Minimum AWS permissions to launch Plerion CloudFormation stack

You need the following AWS IAM permissions to deploy the Plerion CloudFormation stack and enable Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), and Cloud Workload Protection Platform (CWPP).

Attach this policy to the IAM role or user responsible for launching the stack.
Once the stack is deployed successfully, you can remove the policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PlerionCloudFormationStackPermissions",
            "Effect": "Allow",
            "Action": [
                "cloudformation:GetTemplateSummary",
                "cloudformation:CreateStack",
                "cloudformation:DescribeStackEvents",
                "cloudformation:DescribeStacks",
                "cloudformation:ListStacks",
                "cloudformation:ListStackResources",
                "iam:GetPolicy",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:CreateRole",
                "iam:CreatePolicy",
                "iam:ListPolicyVersions",
                "iam:ListRoles",
                "iam:PutRolePolicy",
                "iam:AttachRolePolicy",
                "iam:PassRole",
                "iam:TagRole",
                "iam:CreateInstanceProfile",
                "iam:AddRoleToInstanceProfile",
                "iam:GetInstanceProfile",
                "lambda:CreateFunction",
                "lambda:GetFunction",
                "lambda:InvokeFunction",
                "lambda:TagResource"
            ],
            "Resource": "*"
        }
    ]
}

Updating an AWS service account stack KMS key access

⌘I

Getting started

Administration

Integrations

Platform