From 72532101a201d26c03061b6ea4fc8092995e210f Mon Sep 17 00:00:00 2001
From: Nick <49166439+nhakmiller@users.noreply.github.com>
Date: Tue, 18 Feb 2020 16:03:12 -0800
Subject: [PATCH] Updated audit role permissions (#211)

* Updated audit role permissions

* Added additional permissions
---
 .../cloudformation/panther-compliance-iam.yml        | 12 ++++++++++++
 go.mod                                               |  2 +-
 go.sum                                               |  2 ++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/deployments/auxiliary/cloudformation/panther-compliance-iam.yml b/deployments/auxiliary/cloudformation/panther-compliance-iam.yml
index a0b42c7795..f00ad59b08 100644
--- a/deployments/auxiliary/cloudformation/panther-compliance-iam.yml
+++ b/deployments/auxiliary/cloudformation/panther-compliance-iam.yml
@@ -77,6 +77,18 @@ Resources:
                   - cloudformation:DetectStackDrift
                   - cloudformation:DetectStackResourceDrift
                 Resource: '*'
+        - PolicyName: CloudFormationStackDriftDetectionSupplements
+          # These permissions are not directly required for scanning, but are required by AWS in
+          # order to perform CloudFormation Stack drift detection on the corresponding resource types
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - sns:ListTagsForResource
+                  - lambda:GetFunction
+                  - apigateway:GET
+                Resource: '*'
         - PolicyName: GetWAFACLs
           PolicyDocument:
             Version: 2012-10-17
diff --git a/go.mod b/go.mod
index 2e1e990426..45833da73c 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f // indirect
 	golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa // indirect
 	golang.org/x/sys v0.0.0-20200121082415-34d275377bf9 // indirect
-	golang.org/x/tools v0.0.0-20200212211505-6dd6151793f7 // indirect
+	golang.org/x/tools v0.0.0-20200218205902-f8e42dc47720 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
 	gopkg.in/go-playground/validator.v9 v9.31.0
 	gopkg.in/russross/blackfriday.v2 v2.0.0 // indirect
diff --git a/go.sum b/go.sum
index 7fb6baea10..f358e67454 100644
--- a/go.sum
+++ b/go.sum
@@ -276,6 +276,8 @@ golang.org/x/tools v0.0.0-20200210192313-1ace956b0e17 h1:a/Fd23DJvg1CaeDH0dYHahE
 golang.org/x/tools v0.0.0-20200210192313-1ace956b0e17/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200212211505-6dd6151793f7 h1:SWKaJjEEnIUqoSX43gli3maUBM+1QSfJVGHfmeeQlFg=
 golang.org/x/tools v0.0.0-20200212211505-6dd6151793f7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200218205902-f8e42dc47720 h1:90L2fHeLQmQFe04F648NKZE5sQP/M/6CjHcjtM7jP5U=
+golang.org/x/tools v0.0.0-20200218205902-f8e42dc47720/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=