Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 3b1e1e0

Browse files
IevIeievgeniia ieromenko
and
ievgeniia ieromenko
authored
Add permissions to create service-linked role (#306)
* add permissions to create service-linked role * update github workflow to run cfn-nag * update CHANGELOG.md --------- Co-authored-by: ievgeniia ieromenko <ieviero@amazon.com>
1 parent 7fa1320 commit 3b1e1e0

File tree

3 files changed

+12
-3
lines changed

3 files changed

+12
-3
lines changed

‎.github/workflows/cfn-nag.yml‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,10 @@ jobs:
1111
runs-on: ubuntu-latest
1212
steps:
1313
- uses: actions/checkout@v3
14-
- name: Set up Ruby 2.6
14+
- name: Set up Ruby 2.7
1515
uses: ruby/setup-ruby@v1
1616
with:
17-
ruby-version: '2.6'
17+
ruby-version: '2.7'
1818
- name: Install cfn-nag
1919
run: gem install cfn-nag
2020
- name: Scan files in all templates folders

‎CHANGELOG.md‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
## Table of Contents<!-- omit in toc -->
44

55
- [Introduction](#introduction)
6+
- [2025年06月16日](#2025年06月16日)
67
- [2025年03月20日](#2025年03月20日)
78
- [2025年03月04日](#2025年03月04日)
89
- [2025年02月13日](#2025年02月13日)
@@ -63,6 +64,11 @@
6364
All notable changes to this project will be documented in this file.
6465

6566
---
67+
## 2025年06月16日
68+
69+
### Updated<!-- omit in toc -->
70+
71+
- Updated [CloudTrail](https://github.com/aws-samples/aws-security-reference-architecture-examples/tree/main/aws_sra_examples/solutions/cloudtrail/cloudtrail_org) solution with permissions to create a service-linked role.
6672

6773
## 2025年03月20日
6874

‎aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml‎

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -400,6 +400,7 @@ Resources:
400400
- iam:DeleteServiceLinkedRole
401401
Resource:
402402
- !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail*
403+
- !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/context.cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrailEventContext
403404
Tags:
404405
- Key: sra-solution
405406
Value: !Ref pSRASolutionName
@@ -425,6 +426,8 @@ Resources:
425426
comment: Lambda does not need to communicate with VPC resources.
426427
- id: CKV_AWS_173
427428
comment: Environment variables are not sensitive
429+
- id: CKV_AWS_45
430+
comment: Environment variables only contain non-sensitive configuration values that are passed via CloudFormation parameters.
428431
Properties:
429432
Description: Creates an Organization CloudTrail
430433
Architectures: !If
@@ -473,4 +476,4 @@ Resources:
473476
KMS_KEY_ID: !Ref pOrganizationCloudTrailKMSKeyId
474477
S3_BUCKET_NAME: !Ref pCloudTrailS3BucketName
475478
SRA_SOLUTION_NAME: !Ref pSRASolutionName
476-
DELEGATED_ADMIN_ACCOUNT_ID: !Ref pDelegatedAdminAccountId
479+
DELEGATED_ADMIN_ACCOUNT_ID: !Ref pDelegatedAdminAccountId

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /