Amazon Inspector2 (inspector2)

2024-01-25

13 new actions, 1 new resource | 2 updated actions

Additions

    Actions
  • CreateCisScanConfiguration
    • Description:  Grants permission to create and define the settings for a CIS scan configuration
    • Access:  Write
    • Resources: 

      Name: CIS Scan Configuration

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • DeleteCisScanConfiguration
    • Description:  Grants permission to delete a CIS scan configuration
    • Access:  Write
    • Resources: 

      Name: CIS Scan Configuration

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • GetCisScanReport
    • Description:  Grants permission to retrieve a report containing information about completed CIS scans
    • Access:  Read
  • GetCisScanResultDetails
    • Description:  Grants permission to retrieve information about all details pertaining to one CIS scan and one targeted resource
    • Access:  List
  • ListCisScanConfigurations
    • Description:  Grants permission to retrieve information about all CIS scan configurations
    • Access:  List
  • ListCisScanResultsAggregatedByChecks
    • Description:  Grants permission to retrieve information about all checks pertaining to one CIS scan
    • Access:  List
  • ListCisScanResultsAggregatedByTargetResource
    • Description:  Grants permission to retrieve information about all resources pertaining to one CIS scan
    • Access:  List
  • ListCisScans
    • Description:  Grants permission to retrieve information about completed CIS scans
    • Access:  List
  • SendCisSessionHealth
    • Description:  Grants permission to send CIS health for a CIS scan
    • Access:  Write
  • SendCisSessionTelemetry
    • Description:  Grants permission to send CIS telemetry for a CIS scan
    • Access:  Write
  • StartCisSession
    • Description:  Grants permission to start a CIS scan session
    • Access:  Write
  • StopCisSession
    • Description:  Grants permission to stop a CIS scan session
    • Access:  Write
  • UpdateCisScanConfiguration
    • Description:  Grants permission to update the settings for a CIS scan configuration
    • Access:  Write
    • Resources: 

      Name: CIS Scan Configuration

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}
    Resources
  • CIS
    • Arn:  arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/cis-configuration/${CISScanConfigurationId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

Updates

    Actions
  • TagResource
      Conditions
    • + inspector2:Cis Scan Configuration
    • + inspector2:Filter
      Resources
    • + CIS Scan Configuration
    • + Filter
  • UntagResource
      Conditions
    • + inspector2:Cis Scan Configuration
    • + inspector2:Filter
    • + aws:ResourceTag/${TagKey}
      Resources
    • + CIS Scan Configuration
    • + Filter