- BOYD requires AWS permissions to Get/List CUR S3 bucket and files. Dig Mode, which can be used to investigate and apply discovered context to your results, requires additional permissions to AWS Get/Describe APIs, AWS Cloudtrail events API, and AWS Config API. The AWS managed “SecurityAuditRole” role should cover the necessary Dig Mode permissions.
- An example AWS IAM policy showing the minimum permissions required for CUR access (does not include “SecurityAudit” role permissions):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketPolicy"
],
"Resource": [
"arn:aws:s3:::<YOUR_CUR_BUCKET>",
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectAttributes"
],
"Resource": [
"arn:aws:s3:::<YOUR_CUR_BUCKET>/*"
]
}
]
}
