adding permissions and changelog

DataDog · Nov 5, 2024 · bb79894 · bb79894
1 parent 5b90697
commit bb79894
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 14 deletions.
diff --git a/aws_quickstart/CHANGELOG.md b/aws_quickstart/CHANGELOG.md
@@ -0,0 +1,5 @@
+## 1.2.5 (November 5, 2024)
+
+### FEATURES
+* Added DisableResourceCollection field which defaults to False. When False, SecurityAudit policy will be attached to the created Datadog IAM Role, and ExtendedResourceCollection will be enabled in Datadog
+* Added additional permissions to the default set of permissions attached to the created Datadog IAM Role
diff --git a/aws_quickstart/datadog_integration_role.yaml b/aws_quickstart/datadog_integration_role.yaml
@@ -67,7 +67,11 @@ Resources:
                   - 'apigateway:GET'
                   - 'autoscaling:Describe*'
                   - 'backup:List*'
+                  - 'backup:ListRecoveryPointsByBackupVault'
+                  - 'bcm-data-exports:GetExport'
+                  - 'bcm-data-exports:ListExports'
                   - 'budgets:ViewBudget'
+                  - 'cassandra:Select'
                   - 'cloudfront:GetDistributionConfig'
                   - 'cloudfront:ListDistributions'
                   - 'cloudtrail:DescribeTrails'
@@ -76,73 +80,88 @@ Resources:
                   - 'cloudwatch:Describe*'
                   - 'cloudwatch:Get*'
                   - 'cloudwatch:List*'
-                  - 'codedeploy:List*'
                   - 'codedeploy:BatchGet*'
+                  - 'codedeploy:List*'
+                  - 'cur:DescribeReportDefinitions'
                   - 'directconnect:Describe*'
-                  - 'dynamodb:List*'
                   - 'dynamodb:Describe*'
+                  - 'dynamodb:List*'
                   - 'ec2:Describe*'
+                  - 'ec2:GetSnapshotBlockPublicAccessState'
                   - 'ec2:GetTransitGatewayPrefixListReferences'
                   - 'ec2:SearchTransitGatewayRoutes'
                   - 'ecs:Describe*'
                   - 'ecs:List*'
                   - 'elasticache:Describe*'
                   - 'elasticache:List*'
+                  - 'elasticfilesystem:DescribeAccessPoints'
                   - 'elasticfilesystem:DescribeFileSystems'
                   - 'elasticfilesystem:DescribeTags'
-                  - 'elasticfilesystem:DescribeAccessPoints'
                   - 'elasticloadbalancing:Describe*'
-                  - 'elasticmapreduce:List*'
                   - 'elasticmapreduce:Describe*'
-                  - 'es:ListTags'
-                  - 'es:ListDomainNames'
+                  - 'elasticmapreduce:List*'
                   - 'es:DescribeElasticsearchDomains'
+                  - 'es:ListDomainNames'
+                  - 'es:ListTags'
                   - 'events:CreateEventBus'
                   - 'fsx:DescribeFileSystems'
                   - 'fsx:ListTagsForResource'
-                  - 'health:DescribeEvents'
-                  - 'health:DescribeEventDetails'
+                  - 'glacier:GetVaultNotifications'
+                  - 'glue:ListRegistries'
                   - 'health:DescribeAffectedEntities'
-                  - 'kinesis:List*'
+                  - 'health:DescribeEventDetails'
+                  - 'health:DescribeEvents'
                   - 'kinesis:Describe*'
+                  - 'kinesis:List*'
                   - 'lambda:GetPolicy'
                   - 'lambda:List*'
+                  - 'lightsail:GetInstancePortStates'
                   - 'logs:DeleteSubscriptionFilter'
                   - 'logs:DescribeLogGroups'
                   - 'logs:DescribeLogStreams'
                   - 'logs:DescribeSubscriptionFilters'
                   - 'logs:FilterLogEvents'
                   - 'logs:PutSubscriptionFilter'
                   - 'logs:TestMetricFilter'
-                  - 'oam:ListSinks'
                   - 'oam:ListAttachedLinks'
+                  - 'oam:ListSinks'
                   - 'organizations:Describe*'
                   - 'organizations:List*'
                   - 'rds:Describe*'
                   - 'rds:List*'
                   - 'redshift:DescribeClusters'
                   - 'redshift:DescribeLoggingStatus'
                   - 'route53:List*'
-                  - 's3:GetBucketLogging'
                   - 's3:GetBucketLocation'
+                  - 's3:GetBucketLogging'
                   - 's3:GetBucketNotification'
                   - 's3:GetBucketTagging'
                   - 's3:ListAllMyBuckets'
                   - 's3:PutBucketNotification'
+                  - 'savingsplans:DescribeSavingsPlanRates'
+                  - 'savingsplans:DescribeSavingsPlans'
                   - 'ses:Get*'
+                  - 'sns:GetSubscriptionAttributes'
                   - 'sns:List*'
                   - 'sns:Publish'
-                  - 'sns:GetSubscriptionAttributes'
                   - 'sqs:ListQueues'
-                  - 'states:ListStateMachines'
                   - 'states:DescribeStateMachine'
+                  - 'states:ListStateMachines'
                   - 'support:DescribeTrustedAdvisor*'
                   - 'support:RefreshTrustedAdvisorCheck'
                   - 'tag:GetResources'
                   - 'tag:GetTagKeys'
                   - 'tag:GetTagValues'
-                  - 'wafv2:ListLoggingConfigurations'
+                  - 'timestream:DescribeEndpoints'
+                  - 'waf-regional:ListRuleGroups'
+                  - 'waf-regional:ListRules'
+                  - 'waf:ListRuleGroups'
+                  - 'waf:ListRules'
+                  - 'wafv2:GetIPSet'
                   - 'wafv2:GetLoggingConfiguration'
+                  - 'wafv2:GetRegexPatternSet'
+                  - 'wafv2:GetRuleGroup'
+                  - 'wafv2:ListLoggingConfigurations'
                   - 'xray:BatchGetTraces'
                   - 'xray:GetTraceSummaries'
 Metadata: