Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overly permissive cdkExecRolePolicy #1610

Open
mourya-33 opened this issue Oct 4, 2024 · 0 comments
Open

Overly permissive cdkExecRolePolicy #1610

mourya-33 opened this issue Oct 4, 2024 · 0 comments

Comments

@mourya-33
Copy link
Contributor

Describe the bug

cdkExecPolicy.yaml has overly permissive statements that are flagged by checkov scan.

KMS:
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-144
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-144
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

SID: LF
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-261
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-261
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-261
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-does-not-allow-privilege-escalation

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

SID: EC2
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-280
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-280
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-credentials-exposure

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
FAILED for resource: AWS::IAM::ManagedPolicy.CDKCustomExecutionPolicy0
File: /deploy/cdk_exec_policy/cdkExecPolicy.yaml:42-280
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

How to Reproduce

checkov -f deploy/cdk_exec_policy/cdkExecPolicy.yaml

Execute the above statement to run a checkov scan on the policy to identify the checkov FAILURES.

Expected behavior

The policy must not contain overly permissive IAM statements and all checkov scans should PASS

Your project

No response

Screenshots

No response

OS

Mac

Python version

3.10

AWS data.all version

2.6

Additional context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mourya-33