[aws][fix] Make cognito group unique (#1924)

someengineering · Feb 16, 2024 · 3570ad5 · 3570ad5
1 parent c2d0fb3
commit 3570ad5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/plugins/aws/resoto_plugin_aws/resource/cognito.py b/plugins/aws/resoto_plugin_aws/resource/cognito.py
@@ -7,7 +7,7 @@
 from resoto_plugin_aws.resource.lambda_ import AwsLambdaFunction
 from resotolib.baseresources import BaseUser, EdgeType, ModelReference
 from resotolib.graph import Graph
-from resotolib.json_bender import S, Bend, Bender, ForallBend
+from resotolib.json_bender import S, Bend, Bender, ForallBend, K
 from resotolib.types import Json
 
 service_name = "cognito-idp"
@@ -28,7 +28,7 @@ class AwsCognitoGroup(AwsResource):
         "predecessors": {"default": ["aws_iam_role"], "delete": ["aws_iam_role"]}
     }
     mapping: ClassVar[Dict[str, Bender]] = {
-        "id": S("GroupName"),
+        "id": S("UserPoolId") + K(":") + S("GroupName"),
         "name": S("GroupName"),
         "ctime": S("CreationDate"),
         "mtime": S("LastModifiedDate"),

diff --git a/resotocore/resotocore/static/report/checks/aws/aws_iam.json b/resotocore/resotocore/static/report/checks/aws/aws_iam.json
@@ -687,7 +687,7 @@
             "risk": "Unused access keys pose a security risk and should be removed to prevent unauthorized access.",
             "severity": "medium",
             "detect": {
-                "resoto": "is(aws_iam_access_key) and age>{{access_key_too_old_age}} and (last_used==null or last_used<{{access_key_too_old_age.from_now}})"
+                "resoto": "is(aws_iam_access_key) and age>{{access_key_too_old_age}} and (last_used==null or last_used<{{access_key_too_old_age.ago}})"
             },
             "default_values": {
                 "access_key_too_old_age": "90d"