From be1e17678b5865f24b838db7a3ae0d13c683c8c9 Mon Sep 17 00:00:00 2001
From: Orestis Floros <orestis.floros@elastic.co>
Date: Mon, 14 Aug 2023 17:06:44 +0300
Subject: [PATCH] [AWS Orgs] CloudFormation: Add more read permissions

This will future-proof our CloudFormation template for future changes
like #1177 and #1214 that will require more permissions in the
organization level. After merging those, newer CloudFormation templates
can trim down the required permissions again.
---
 deploy/cloudformation/elastic-agent-ec2-cspm-organization.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deploy/cloudformation/elastic-agent-ec2-cspm-organization.yml b/deploy/cloudformation/elastic-agent-ec2-cspm-organization.yml
index 4c37dd4847..a4d02d2ed6 100644
--- a/deploy/cloudformation/elastic-agent-ec2-cspm-organization.yml
+++ b/deploy/cloudformation/elastic-agent-ec2-cspm-organization.yml
@@ -86,7 +86,8 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
-                  - organizations:ListAccounts
+                  - organizations:List*
+                  - organizations:Describe*
                 Resource: '*'
               - Effect: Allow
                 Action: