Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RAIN-94027: add permission for compute-optimizer #115

Merged
merged 1 commit into from
Dec 5, 2024
Merged

RAIN-94027: add permission for compute-optimizer #115

merged 1 commit into from
Dec 5, 2024

Conversation

yingxinl
Copy link
Contributor

@yingxinl yingxinl commented Dec 5, 2024

Summary

Add terraform permissions for AWS service compute-optimizer

How did you test this change?

Tested in tilt. Permissions are added only for dev8-rm-test account (249446771485). By running the queries below, we can see AccessDeniedException in other accounts except account_id of 249446771485.

-- Collection completed for envGuid: DEV8_B895FFBB65A0D5A2E543F62A2CB3CD9343293637C75D5C9BA80 
-- with startTime: 2024-12-04T08:10:00 and endTime: 2024-12-04T08:20:00

use database DEV8_CDB_DEV8_B895FFBB65A0D5A2E543F62A2CB3CD9343293637C75D5C9BA80;

select request_guid, start_time, end_time from aws_cfg_internal.config_summary_t
where start_time = '2024-12-04T08:10:00-00:00' and end_time = '2024-12-04T08:20:00-00:00';

SELECT DISTINCT account_id, service, api_key, status
FROM aws_cfg_internal.config_preview_details_t
WHERE REQUEST_GUID = 'c5578dc6-cefd-41fe-a081-209c0619458a';

Issue

https://lacework.atlassian.net/browse/RAIN-94027

@yingxinl
Copy link
Contributor Author

yingxinl commented Dec 5, 2024

Basically the same as this PR but with signed commit.

@yingxinl yingxinl mentioned this pull request Dec 5, 2024
Closed
@yingxinl yingxinl marked this pull request as ready for review December 5, 2024 00:50
@yingxinl yingxinl merged commit 436a15a into main Dec 5, 2024
11 checks passed
@yingxinl yingxinl deleted the compute-optimizer-permissions branch December 5, 2024 01:21
@leijin-lw
Copy link
Contributor

Do we need to release a new version for terraform-aws-config module to include this PR?

@jjzhangjjzhang
Copy link
Contributor

Do we need to release a new version for terraform-aws-config module to include this PR?

Yes, we need to release a new version of terraform-aws-config. Thanks in advance for the help

@yingxinl
Copy link
Contributor Author

yingxinl commented Dec 5, 2024

Thank you @leijin-lw @jjzhangjjzhang !

@leijin-lw
Copy link
Contributor

A new version of terraform-aws-config has been released. Does it require customer to reapply the terraform in order to grant the newly added permission?

@yingxinl
Copy link
Contributor Author

yingxinl commented Dec 6, 2024

Thanks @leijin-lw. Yes, customers would need to apply the terraform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jjzhangjjzhang jjzhangjjzhang jjzhangjjzhang approved these changes

@ramgudivada-lacework ramgudivada-lacework Awaiting requested review from ramgudivada-lacework

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yingxinl @leijin-lw @jjzhangjjzhang