Merge branch 'CheckPointSW:master' into master

CheckPointSW · May 12, 2024 · 4c0a7f3 · 4c0a7f3
2 parents 5194b51 + 41c6a6b
commit 4c0a7f3
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 6 deletions.
diff --git a/aws/templates/general/cme-iam-role.yaml b/aws/templates/general/cme-iam-role.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: Creates an IAM role for selected permissions (20230926)
+Description: Creates an IAM role for selected permissions (20240507)
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -82,6 +82,7 @@ Resources:
                 - Effect: Allow
                   Action:
                     - autoscaling:DescribeAutoScalingGroups
+                    - ec2:DescribeRegions
                     - ec2:DescribeCustomerGateways
                     - ec2:DescribeInstances
                     - ec2:DescribeNetworkInterfaces

diff --git a/terraform/aws/cme-iam-role-gwlb/README.md b/terraform/aws/cme-iam-role-gwlb/README.md
@@ -89,10 +89,11 @@ secret_key = "my-secret-key"
 ## Revision History
 In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
 
-| Template Version | Description                                                        |
-|------------------|--------------------------------------------------------------------|
-| 20230926         | CME instance profile for IAM Role                                  |
-| 20231012         | Update AWS Terraform provider version to 5.20.1                    |
+| Template Version | Description                                                       |
+|------------------|-------------------------------------------------------------------|
+| 20230926         | CME instance profile for IAM Role                                 |
+| 20231012         | Update AWS Terraform provider version to 5.20.1                   |
+| 20240507         | Add ec2:DescribeRegions read permission to the IAM role policy    |
 
 
 ## License

diff --git a/terraform/aws/cme-iam-role-gwlb/main.tf b/terraform/aws/cme-iam-role-gwlb/main.tf
@@ -52,6 +52,7 @@ data "aws_iam_policy_document" "cme_role_read_policy_doc" {
     effect = "Allow"
     actions = [
       "autoscaling:DescribeAutoScalingGroups",
+      "ec2:DescribeRegions",
       "ec2:DescribeInstances",
       "ec2:DescribeNetworkInterfaces",
       "ec2:DescribeRouteTables",

diff --git a/terraform/aws/cme-iam-role/README.md b/terraform/aws/cme-iam-role/README.md
@@ -94,7 +94,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20210309         | First release of Check Point CME IAM Role Terraform module for AWS |
 | 20230514         | CME instance profile for IAM Role                                  |
 | 20231012         | Update AWS Terraform provider version to 5.20.1                    |
-
+| 20240507         | Add ec2:DescribeRegions read permission to the IAM role policy     |
 
 
 ## License

diff --git a/terraform/aws/cme-iam-role/main.tf b/terraform/aws/cme-iam-role/main.tf
@@ -52,6 +52,7 @@ data "aws_iam_policy_document" "cme_role_read_policy_doc" {
     effect = "Allow"
     actions = [
       "autoscaling:DescribeAutoScalingGroups",
+      "ec2:DescribeRegions",
       "ec2:DescribeCustomerGateways",
       "ec2:DescribeInstances",
       "ec2:DescribeNetworkInterfaces",