From 267d7e92f8ec10a8c65420be8893cbce7c9216f8 Mon Sep 17 00:00:00 2001 From: panther-bot <54194790+panther-bot@users.noreply.github.com> Date: Thu, 21 Mar 2024 18:13:31 -0500 Subject: [PATCH] [Sync] 18049 (#116) --- cloudformation/panther-deployment-role.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cloudformation/panther-deployment-role.yml b/cloudformation/panther-deployment-role.yml index 109a70b..d6320fa 100644 --- a/cloudformation/panther-deployment-role.yml +++ b/cloudformation/panther-deployment-role.yml @@ -168,7 +168,7 @@ Resources: # Create and manage queues to send messages between application components - sns:* - sqs:*Permission* - - sqs:*Queue* + - sqs:*ueue* - sqs:SendMessage # Manage the states of step functions that run the core product - states:* @@ -311,6 +311,10 @@ Resources: - !Sub arn:${AWS::Partition}:dynamodb:*:${AWS::AccountId}:table/*alerts-indicators - !Sub arn:${AWS::Partition}:dynamodb:*:${AWS::AccountId}:table/*alert-search-rehydrate-jobs - !Sub arn:${AWS::Partition}:dynamodb:*:${AWS::AccountId}:table/*indicators-metadata + - Effect: Deny + Action: athena:DeleteWorkGroup + NotResource: + - !Sub arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup/panther - Effect: Deny Action: - cognito-idp:DeleteUserPool*