Permissions for @turbot/aws-inspector
Taking a look at permissions and associated grant levels for each permission for Inspector:
Permission | Grant Level | Help |
---|---|---|
inspector:AddAttributesToFindings | Admin | |
inspector:CreateAssessmentTarget | Admin | |
inspector:CreateAssessmentTemplate | Admin | |
inspector:CreateExclusionsPreview | Admin | |
inspector:CreateResourceGroup | Admin | |
inspector:DeleteAssessmentRun | Admin | |
inspector:DeleteAssessmentTarget | Admin | |
inspector:DeleteAssessmentTemplate | Admin | |
inspector:DescribeAssessmentRuns | Metadata | |
inspector:DescribeAssessmentTargets | Metadata | |
inspector:DescribeAssessmentTemplates | Metadata | |
inspector:DescribeCrossAccountAccessRole | Metadata | Describes the IAM role that enables Amazon Inspector to access AWS account. |
inspector:DescribeExclusions | Metadata | |
inspector:DescribeFindings | Metadata | |
inspector:DescribeResourceGroups | Metadata | |
inspector:DescribeRulesPackages | Metadata | |
inspector:GetAssessmentReport | Metadata | |
inspector:GetExclusionsPreview | Metadata | |
inspector:GetTelemetryMetadata | Metadata | |
inspector:ListAssessmentRunAgents | Metadata | |
inspector:ListAssessmentRuns | Metadata | |
inspector:ListAssessmentTargets | Metadata | |
inspector:ListAssessmentTemplates | Metadata | |
inspector:ListEventSubscriptions | Metadata | |
inspector:ListExclusions | Metadata | |
inspector:ListFindings | Metadata | |
inspector:ListRulesPackages | Metadata | |
inspector:ListTagsForResource | Metadata | |
inspector:PreviewAgents | Metadata | |
inspector:RegisterCrossAccountAccessRole | Admin | Admins can register the IAM role that Amazon Inspector uses to list EC2 instances at the start of the assessment run or when using the PreviewAgents action. |
inspector:RemoveAttributesFromFindings | Admin | |
inspector:SetTagsForResource | Operator | |
inspector:StartAssessmentRun | Operator | |
inspector:StopAssessmentRun | Operator | |
inspector:SubscribeToEvent | Admin | |
inspector:UnsubscribeFromEvent | Admin | |
inspector:UpdateAssessmentTarget | Admin | |
sns:ListTopics | Metadata |