe*