zero-shield-cli/aws-setup/policies/zero-shield-full.json at agent-v2-dev · jerisadeumai/zero-shield-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ZeroShieldFullAuditAccess",
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:GetBucketPolicy",
        "s3:GetBucketAcl",
        "s3:GetBucketPublicAccessBlock",
        "iam:ListUsers",
        "iam:ListRoles",
        "iam:ListAccessKeys",
        "iam:ListMFADevices",
        "iam:ListAttachedRolePolicies",
        "iam:GetInstanceProfile",
        "iam:GetUser",
        "iam:GetLoginProfile",
        "rds:DescribeDBInstances",
        "lambda:ListFunctions",
        "lambda:GetFunction",
        "cloudtrail:LookupEvents",
        "ce:GetCostAndUsage",
        "pricing:GetProducts",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricStatistics",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:GetLogEvents",
        "kms:ListKeys",
        "kms:DescribeKey",
        "kms:GetKeyRotationStatus",
        "dynamodb:ListTables",
        "dynamodb:DescribeTable",
        "elasticfilesystem:DescribeFileSystems",
        "wafv2:ListWebACLs",
        "events:ListRules",
        "events:DescribeRule",
        "guardduty:ListDetectors",
        "guardduty:ListFindings",
        "guardduty:GetFindings",
        "ec2:DescribeInstances",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeVpcs",
        "ec2:DescribeSubnets",
        "ec2:DescribeNetworkAcls",
        "ec2:DescribeVolumes",
        "ec2:DescribeSnapshots",
        "ec2:DescribeKeyPairs",
        "ec2:DescribeIamInstanceProfileAssociations",
        "ec2:GetConsoleOutput"
      ],
      "Resource": "*"
    },
    {
      "Sid": "ZeroShieldQuarantine",
      "Effect": "Allow",
      "Action": "ec2:ModifyInstanceAttribute",
      "Resource": "arn:aws:ec2:*:*:instance/*"
    },
    {
      "Sid": "ZeroShieldIdentityKillswitch",
      "Effect": "Allow",
      "Action": "iam:UpdateAccessKey",
      "Resource": "arn:aws:iam::*:user/*"
    },
    {
      "Sid": "SecurityGroupRuleModification",
      "Effect": "Allow",
      "Action": [
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:RevokeSecurityGroupIngress",
        "ec2:AuthorizeSecurityGroupEgress",
        "ec2:RevokeSecurityGroupEgress"
      ],
      "Resource": "arn:aws:ec2:*:*:security-group/*"
    }
  ]
}