diff --git a/cloudformation/cwe-single-stack-setup.yml b/cloudformation/cwe-single-stack-setup.yml index 5a6090e..cee9bd4 100644 --- a/cloudformation/cwe-single-stack-setup.yml +++ b/cloudformation/cwe-single-stack-setup.yml @@ -50,8 +50,8 @@ Resources: - sns:* Resource: '*' Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther StackSetAdminRole: Type: AWS::IAM::Role diff --git a/cloudformation/panther-cloudsec-iam.yml b/cloudformation/panther-cloudsec-iam.yml index 2d01a4b..b6f6a0f 100644 --- a/cloudformation/panther-cloudsec-iam.yml +++ b/cloudformation/panther-cloudsec-iam.yml @@ -157,8 +157,8 @@ Resources: - dynamodb:Describe* Resource: '*' Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther CloudFormationStackSetExecutionRole: Condition: EnableCloudWatchEvent @@ -202,8 +202,8 @@ Resources: - sns:* Resource: '*' Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther Outputs: AuditRoleARN: diff --git a/cloudformation/panther-cloudwatch-firehose.yml b/cloudformation/panther-cloudwatch-firehose.yml index e3d4323..e9d5671 100644 --- a/cloudformation/panther-cloudwatch-firehose.yml +++ b/cloudformation/panther-cloudwatch-firehose.yml @@ -93,8 +93,8 @@ Resources: - !GetAtt FirehoseBucket.Arn - !Sub ${FirehoseBucket.Arn}/* Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther CloudwatchFirehoseRole: # An IAM role that can write to Firehose to be assumed by CloudWatch logs service diff --git a/cloudformation/panther-deployment-role.yml b/cloudformation/panther-deployment-role.yml index 066d7f5..8b33ed5 100644 --- a/cloudformation/panther-deployment-role.yml +++ b/cloudformation/panther-deployment-role.yml @@ -64,8 +64,8 @@ Resources: Bool: aws:SecureTransport: true Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther DeploymentPolicy: Type: AWS::IAM::Policy diff --git a/cloudformation/panther-log-analysis-iam.yml b/cloudformation/panther-log-analysis-iam.yml index 3afd44c..71579ca 100644 --- a/cloudformation/panther-log-analysis-iam.yml +++ b/cloudformation/panther-log-analysis-iam.yml @@ -134,8 +134,8 @@ Resources: Resource: !Ref KmsKey - !Ref AWS::NoValue Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther # Policies for allowing Panther to configure user's bucket notifications. ManagePantherTopic: diff --git a/cloudformation/panther-s3-lookups-iam.yml b/cloudformation/panther-s3-lookups-iam.yml index 6d30b2a..5ffa9b2 100644 --- a/cloudformation/panther-s3-lookups-iam.yml +++ b/cloudformation/panther-s3-lookups-iam.yml @@ -137,8 +137,8 @@ Resources: Resource: !Ref KmsKey - !Ref AWS::NoValue Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther Outputs: RoleARN: diff --git a/cloudformation/panther-src-deployment-role.yml b/cloudformation/panther-src-deployment-role.yml index f1b7151..48352bf 100644 --- a/cloudformation/panther-src-deployment-role.yml +++ b/cloudformation/panther-src-deployment-role.yml @@ -111,8 +111,8 @@ Resources: - !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/Panther* Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther Outputs: DeploymentRoleArn: diff --git a/cloudformation/panther-stackset-execution-role.yml b/cloudformation/panther-stackset-execution-role.yml index d9e3841..7ad4d0b 100644 --- a/cloudformation/panther-stackset-execution-role.yml +++ b/cloudformation/panther-stackset-execution-role.yml @@ -47,5 +47,5 @@ Resources: - sns:* Resource: '*' Tags: - - Key: Application - Value: Panther + - Key: panther:app + Value: panther diff --git a/terraform/panther_cloudsec_iam/main.tf b/terraform/panther_cloudsec_iam/main.tf index 6387a6b..9fc3a6a 100644 --- a/terraform/panther_cloudsec_iam/main.tf +++ b/terraform/panther_cloudsec_iam/main.tf @@ -35,7 +35,7 @@ resource "aws_iam_role" "panther_audit" { }) tags = { - Application = "Panther" + "panther:app" = "panther" } } @@ -209,7 +209,7 @@ resource "aws_iam_role" "panther_cloud_formation_stackset_execution" { }) tags = { - Application = "Panther" + "panther:app" = "panther" } } diff --git a/terraform/panther_cloudwatch_firehose/main.tf b/terraform/panther_cloudwatch_firehose/main.tf index 6783b71..0a1e7bb 100644 --- a/terraform/panther_cloudwatch_firehose/main.tf +++ b/terraform/panther_cloudwatch_firehose/main.tf @@ -59,7 +59,7 @@ resource "aws_iam_role" "log_processing_role" { } tags = { - Application = "Panther" + "panther:app" = "panther" } } diff --git a/terraform/panther_log_analysis_iam/main.tf b/terraform/panther_log_analysis_iam/main.tf index 9a34271..6b31482 100644 --- a/terraform/panther_log_analysis_iam/main.tf +++ b/terraform/panther_log_analysis_iam/main.tf @@ -27,7 +27,7 @@ resource "aws_iam_role" "log_processing_role" { }) tags = { - Application = "Panther" + "panther:app" = "panther" } } diff --git a/terraform/panther_src_deployment_role/main.tf b/terraform/panther_src_deployment_role/main.tf index c87fdfc..f9dd005 100644 --- a/terraform/panther_src_deployment_role/main.tf +++ b/terraform/panther_src_deployment_role/main.tf @@ -105,6 +105,6 @@ resource "aws_iam_role" "deployment" { } tags = { - Application = "Panther" + "panther:app" = "panther" } }