Skip to content

fix: improvements #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 8, 2023
Merged

fix: improvements #1

merged 5 commits into from
Nov 8, 2023

Conversation

jon-stewart
Copy link
Contributor

Summary

Fixing all of the problems.

How did you test this change?

AWS Org

Issue

https://lacework.atlassian.net/browse/GROW-2529

@jon-stewart jon-stewart requested a review from a team November 7, 2023 15:19
@jon-stewart jon-stewart self-assigned this Nov 7, 2023
PengyuanZhao
PengyuanZhao reviewed Nov 7, 2023
View reviewed changes
@jon-stewart
Copy link
Contributor Author

I tested again but on a delegated account in the org. There is a problem with Lacework assuming the role - could this be the externalID problem that Jeff ran into?

@jon-stewart jon-stewart merged commit 52b96c5 into main Nov 8, 2023
afiune added a commit that referenced this pull request Nov 16, 2023
@afiune
fix: high vulnerability fix
a2338c4 
```
Result #1 HIGH IAM policy document uses wildcarded action 's3:*'
────────────────────────────────────────────────────────────────────────────────
  main.tf:107-109
────────────────────────────────────────────────────────────────────────────────
   94    data "aws_iam_policy_document" "lacework_copy_zip_files_role" {
   ..
  107  ┌     actions = [
  108  │       "s3:*",
  109  └     ]
  ...
  118    }
```

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
afiune added a commit that referenced this pull request Nov 16, 2023
@afiune
fix: high vulnerability n.2 fix
c3ca434 
```
Result #1 HIGH IAM policy document uses sensitive action 's3:PutObject' on wildcarded resource 'ec025b26-4ef5-4d0e-80f7-b02f25e7c851'
────────────────────────────────────────────────────────────────────────────────
  main.tf:115-118
────────────────────────────────────────────────────────────────────────────────
   96    data "aws_iam_policy_document" "lacework_copy_zip_files_role" {
   ..
  115  ┌     resources = [
  116  │       aws_s3_bucket.lacework_org_lambda.arn,
  117  │       "${aws_s3_bucket.lacework_org_lambda.arn}/*",
  118  └     ]
  ...
  122    }
```

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
afiune added a commit that referenced this pull request Nov 16, 2023
@afiune
fix: more and more fixes (#7)
e112df9 
* fix: more and more fixes

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

* fix: validation error messages

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

* ci: fix example org_unit_id

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

* ci: fix org_unit_id

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

* fix: high vulnerability fix

```
Result #1 HIGH IAM policy document uses wildcarded action 's3:*'
────────────────────────────────────────────────────────────────────────────────
  main.tf:107-109
────────────────────────────────────────────────────────────────────────────────
   94    data "aws_iam_policy_document" "lacework_copy_zip_files_role" {
   ..
  107  ┌     actions = [
  108  │       "s3:*",
  109  └     ]
  ...
  118    }
```

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

* fix: high vulnerability n.2 fix

```
Result #1 HIGH IAM policy document uses sensitive action 's3:PutObject' on wildcarded resource 'ec025b26-4ef5-4d0e-80f7-b02f25e7c851'
────────────────────────────────────────────────────────────────────────────────
  main.tf:115-118
────────────────────────────────────────────────────────────────────────────────
   96    data "aws_iam_policy_document" "lacework_copy_zip_files_role" {
   ..
  115  ┌     resources = [
  116  │       aws_s3_bucket.lacework_org_lambda.arn,
  117  │       "${aws_s3_bucket.lacework_org_lambda.arn}/*",
  118  └     ]
  ...
  122    }
```

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

* fix: bucket

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

---------

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmurray-lacework dmurray-lacework dmurray-lacework approved these changes

@PengyuanZhao PengyuanZhao Awaiting requested review from PengyuanZhao

Assignees

@jon-stewart jon-stewart

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jon-stewart @PengyuanZhao @dmurray-lacework