From 8491c398a4719c316aa34252393df0cc0053d46f Mon Sep 17 00:00:00 2001
From: Miguel Pais <miguel.pais@sysdig.com>
Date: Tue, 23 Apr 2024 16:45:50 +0200
Subject: [PATCH 1/3] Adding lambda getRuntimeManagementConfig call

---
 modules/services/trust-relationship/main.tf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/modules/services/trust-relationship/main.tf b/modules/services/trust-relationship/main.tf
index 21834e1..7202eb7 100644
--- a/modules/services/trust-relationship/main.tf
+++ b/modules/services/trust-relationship/main.tf
@@ -89,6 +89,20 @@ data "aws_iam_policy_document" "custom_resources_policy" {
       "*",
     ]
   }
+
+  statement {
+    sid ="GetRuntimeManagementConfig"
+
+    effect = "Allow"
+
+    actions = [
+      "lambda:GetRuntimeManagementConfig",
+    ]
+
+    resources = [
+      "*"
+    ]
+  }
 }
 
 #----------------------------------------------------------

From 54a7cdada4623a79ce2f99a5061809870bb85243 Mon Sep 17 00:00:00 2001
From: Miguel Pais <miguel.pais@sysdig.com>
Date: Tue, 23 Apr 2024 16:50:43 +0200
Subject: [PATCH 2/3] small fix

---
 modules/services/trust-relationship/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/services/trust-relationship/main.tf b/modules/services/trust-relationship/main.tf
index 7202eb7..111f8f8 100644
--- a/modules/services/trust-relationship/main.tf
+++ b/modules/services/trust-relationship/main.tf
@@ -91,7 +91,7 @@ data "aws_iam_policy_document" "custom_resources_policy" {
   }
 
   statement {
-    sid ="GetRuntimeManagementConfig"
+    sid = "GetRuntimeManagementConfig"
 
     effect = "Allow"
 

From c5249e664695c5b0a9e4a737155b75e531ae296f Mon Sep 17 00:00:00 2001
From: Miguel Pais <miguel.pais@sysdig.com>
Date: Mon, 29 Apr 2024 13:36:54 +0200
Subject: [PATCH 3/3] Adding also the cloud formation changes for aws lambda
 scanning

---
 modules/services/trust-relationship/main.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/services/trust-relationship/main.tf b/modules/services/trust-relationship/main.tf
index 111f8f8..1b78b72 100644
--- a/modules/services/trust-relationship/main.tf
+++ b/modules/services/trust-relationship/main.tf
@@ -164,6 +164,10 @@ Resources:
                 Effect: "Allow"
                 Action: "macie2:ListClassificationJobs"
                 Resource: "*"
+              - Sid: "GetRuntimeManagementConfig"
+                Effect: "Allow"
+                Action: "lambda:GetRuntimeManagementConfig"
+                Resource: "*"
 TEMPLATE
 }