Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default AWS CIS policy does not work with Postgres #47

Closed
James-Quigley opened this issue Jan 29, 2021 · 2 comments
Closed

Default AWS CIS policy does not work with Postgres #47

James-Quigley opened this issue Jan 29, 2021 · 2 comments

Comments

@James-Quigley
Copy link
Contributor

The policy generated by cloudquery gen policy aws_cis is not compatible with postgres in several ways:

  1. boolean values in postgres queries should be false instead of 0
  2. Date types don't need to be converted
  3. Comparing against 30 days ago e.g. can be done like: (now() - '30 days'::interval)
  4. The VIEW that gets created fails because "column 'id' specified more than once
  5. The root account hardware MFA check fails due to invalid group by
  6. The filter patterns that use the view aren't valid for postgres

Maybe the cloudquery gen command could take in the same --driver flag and based on that it could switch which policy file it outputs?
@yevgenypats
Copy link
Member

@James-Quigley Thanks for bringing this up. I'm actually working on putting the policy outside of this repository and adding the --driver flag just as you suggested. It's in the works but this specific feature will take a few weeks. Hopefully after that it will be very easy to add new policies.

yevgenypats added a commit that referenced this issue Mar 4, 2021
@yevgenypats
Drop support for SQLite, MySQL, SQL Server
36e5516 
CloudQuery will only support now PostgreSQL.

This will solve alot of issues like:

#47
cloudquery/cq-provider-aws#7
#63
yevgenypats added a commit that referenced this issue Mar 4, 2021
@yevgenypats
Drop support for SQLite, MySQL, SQL Server
1553dd1 
CloudQuery will only support now PostgreSQL.

This will solve alot of issues like:

#47
cloudquery/cq-provider-aws#7
#63
yevgenypats added a commit that referenced this issue Mar 4, 2021
@yevgenypats
Bugfix query command after refactor
1f6f7dc 
Fix aws_cis policy after dropping support for SQL databases
other than PostgreSQL
#47
@yevgenypats
Copy link
Member

This should be solved now with https://github.com/cloudquery/cloudquery/releases/tag/v0.11.2 as we support only PostgreSQL (out of relational databases, Neo4j still experimentally supported)

@ddoshi-ah ddoshi-ah mentioned this issue May 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@James-Quigley @yevgenypats