Create remaining Password property rules #253

phelewski · 2019-07-02T13:56:17Z

…enKey

…variable

…als AccountPassword

…ofile password property rules

…dsDbInstance password property rules

…User Password property rules

ghost · 2019-10-31T00:51:20Z

don't add a rule for AWS::CloudFormation::CustomResource/ServiceToken. that "token" is just a phone number for the lambda to invoke, not a credential

PatMyron · 2019-11-08T04:34:47Z

aws-cloudformation/cfn-lint#1181

AdminPassword:

AWS::ManagedBlockchain::Member.MemberFabricConfiguration

MasterUserPassword:

AWS::DocDB::DBCluster

PasswordParam:

~~AWS::MediaLive::Channel.OutputDestinationSettings~~

~~AWS::MediaLive::Input.InputSourceRequest~~

* Adding custom rules and tests for issue #253 - AWS::AmazonMQ::Broker User Password property rules * cleaning up * refactors to handle when 'Users' property and/or 'Password' key is not defined in AWS::AmazonMQ::Broker resource * additional refactors

* Adding custom rules and tests for issue #253 - AWS::OpsWorks::Stack.RdsDbInstance password property rules * refactoring to test for multiple resources in test_templates yaml cfn files * Refactoring to check to see if RdsDbInstances property exists and/or the DbPassword key is defined * additional refactors

#298) * Adding custom rules and tests for issue #253 - AWS::IAM::User.LoginProfile password property rules * little bit of cleaning up * one more clean up * slight change to rule text * reformatting * refactoring to check to see if LoginProfile exists, and if so then check for violating resources * cleaning up * additional refactors

…berosAttributes

…nSettings

…onfiguration

…ricationConfiguration

…per and to correct custom rule name to match property name

…repare for new files with uppercase naming

…se IAM in rule and spec name

* #253 adding Password rule for OpsWorks Stack CustomCookbookSource * #253 adding PrivateKey rule for OpsWorks App SslConfiguration * #253 adding Password rule for OpsWorks App AppSource

* #253 adding Password rule for KinesisFirehose DeliveryStream RedshiftDestinationConfiguration * #253 adding HECToken rule for KinesisFirehose DeliveryStream SplunkDestinationConfiguration

* #253 adding TokenKey rule for Pinpoint APNSSandboxChannel * #253 adding PrivateKey rule for Pinpoint APNSSandboxChannel * #253 adding TokenKey rule for Pinpoint APNSChannel * #253 adding PrivateKey rule for Pinpoint APNSChannel * #253 adding TokenKey rule for Pinpoint APNSVoipSandboxChannel * #253 adding PrivateKey rule for Pinpoint APNSVoipSandboxChannel * #253 adding TokenKey rule for Pinpoint APNSVoipChannel * #253 adding PrivateKey rule for Pinpoint APNSVoipChannel

* #253 adding ADDomainJoinPassword rule for EMR Cluster KerberosAttributes * #253 adding CrossRealmTrustPrincipalPassword rule for EMR Cluster KerberosAttributes * #253 adding KdcAdminPassword rule for EMR Cluster KerberosAttributes * Update EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb * Update EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb * Update EMRClusterKerberosAttributesKdcAdminPasswordRule.rb Co-authored-by: Eric Kascic <eric.kascic@stelligent.com>

* #253 removing existing IAM User LoginProfile Password rule files to prepare for new files with uppercase naming * #253 adding IAM User LoginProfile Password rule back in with upper case IAM in rule and spec name * Update IAMUserLoginProfilePasswordRule.rb Co-authored-by: Eric Kascic <eric.kascic@stelligent.com>

…per and to correct custom rule name to match property name (#346) * #253 updating AmazonMQ Broker Users Password rule to use password helper and to correct custom rule name to match property name * Update AmazonMQBrokerUsersPasswordRule.rb Co-authored-by: Eric Kascic <eric.kascic@stelligent.com>

…before running secure check against value

* #253 adding SecretToken rule for CodePipeline Webhook AuthenticationConfiguration * #253 adding AuthToken rule for ElastiCache ReplicationGroup * #253 adding EventSourceToken rule for Lambda Permission * #253 adding AdminPassword rule for ManagedBlockChain Member MemberFabricationConfiguration * #253 adding MasterUserPassword rule for DocDB DBCluster * Update CodePipelineWebhookAuthenticationConfigurationSecretTokenRule.rb * #253 adding check to ensure the optional property exists in template before running secure check against value Co-authored-by: Eric Kascic <eric.kascic@stelligent.com>

ghost · 2020-01-16T17:52:12Z

aws-cloudformation/cfn-python-lint#1181

AdminPassword:

AWS::ManagedBlockchain::Member.MemberFabricConfiguration

MasterUserPassword:

AWS::DocDB::DBCluster

AWS::Redshift::Cluster

AWS::RDS::DBInstance

AWS::RDS::DBCluster

PasswordParam:

AWS::MediaLive::Channel.OutputDestinationSettings

AWS::MediaLive::Input.InputSourceRequest

it's my belief that the media live PasswordParams are actually SSM key names - so not sensitive

ghost · 2020-01-16T17:53:09Z

pieces of this were released over time, but 0.4.72 includes all of them

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adjusting variable positions

16fc725

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adjusting variable positions

4af20f9

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adding rule for Amplify App OauthToken

a62f054

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adding rule for Amplify App AccessToken

b204628

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adding rule for Pinpoint APNSChannel TokenKey

1475230

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adding rule for Pinpoint APNSChannel PrivateKey

e074109

phelewski pushed a commit that referenced this issue Jul 2, 2019

#253 adding rule for Pinpoint APNSSandboxChannel PrivateKey & TokenKey

d8e988f

phelewski pushed a commit that referenced this issue Jul 3, 2019

#253 adding rule for Elasticache ReplicationGroup AuthToken

5dbc680

phelewski pushed a commit that referenced this issue Jul 3, 2019

#253 adding rule for Lambda Permission EventSourceToken

b47d891

phelewski pushed a commit that referenced this issue Jul 3, 2019

#253 adding rule for Pinpoint APNSVoipSandboxChannel PrivateKey & Tok…

bdc9971

…enKey

phelewski pushed a commit that referenced this issue Jul 3, 2019

#253 adding rule for Pinpoint APNSVoipChannel PrivateKey & TokenKey

f8d5940

phelewski mentioned this issue Jul 5, 2019

Feature/adjust password base rule to work with sub properties #256

Merged

phelewski self-assigned this Jul 5, 2019

phelewski pushed a commit that referenced this issue Jul 5, 2019

#253 merge master

2c0b9d1

phelewski pushed a commit that referenced this issue Jul 5, 2019

#253 update existing password specs to include new sub_property_name …

6ecf49a

…variable

phelewski pushed a commit that referenced this issue Jul 5, 2019

#253 adding rule for DMS Endpoint MongoDbSettings Password

dc5b063

phelewski pushed a commit that referenced this issue Jul 5, 2019

#253 adding rule for AppStream DirectoryConfig ServiceAccountCredenti…

1e9a31a

…als AccountPassword

twellspring added the feature label Jul 25, 2019

tmcelhattan pushed a commit that referenced this issue Oct 24, 2019

Adding custom rules and tests for issue #253 - AWS::IAM::User.LoginPr…

73ea6a8

…ofile password property rules

tmcelhattan mentioned this issue Oct 24, 2019

Adding custom rules and tests for issue #253 - AWS::IAM::User.LoginPr… #298

Merged

tmcelhattan self-assigned this Oct 25, 2019

tmcelhattan pushed a commit that referenced this issue Oct 25, 2019

Adding custom rules and tests for issue #253 - AWS::OpsWorks::Stack.R…

d8908cd

…dsDbInstance password property rules

tmcelhattan pushed a commit that referenced this issue Oct 29, 2019

Adding custom rules and tests for issue #253 - AWS::AmazonMQ::Broker …

bc334d1

…User Password property rules

This was referenced Oct 30, 2019

Feature/issue 253 amazonmq broker user password #301

Merged

Feature/issue 253 ops works stack rds db password #302

Merged

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding CrossRealmTrustPrincipalPassword rule for EMR Cluster Ker…

a916b86

…berosAttributes

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding KdcAdminPassword rule for EMR Cluster KerberosAttributes

42c7a6e

phelewski mentioned this issue Jan 15, 2020

Feature/253 emr cluster kerberos attributes password rules #343

Merged

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding PasswordParam rule for MediaLive Channel OutputDestinatio…

ac77604

…nSettings

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding PasswordParam rule for MediaLive Input InputSourceRequest

cdfcb0a

phelewski mentioned this issue Jan 15, 2020

Feature/253 media live password rules #344

Closed

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding SecretToken rule for CodePipeline Webhook AuthenticationC…

ccf595a

…onfiguration

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding AuthToken rule for ElastiCache ReplicationGroup

c1f258b

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding EventSourceToken rule for Lambda Permission

6a3d75b

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding AdminPassword rule for ManagedBlockChain Member MemberFab…

eb49d15

…ricationConfiguration

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding MasterUserPassword rule for DocDB DBCluster

da37381

phelewski mentioned this issue Jan 15, 2020

Feature/253 remaining password property rules #345

Merged

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 updating AmazonMQ Broker Users Password rule to use password hel…

5bf49b9

…per and to correct custom rule name to match property name

phelewski mentioned this issue Jan 15, 2020

#253 updating AmazonMQ Broker Users Password rule to use password helper and to correct custom rule name to match property name #346

Merged

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 removing existing IAM User LoginProfile Password rule files to p…

82ef4fd

…repare for new files with uppercase naming

phelewski pushed a commit that referenced this issue Jan 15, 2020

#253 adding IAM User LoginProfile Password rule back in with upper ca…

cb75a40

…se IAM in rule and spec name

phelewski mentioned this issue Jan 15, 2020

Feature/253 update iam user login profile password rule #347

Merged

phelewski pushed a commit that referenced this issue Jan 16, 2020

#253 adding check to ensure the optional property exists in template …

37a53d6

…before running secure check against value

ghost closed this as completed Jan 16, 2020

PatMyron mentioned this issue Jun 30, 2020

Adding Security Rule Examples aws-cloudformation/cloudformation-guard#21

Merged

PatMyron mentioned this issue Feb 2, 2022

Remove aws_db_instance_readable_password rule terraform-linters/tflint#379

Merged

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create remaining Password property rules #253

Create remaining Password property rules #253

phelewski commented Jul 2, 2019 •

edited

ghost commented Oct 31, 2019

PatMyron commented Nov 8, 2019 •

edited

ghost commented Jan 16, 2020

ghost commented Jan 16, 2020

Create remaining Password property rules #253

Create remaining Password property rules #253

Comments

phelewski commented Jul 2, 2019 • edited

ghost commented Oct 31, 2019

PatMyron commented Nov 8, 2019 • edited

ghost commented Jan 16, 2020

ghost commented Jan 16, 2020

phelewski commented Jul 2, 2019 •

edited

PatMyron commented Nov 8, 2019 •

edited