Merge pull request #198 from schubergphilis/allow_waf_logging

fix: global allowed region permissions for s3 logging & quicksight
schubergphilis · Jan 17, 2024 · cf59393 · cf59393
2 parents 8a60113 + f136f9b
commit cf59393
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/files/organizations/allowed_regions.json.tpl b/files/organizations/allowed_regions.json.tpl
@@ -59,6 +59,7 @@
                 "organizations:*",
                 "payments:*",
                 "pricing:*",
+                "quicksight:DescribeAccountSubscription",
                 "resource-explorer-2:*",
                 "route53-recovery-cluster:*",
                 "route53-recovery-control-config:*",
@@ -70,6 +71,7 @@
                 "s3:DescribeMultiRegionAccessPointOperation",
                 "s3:GetAccountPublicAccessBlock",
                 "s3:GetBucketLocation",
+                "s3:GetBucketPolicy",
                 "s3:GetBucketPolicyStatus",
                 "s3:GetBucketPublicAccessBlock",
                 "s3:GetMultiRegionAccessPoint",
@@ -81,6 +83,7 @@
                 "s3:ListMultiRegionAccessPoints",
                 "s3:ListStorageLensConfigurations",
                 "s3:PutAccountPublicAccessBlock",
+                "s3:PutBucketPolicy",
                 "s3:PutMultiRegionAccessPointPolicy",
                 "savingsplans:*",
                 "shield:*",