Minimum AWS Permissions needed to launch the Plerion CloudFormation Stack

Minimum Permissions

The minimum permissions needed to launch the Plerion CloudFormation Stack can be found below. This includes CSPM, CIEM, and CWPP:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Action": [
                "cloudformation:GetTemplateSummary",
                "cloudformation:CreateStack",
                "cloudformation:DescribeStackEvents",
                "cloudformation:DescribeStacks",
                "cloudformation:ListStacks",
                "cloudformation:ListStackResources",
                "iam:GetPolicy",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:CreateRole",
                "iam:CreatePolicy",
                "iam:ListPolicyVersions",
                "iam:ListRoles",
                "iam:PutRolePolicy",
                "iam:AttachRolePolicy",
                "iam:PassRole",
                "iam:TagRole",
                "iam:CreateInstanceProfile",
                "iam:AddRoleToInstanceProfile",
                "iam:GetInstanceProfile",
                "lambda:CreateFunction",
                "lambda:GetFunction",
                "lambda:InvokeFunction",
                "lambda:TagResource"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

The above policy will need to be attached to the role or user that will launch the Plerion Stack. Once the Stack has successfully been launched the policy can be removed.

Linking Target Accounts to Service Account Onboarding a Single AWS Account with CSPM/CIEM