{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Cortex XDR Cloud Role to set read permissions", "Parameters": { "CortexXDRRoleName": { "Type": "String", "Description": "Provide an role ARN name (Example: CortexXDRReadOnlyRole)", "AllowedPattern": "[-_a-zA-Z0-9]+", "Default": "CortexXDRReadOnlyRole" }, "ExternalID": { "Type": "String", "Description": "Provide an ExternalID (Example: 20e96a18-34ff-493d-b10a-0a8c2a22792a)", "MinLength": "1", "AllowedPattern": "[a-zA-Z0-9\\=\\,\\.\\@\\:\\/\\-_]*", "ConstraintDescription": "ExternalID must contain alphanumeric characters and only these special characters are allowed =,.@:/-. " } }, "Resources": { "CortexXDRReadOnlyRole": { "Type": "AWS::IAM::Role", "Properties": { "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/SecurityAudit" ], "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::131915440444:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": { "Ref": "ExternalID" } } } } ] }, "Policies": [ { "PolicyName": "Cortex-XDR-ReadOnly-Policy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:DescribeVpcPeeringConnections", "s3:ListBucket", "s3:GetBucketTagging", "s3:GetBucketPublicAccessBlock", "organizations:ListAccounts", "organizations:DescribeAccount", "lambda:GetFunction", "lambda:ListFunctions", ], "Effect": "Allow", "Resource": "*" } ] } } ], "RoleName": { "Ref": "CortexXDRRoleName" } } } }, "Outputs": { "CORTEXXDRARN": { "Value": { "Fn::GetAtt": [ "CortexXDRReadOnlyRole", "Arn" ] }, "Description": "Role ARN to configure within Cortex XDR Account Setup" } } }