You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 17, 2021. It is now read-only.
Other actions should be added like certain KMS and CloudTrail permissions. Also, things like iam:putrolepolicy, iam:deleterolepolicy, rds:modifydbparametergroup, etc.
PolicyUniverse is pulling action categories from the AWS Console. Sensitive permissions are those with AWS's "Permissions" group. A similar issue is raised for DataPlaneWriteAccess on sensitive services.
Currently security_monkey has explicit checks for these actions in an IAM policy:
Other actions should be added like certain KMS and CloudTrail permissions. Also, things like
iam:putrolepolicy
,iam:deleterolepolicy
,rds:modifydbparametergroup
, etc.Read-only iam access should be removed or have it's score lowered. (
def library_check_iamobj_has_iam_privileges
- https://github.com/Netflix/security_monkey/blob/master/security_monkey/auditors/iam/iam_policy.py#L106 )The text was updated successfully, but these errors were encountered: