[resotocore][fix] wrong checks for lambda and sqs (#1915)

someengineering · Feb 15, 2024 · 0bf3127 · 0bf3127
1 parent c069a00
commit 0bf3127
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/resotocore/resotocore/static/report/checks/aws/aws_lambda.json b/resotocore/resotocore/static/report/checks/aws/aws_lambda.json
@@ -83,7 +83,7 @@
             "severity": "high",
             "url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html",
             "detect": {
-                "resoto": "is(aws_lambda_function) and function_url_config.auth_type != AWS_IAM"
+                "resoto": "is(aws_lambda_function) and function_url_config != null and function_url_config.auth_type != AWS_IAM"
             },
             "remediation": {
                 "action": {

diff --git a/resotocore/resotocore/static/report/checks/aws/aws_sqs.json b/resotocore/resotocore/static/report/checks/aws/aws_sqs.json
@@ -10,7 +10,7 @@
             "risk": "If server-side encryption is not enabled for SQS queues, sensitive information in transit could be compromised. This leads to risks of data leakage, breach of compliance regulations, and potential damage to the organization's reputation.",
             "severity": "medium",
             "detect": {
-                "resoto": "is(aws_sqs_queue) and sqs_kms_master_key_id==null"
+                "resoto": "is(aws_sqs_queue) and sqs_managed_sse_enabled==false"
             },
             "remediation": {
                 "text": "To mitigate this risk, ensure server-side encryption is turned on for all Amazon SQS queues. If possible, leverage a Customer Master Key (CMK) for enhanced management and privacy benefits.",