Permissions for @turbot/aws-securityhub
Taking a look at permissions and associated grant levels for each permission for Security Hub:
Permission | Grant Level | Help |
---|---|---|
health:DescribeEventAggregates | Metadata | |
iam:PassRole | Admin | Admins can allow Security Hub service to use existing IAM roles. |
securityhub:AcceptInvitation | Admin | Admins can accept the invitation to be monitored by a master Security Hub account. |
securityhub:BatchDisableStandards | Admin | |
securityhub:BatchEnableStandards | Admin | |
securityhub:BatchImportFindings | Admin | |
securityhub:CancelProductSubscription | Admin | |
securityhub:CreateActionTarget | Admin | |
securityhub:CreateInsight | Admin | |
securityhub:CreateMembers | Admin | |
securityhub:DeclineInvitations | Admin | |
securityhub:DeleteActionTarget | Admin | |
securityhub:DeleteInsight | Admin | |
securityhub:DeleteInvitations | Admin | |
securityhub:DeleteMembers | Admin | |
securityhub:DescribeActionTargets | Metadata | |
securityhub:DescribeHub | Metadata | |
securityhub:DescribeProducts | Metadata | |
securityhub:DisableImportFindingsForProduct | Operator | |
securityhub:DisableSecurityHub | Admin | |
securityhub:DisassociateFromMasterAccount | Admin | |
securityhub:DisassociateMembers | Admin | |
securityhub:EnableImportFindingsForProduct | Admin | |
securityhub:EnableSecurityHub | Admin | |
securityhub:GetEnabledStandards | Metadata | |
securityhub:GetFindings | Metadata | |
securityhub:GetInsightResults | Metadata | |
securityhub:GetInsights | Metadata | |
securityhub:GetInvitationsCount | Metadata | |
securityhub:GetMasterAccount | Metadata | |
securityhub:GetMembers | Metadata | |
securityhub:GetProductSubscription | Metadata | |
securityhub:InviteMembers | Admin | |
securityhub:IsSecurityHubEnabled | Metadata | |
securityhub:ListEnabledProductsForImport | Metadata | |
securityhub:ListInvitations | Metadata | |
securityhub:ListMembers | Metadata | |
securityhub:ListTagsForResource | Metadata | |
securityhub:TagResource | Operator | |
securityhub:UntagResource | Operator | |
securityhub:UpdateActionTarget | Admin | |
securityhub:UpdateFindings | Admin | |
securityhub:UpdateInsight | Admin |