lib/cfnguardian/stacks/main.rb in cfn-guardian-0.10.1 vs lib/cfnguardian/stacks/main.rb in cfn-guardian-0.10.4
- old
+ new
@@ -79,9 +79,20 @@
Action: [ 'cloudwatch:DescribeAlarms', 'cloudwatch:DisableAlarmActions', 'cloudwatch:EnableAlarmActions', 'cloudwatch:SetAlarmState' ],
Resource: FnSub("arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*")
}]
}
}
+ policies << {
+ PolicyName: 'container-instance-check',
+ PolicyDocument: {
+ Version: '2012-10-17',
+ Statement: [{
+ Effect: 'Allow',
+ Action: [ 'ecs:ListContainerInstances' ],
+ Resource: '*'
+ }]
+ }
+ }
if ssm_parameters.any?
policies << {
PolicyName: 'ssm-parameters',
PolicyDocument: {
Version: '2012-10-17',