Merge branch 'main' into PRMP-1499

Author: NogaNHS

infrastructure/policies.tf

@@ -32,6 +32,16 @@ resource "aws_iam_policy" "read_only_role_extra_permissions" {
         Resource = [
           "arn:aws:kms:eu-west-2:${data.aws_caller_identity.current.account_id}:key/*",
         ]
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "logs:PutQueryDefinition",
+          "logs:DeleteQueryDefinition",
+        ],
+        Resource = [
+          "arn:aws:logs:eu-west-2:${data.aws_caller_identity.current.account_id}:log-group::log-stream:",
+        ]
       }
     ]
   })

infrastructure/virusscanner.tf

@@ -100,7 +100,7 @@ resource "aws_sns_topic_subscription" "proactive_virus_scanning_notifications" {
   topic_arn = module.cloud_storage_security[0].proactive_notifications_topic_arn
   filter_policy = jsonencode({
     "notificationType" : ["scanResult"],
-    "scanResult" : ["Infected", "Error", "Unscannable", "Suspicious"]
+    "scanResult" : ["Infected", "Error", "Unscannable", "Suspicious", "InfectedAllowed"]
   })
 }
 
@@ -112,7 +112,7 @@ resource "aws_sns_topic_subscription" "proactive_virus_scanning_kill_switch" {
 
   filter_policy = jsonencode({
     "notificationType" : ["scanResult"],
-    "scanResult" : ["Infected", "Error", "Unscannable", "Suspicious"]
+    "scanResult" : ["Infected", "Suspicious"]
   })
 }
 
@@ -123,4 +123,4 @@ resource "aws_lambda_permission" "allow_sns_invoke_transfer_family_kill_switch"
   function_name = module.transfer_family_kill_switch_lambda.lambda_arn
   principal     = "sns.amazonaws.com"
   source_arn    = module.cloud_storage_security[0].proactive_notifications_topic_arn
-}
+}