Remove unnecessary permission in AWS trust-relationship

Removing account:GetContactInformation since it is no longer a required permission for the CSPM feature to work.
draios · Feb 28, 2024 · 8c58165 · 8c58165
1 parent eb0e52c
commit 8c58165
Showing 1 changed file with 0 additions and 19 deletions.
diff --git a/modules/services/trust-relationship/main.tf b/modules/services/trust-relationship/main.tf
@@ -75,20 +75,6 @@ data "aws_iam_policy_document" "custom_resources_policy" {
       "arn:aws:waf-regional:*:*:rulegroup/*"
     ]
   }
-
-  statement {
-    sid = "AccessAccountContactInfo"
-
-    effect = "Allow"
-
-    actions = [
-      "account:GetContactInformation",
-    ]
-
-    resources = [
-      "*",
-    ]
-  }
 }
 
 #----------------------------------------------------------
@@ -146,11 +132,6 @@ Resources:
                 Resource:
                   - "arn:aws:waf-regional:*:*:rule/*"
                   - "arn:aws:waf-regional:*:*:rulegroup/*"
-              - Sid: "AccessAccountContactInfo"
-                Effect: "Allow"
-                Action:
-                  - "account:GetContactInformation"
-                Resource: "*"
 TEMPLATE
 }