generated from cloudposse/terraform-example-module
-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
guardduty-policies.yaml
43 lines (42 loc) · 1.31 KB
/
guardduty-policies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
- sid: "DenyGuardDutyDisassociation"
effect: "Deny"
actions:
- "guardduty:DisassociateFromMasterAccount"
resources:
- "*"
- sid: "DenyDisablingGuardDuty"
effect: "Deny"
actions:
- "guardduty:AcceptInvitation"
- "guardduty:ArchiveFindings"
- "guardduty:CreateDetector"
- "guardduty:CreateFilter"
- "guardduty:CreateIPSet"
- "guardduty:CreateMembers"
- "guardduty:CreatePublishingDestination"
- "guardduty:CreateSampleFindings"
- "guardduty:CreateThreatIntelSet"
- "guardduty:DeclineInvitations"
- "guardduty:DeleteDetector"
- "guardduty:DeleteFilter"
- "guardduty:DeleteInvitations"
- "guardduty:DeleteIPSet"
- "guardduty:DeleteMembers"
- "guardduty:DeletePublishingDestination"
- "guardduty:DeleteThreatIntelSet"
- "guardduty:DisassociateFromMasterAccount"
- "guardduty:DisassociateMembers"
- "guardduty:InviteMembers"
- "guardduty:StartMonitoringMembers"
- "guardduty:StopMonitoringMembers"
- "guardduty:TagResource"
- "guardduty:UnarchiveFindings"
- "guardduty:UntagResource"
- "guardduty:UpdateDetector"
- "guardduty:UpdateFilter"
- "guardduty:UpdateFindingsFeedback"
- "guardduty:UpdateIPSet"
- "guardduty:UpdatePublishingDestination"
- "guardduty:UpdateThreatIntelSet"
resources:
- "*"