Product logo
DocsBlogPricing

Permissions for @turbot/aws-inspector

Taking a look at permissions and associated grant levels for each permission for Inspector:

PermissionGrant LevelHelp
inspector:AddAttributesToFindingsAdmin
inspector:CreateAssessmentTargetAdmin
inspector:CreateAssessmentTemplateAdmin
inspector:CreateExclusionsPreviewAdmin
inspector:CreateResourceGroupAdmin
inspector:DeleteAssessmentRunAdmin
inspector:DeleteAssessmentTargetAdmin
inspector:DeleteAssessmentTemplateAdmin
inspector:DescribeAssessmentRunsMetadata
inspector:DescribeAssessmentTargetsMetadata
inspector:DescribeAssessmentTemplatesMetadata
inspector:DescribeCrossAccountAccessRoleMetadataDescribes the IAM role that enables Amazon Inspector to access AWS account.
inspector:DescribeExclusionsMetadata
inspector:DescribeFindingsMetadata
inspector:DescribeResourceGroupsMetadata
inspector:DescribeRulesPackagesMetadata
inspector:GetAssessmentReportMetadata
inspector:GetExclusionsPreviewMetadata
inspector:GetTelemetryMetadataMetadata
inspector:ListAssessmentRunAgentsMetadata
inspector:ListAssessmentRunsMetadata
inspector:ListAssessmentTargetsMetadata
inspector:ListAssessmentTemplatesMetadata
inspector:ListEventSubscriptionsMetadata
inspector:ListExclusionsMetadata
inspector:ListFindingsMetadata
inspector:ListRulesPackagesMetadata
inspector:ListTagsForResourceMetadata
inspector:PreviewAgentsMetadata
inspector:RegisterCrossAccountAccessRoleAdminAdmins can register the IAM role that Amazon Inspector uses to list EC2 instances at the start of the assessment run or when using the PreviewAgents action.
inspector:RemoveAttributesFromFindingsAdmin
inspector:SetTagsForResourceOperator
inspector:StartAssessmentRunOperator
inspector:StopAssessmentRunOperator
inspector:SubscribeToEventAdmin
inspector:UnsubscribeFromEventAdmin
inspector:UpdateAssessmentTargetAdmin
sns:ListTopicsMetadata