Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement | Add networkmanager / firewall permissions to DevOps IAM Policy #415

Merged
merged 1 commit into from
Jul 28, 2022
Merged

Enhancement | Add networkmanager / firewall permissions to DevOps IAM Policy #415

merged 1 commit into from
Jul 28, 2022

Conversation

marianod92
Copy link
Contributor

What?

  • Add allowed-actions to DevOps IAM Policy for list network-firewall related resources

@marianod92 marianod92 added enhancement New feature or request minor labels Jul 28, 2022
@marianod92 marianod92 added this to the 2022 Q3 milestone Jul 28, 2022
@marianod92 marianod92 self-assigned this Jul 28, 2022
@marianod92 marianod92 requested a review from a team as a code owner July 28, 2022 20:50
@github-actions
Copy link

💰 Infracost estimate: monthly cost will not change

Project Previous New Diff
binbashar/le-tf-infra-aws/security/us-east-1/firewall-manager $0 $0 $0
All projects $1,633 $1,633 $0

123 projects have no cost estimate changes.

Infracost output 
──────────────────────────────────
Project: binbashar/le-tf-infra-aws/security/us-east-1/firewall-manager
Module path: security/us-east-1/firewall-manager

- module.fms.aws_kinesis_firehose_delivery_stream.firehose_stream[0]
  Monthly cost depends on usage

    - Data ingested (first 500TB)
      Monthly cost depends on usage
        -$0.029 per GB

Monthly cost change for binbashar/le-tf-infra-aws/security/us-east-1/firewall-manager (Module path: security/us-east-1/firewall-manager)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────

The following projects have no cost estimate changes: binbashar/le-tf-infra-aws/apps-devstg/global/base-identities (Module path: apps-devstg/global/base-identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/backups -- (Module path: apps-devstg/us-east-1/backups --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/base-network (Module path: apps-devstg/us-east-1/base-network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/base-tf-backend (Module path: apps-devstg/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/cdn-s3-frontend -- (Module path: apps-devstg/us-east-1/cdn-s3-frontend --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/databases-aurora (Module path: apps-devstg/us-east-1/databases-aurora), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/databases-mysql -- (Module path: apps-devstg/us-east-1/databases-mysql --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/databases-pgsql -- (Module path: apps-devstg/us-east-1/databases-pgsql --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/ec2-fleet-ansible -- (Module path: apps-devstg/us-east-1/ec2-fleet-ansible --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/cluster (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/identities (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-resources (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-workloads (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-demoapps/network (Module path: apps-devstg/us-east-1/k8s-eks-demoapps/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/cluster (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/identities (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/k8s-resources (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/k8s-workloads (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-eks-v1.17/network (Module path: apps-devstg/us-east-1/k8s-eks-v1.17/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-kind/k8s-resources (Module path: apps-devstg/us-east-1/k8s-kind/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-kops --/1-prerequisites (Module path: apps-devstg/us-east-1/k8s-kops --/1-prerequisites), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/k8s-kops --/2-kops (Module path: apps-devstg/us-east-1/k8s-kops --/2-kops), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/notifications (Module path: apps-devstg/us-east-1/notifications), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-audit (Module path: apps-devstg/us-east-1/security-audit), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-base (Module path: apps-devstg/us-east-1/security-base), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-certs (Module path: apps-devstg/us-east-1/security-certs), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-compliance -- (Module path: apps-devstg/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-firewall -- (Module path: apps-devstg/us-east-1/security-firewall --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-keys (Module path: apps-devstg/us-east-1/security-keys), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/storage/s3-bucket-demo-files -- (Module path: apps-devstg/us-east-1/storage/s3-bucket-demo-files --), binbashar/le-tf-infra-aws/apps-devstg/us-east-1/tools-cloud-nuke (Module path: apps-devstg/us-east-1/tools-cloud-nuke), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/cluster (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/cluster), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/identities (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/identities), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/k8s-resources (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/k8s-resources), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/k8s-workloads (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/k8s-workloads), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/k8s-eks-v1.17/network (Module path: apps-devstg/us-east-2/k8s-eks-v1.17/network), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/security-compliance -- (Module path: apps-devstg/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/apps-devstg/us-east-2/security-keys (Module path: apps-devstg/us-east-2/security-keys), binbashar/le-tf-infra-aws/apps-prd/global/base-identities (Module path: apps-prd/global/base-identities), binbashar/le-tf-infra-aws/apps-prd/us-east-1/backups -- (Module path: apps-prd/us-east-1/backups --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/base-network (Module path: apps-prd/us-east-1/base-network), binbashar/le-tf-infra-aws/apps-prd/us-east-1/base-tf-backend (Module path: apps-prd/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/apps-prd/us-east-1/cdn-s3-frontend -- (Module path: apps-prd/us-east-1/cdn-s3-frontend --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/ec2-fleet -- (Module path: apps-prd/us-east-1/ec2-fleet --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/notifications (Module path: apps-prd/us-east-1/notifications), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-audit (Module path: apps-prd/us-east-1/security-audit), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-base (Module path: apps-prd/us-east-1/security-base), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-certs (Module path: apps-prd/us-east-1/security-certs), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-compliance -- (Module path: apps-prd/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-keys (Module path: apps-prd/us-east-1/security-keys), binbashar/le-tf-infra-aws/management/global/base-identities (Module path: management/global/base-identities), binbashar/le-tf-infra-aws/management/global/cost-mgmt (Module path: management/global/cost-mgmt), binbashar/le-tf-infra-aws/management/global/organizations (Module path: management/global/organizations), binbashar/le-tf-infra-aws/management/global/sso (Module path: management/global/sso), binbashar/le-tf-infra-aws/management/us-east-1/backups (Module path: management/us-east-1/backups), binbashar/le-tf-infra-aws/management/us-east-1/base-tf-backend (Module path: management/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/management/us-east-1/firewall-manager (Module path: management/us-east-1/firewall-manager), binbashar/le-tf-infra-aws/management/us-east-1/notifications (Module path: management/us-east-1/notifications), binbashar/le-tf-infra-aws/management/us-east-1/security-audit (Module path: management/us-east-1/security-audit), binbashar/le-tf-infra-aws/management/us-east-1/security-base (Module path: management/us-east-1/security-base), binbashar/le-tf-infra-aws/management/us-east-1/security-compliance (Module path: management/us-east-1/security-compliance), binbashar/le-tf-infra-aws/management/us-east-1/security-keys (Module path: management/us-east-1/security-keys), binbashar/le-tf-infra-aws/management/us-east-1/security-monitoring (Module path: management/us-east-1/security-monitoring), binbashar/le-tf-infra-aws/management/us-east-2/security-monitoring -- (Module path: management/us-east-2/security-monitoring --), binbashar/le-tf-infra-aws/network/global/base-identities (Module path: network/global/base-identities), binbashar/le-tf-infra-aws/network/us-east-1/base-network (Module path: network/us-east-1/base-network), binbashar/le-tf-infra-aws/network/us-east-1/base-tf-backend (Module path: network/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/network/us-east-1/network-firewall (Module path: network/us-east-1/network-firewall), binbashar/le-tf-infra-aws/network/us-east-1/notifications (Module path: network/us-east-1/notifications), binbashar/le-tf-infra-aws/network/us-east-1/security-audit (Module path: network/us-east-1/security-audit), binbashar/le-tf-infra-aws/network/us-east-1/security-base (Module path: network/us-east-1/security-base), binbashar/le-tf-infra-aws/network/us-east-1/security-compliance -- (Module path: network/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/network/us-east-1/security-keys (Module path: network/us-east-1/security-keys), binbashar/le-tf-infra-aws/network/us-east-1/transit-gateway (Module path: network/us-east-1/transit-gateway), binbashar/le-tf-infra-aws/network/us-east-2/base-network (Module path: network/us-east-2/base-network), binbashar/le-tf-infra-aws/network/us-east-2/network-firewall (Module path: network/us-east-2/network-firewall), binbashar/le-tf-infra-aws/network/us-east-2/security-compliance -- (Module path: network/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/network/us-east-2/security-keys (Module path: network/us-east-2/security-keys), binbashar/le-tf-infra-aws/network/us-east-2/transit-gateway (Module path: network/us-east-2/transit-gateway), binbashar/le-tf-infra-aws/security/global/base-identities (Module path: security/global/base-identities), binbashar/le-tf-infra-aws/security/us-east-1/base-tf-backend (Module path: security/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/security/us-east-1/notifications (Module path: security/us-east-1/notifications), binbashar/le-tf-infra-aws/security/us-east-1/security-audit (Module path: security/us-east-1/security-audit), binbashar/le-tf-infra-aws/security/us-east-1/security-base (Module path: security/us-east-1/security-base), binbashar/le-tf-infra-aws/security/us-east-1/security-compliance -- (Module path: security/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/security/us-east-1/security-keys (Module path: security/us-east-1/security-keys), binbashar/le-tf-infra-aws/security/us-east-1/security-monitoring (Module path: security/us-east-1/security-monitoring), binbashar/le-tf-infra-aws/security/us-east-2/security-audit (Module path: security/us-east-2/security-audit), binbashar/le-tf-infra-aws/security/us-east-2/security-compliance -- (Module path: security/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/security/us-east-2/security-monitoring -- (Module path: security/us-east-2/security-monitoring --), binbashar/le-tf-infra-aws/shared/global/base-dns/binbash.com.ar (Module path: shared/global/base-dns/binbash.com.ar), binbashar/le-tf-infra-aws/shared/global/base-identities (Module path: shared/global/base-identities), binbashar/le-tf-infra-aws/shared/us-east-1/backups (Module path: shared/us-east-1/backups), binbashar/le-tf-infra-aws/shared/us-east-1/base-network (Module path: shared/us-east-1/base-network), binbashar/le-tf-infra-aws/shared/us-east-1/base-tf-backend (Module path: shared/us-east-1/base-tf-backend), binbashar/le-tf-infra-aws/shared/us-east-1/container-registry (Module path: shared/us-east-1/container-registry), binbashar/le-tf-infra-aws/shared/us-east-1/ec2-fleet -- (Module path: shared/us-east-1/ec2-fleet --), binbashar/le-tf-infra-aws/shared/us-east-1/ec2-fleet-bastions -- (Module path: shared/us-east-1/ec2-fleet-bastions --), binbashar/le-tf-infra-aws/shared/us-east-1/k8s-eks-demoapps/identities (Module path: shared/us-east-1/k8s-eks-demoapps/identities), binbashar/le-tf-infra-aws/shared/us-east-1/notifications (Module path: shared/us-east-1/notifications), binbashar/le-tf-infra-aws/shared/us-east-1/secrets-manager -- (Module path: shared/us-east-1/secrets-manager --), binbashar/le-tf-infra-aws/shared/us-east-1/security-audit (Module path: shared/us-east-1/security-audit), binbashar/le-tf-infra-aws/shared/us-east-1/security-base (Module path: shared/us-east-1/security-base), binbashar/le-tf-infra-aws/shared/us-east-1/security-compliance -- (Module path: shared/us-east-1/security-compliance --), binbashar/le-tf-infra-aws/shared/us-east-1/security-keys (Module path: shared/us-east-1/security-keys), binbashar/le-tf-infra-aws/shared/us-east-1/storage/backup-gdrive -- (Module path: shared/us-east-1/storage/backup-gdrive --), binbashar/le-tf-infra-aws/shared/us-east-1/storage/object-file-shares-for-users-list -- (Module path: shared/us-east-1/storage/object-file-shares-for-users-list --), binbashar/le-tf-infra-aws/shared/us-east-1/storage/object-file-shares-sftp-transfer-service -- (Module path: shared/us-east-1/storage/object-file-shares-sftp-transfer-service --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-cloud-scheduler-stop-start (Module path: shared/us-east-1/tools-cloud-scheduler-stop-start), binbashar/le-tf-infra-aws/shared/us-east-1/tools-eskibana -- (Module path: shared/us-east-1/tools-eskibana --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-github-selfhosted-runners (Module path: shared/us-east-1/tools-github-selfhosted-runners), binbashar/le-tf-infra-aws/shared/us-east-1/tools-jenkins -- (Module path: shared/us-east-1/tools-jenkins --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-managedeskibana -- (Module path: shared/us-east-1/tools-managedeskibana --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-prometheus -- (Module path: shared/us-east-1/tools-prometheus --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-vault -- (Module path: shared/us-east-1/tools-vault --), binbashar/le-tf-infra-aws/shared/us-east-1/tools-vpn-server (Module path: shared/us-east-1/tools-vpn-server), binbashar/le-tf-infra-aws/shared/us-east-1/tools-webhooks -- (Module path: shared/us-east-1/tools-webhooks --), binbashar/le-tf-infra-aws/shared/us-east-2/base-network (Module path: shared/us-east-2/base-network), binbashar/le-tf-infra-aws/shared/us-east-2/container-registry (Module path: shared/us-east-2/container-registry), binbashar/le-tf-infra-aws/shared/us-east-2/security-compliance -- (Module path: shared/us-east-2/security-compliance --), binbashar/le-tf-infra-aws/shared/us-east-2/security-keys (Module path: shared/us-east-2/security-keys), binbashar/le-tf-infra-aws/shared/us-east-2/tools-eskibana -- (Module path: shared/us-east-2/tools-eskibana --), binbashar/le-tf-infra-aws/shared/us-east-2/tools-prometheus -- (Module path: shared/us-east-2/tools-prometheus --)
Run the following command to see their breakdown: infracost breakdown --path=/path/to/code

──────────────────────────────────
Key: ~ changed, + added, - removed

517 cloud resources were detected:
∙ 517 were estimated, 382 of which include usage-based costs, see https://infracost.io/usage-file

This comment will be updated when the cost estimate changes.

Is this comment useful? Yes, No, Other

@marianod92 marianod92 merged commit 5b0ba95 into master Jul 28, 2022
@marianod92 marianod92 deleted the feature/add-waf-permission-devops-role branch July 28, 2022 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@angelofenoglio angelofenoglio angelofenoglio approved these changes

Assignees

@marianod92 marianod92

Labels
enhancement New feature or request patch
Projects
None yet
Milestone
2022 Q3
Development

Successfully merging this pull request may close these issues.
3 participants
@marianod92 @angelofenoglio @exequielrafaela