From b4f58ce8057da420052ccd78f54acbde49d6b0e3 Mon Sep 17 00:00:00 2001
From: Ammar Ekbote <ammar.ekbote@lacework.net>
Date: Mon, 6 Feb 2023 14:31:11 -0800
Subject: [PATCH] remove excess permissions

---
 custom_roles.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/custom_roles.tf b/custom_roles.tf
index 899831a..cc9f654 100644
--- a/custom_roles.tf
+++ b/custom_roles.tf
@@ -9,7 +9,6 @@ resource "google_project_iam_custom_role" "agentless_orchestrate_monitored_proje
   role_id = replace("${var.prefix}-snapshot-${local.suffix}", "-", "_")
   title   = "Lacework Agentless Workload Scanning Role for monitored project (Create Snapshots)"
   permissions = [
-    "compute.disks.createSnapshot",
     "compute.disks.get",
     "compute.disks.useReadOnly",
     "compute.instances.get",
@@ -32,7 +31,6 @@ resource "google_organization_iam_custom_role" "agentless_orchestrate" {
   title   = "Lacework Agentless Workload Scanning Role for monitored organization (Organization Snapshots)"
   permissions = [
     "iam.roles.get",
-    "compute.disks.createSnapshot",
     "compute.disks.get",
     "compute.instances.get",
     "compute.instances.list",