Permissions for @turbot/aws-guardduty
Taking a look at permissions and associated grant levels for each permission for GuardDuty:
| Permission | Grant Level | Help |
|---|---|---|
| guardduty:AcceptInvitation | Admin | |
| guardduty:ArchiveFindings | Admin | |
| guardduty:CreateDetector | Admin | |
| guardduty:CreateFilter | Admin | |
| guardduty:CreateIPSet | Admin | |
| guardduty:CreateMembers | Admin | |
| guardduty:CreatePublishingDestination | Admin | |
| guardduty:CreateSampleFindings | Admin | |
| guardduty:CreateThreatIntelSet | Admin | |
| guardduty:DeclineInvitations | Admin | |
| guardduty:DeleteDetector | Admin | |
| guardduty:DeleteFilter | Admin | |
| guardduty:DeleteIPSet | Admin | |
| guardduty:DeleteInvitations | Admin | Deletes invitations sent to the current member account by AWS accounts specified by their account IDs |
| guardduty:DeleteMembers | Admin | |
| guardduty:DeletePublishingDestination | Admin | |
| guardduty:DeleteThreatIntelSet | Admin | |
| guardduty:DescribePublishingDestination | ReadOnly | |
| guardduty:DisassociateFromMasterAccount | Admin | |
| guardduty:DisassociateMembers | Admin | |
| guardduty:GetDetector | Metadata | |
| guardduty:GetFilter | Metadata | |
| guardduty:GetFindings | ReadOnly | |
| guardduty:GetFindingsStatistics | Metadata | |
| guardduty:GetIPSet | Metadata | |
| guardduty:GetInvitationsCount | Metadata | |
| guardduty:GetMasterAccount | ReadOnly | |
| guardduty:GetMembers | Metadata | Returns the details on the GuardDuty member accounts specified by the account IDs. |
| guardduty:GetThreatIntelSet | Metadata | |
| guardduty:InviteMembers | Admin | |
| guardduty:ListDetectors | Metadata | |
| guardduty:ListFilters | Metadata | |
| guardduty:ListFindings | Metadata | |
| guardduty:ListIPSets | Metadata | |
| guardduty:ListInvitations | Metadata | |
| guardduty:ListMembers | ReadOnly | Lists details about all member accounts for the current GuardDuty master account. |
| guardduty:ListPublishingDestinations | ReadOnly | |
| guardduty:ListTagsForResource | Metadata | |
| guardduty:ListThreatIntelSets | Metadata | Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. |
| guardduty:StartMonitoringMembers | Admin | |
| guardduty:StopMonitoringMembers | Admin | |
| guardduty:TagResource | Admin | |
| guardduty:UnarchiveFindings | Admin | |
| guardduty:UntagResource | Admin | |
| guardduty:UpdateDetector | Admin | |
| guardduty:UpdateFilter | Admin | |
| guardduty:UpdateFindingsFeedback | Admin | |
| guardduty:UpdateIPSet | Admin | |
| guardduty:UpdatePublishingDestination | Admin | |
| guardduty:UpdateThreatIntelSet | Admin |