Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Look for AdministratorAccess policy in SAM function #74

Closed
ghost opened this issue Oct 18, 2017 · 1 comment · Fixed by #392
Closed

Look for AdministratorAccess policy in SAM function #74

ghost opened this issue Oct 18, 2017 · 1 comment · Fixed by #392
Assignees
@pshelby
Labels
feature
Projects
cfn_nag

Comments

@ghost
Copy link

ghost commented Oct 18, 2017

At the very least, look for something like:

Transform: AWS::Serverless-2016-10-31
Resources:
FunctionName:
Type: AWS::Serverless::Function
Properties:
Policies: AdministratorAccess

but also perhaps review other AWS managed policies that would provide too much power.
@ghost
Copy link
Author

ghost commented May 8, 2019

https://www.pivotaltracker.com/story/show/164842073

@ghost ghost closed this as completed May 8, 2019
@ghost ghost reopened this May 30, 2019
@ghost ghost added this to To do in cfn_nag Jan 2, 2020
@pshelby pshelby self-assigned this Feb 26, 2020
@pshelby pshelby moved this from To do to In progress in cfn_nag Feb 26, 2020
pshelby pushed a commit to pshelby/cfn-model that referenced this issue Feb 27, 2020
stelligent/cfn_nag#74 Reworking Serverless transform to more closely …
b80bc06 
…match how SAM transforms templates.
@pshelby pshelby mentioned this issue Feb 27, 2020
Merged
ghost pushed a commit to stelligent/cfn-model that referenced this issue Feb 28, 2020
@pshelby
#74 Reworking Serverless transform to more closely match how SAM tran…
6a18e6a 
…sforms templates (#64)

* stelligent/cfn_nag#74 Reworking Serverless transform to more closely match how SAM transforms templates.
1. Generating an IAM role for each serverless function, if Role property not provided.
2. Parsing serverless function properties to correctly populate generated role.
3. Updating spec tests.

* Updating array syntax to use ruby's %w[].
pshelby pushed a commit to pshelby/cfn_nag that referenced this issue Feb 28, 2020
stelligent#74 Upgrading cfn-model version to utilize better Serverles…
38cc0cb 
…s transforms of IAM roles per serverless function. Modified rpsec test to ensure AdministratorAccess and other permissive policies were marked as violations.
@pshelby pshelby mentioned this issue Feb 28, 2020
Merged
@ghost ghost closed this as completed in #392 Mar 2, 2020
cfn_nag automation moved this from In progress to Done Mar 2, 2020
ghost pushed a commit that referenced this issue Mar 2, 2020
@pshelby
#74 Raise violations on administrator access for SAM functions (#392)
abc0f6a 
* Updating deprecated 'version' property to 'ruby-version' for setup-ruby action.

* #74 Upgrading cfn-model version to utilize better Serverless transforms of IAM roles per serverless function.  Modified rpsec test to ensure AdministratorAccess and other permissive policies were marked as violations.
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pshelby pshelby

Labels
feature
Projects
cfn_nag
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#74 Raise violations on administrator access for SAM functions pshelby/cfn_nag
2 participants
@pshelby @twellspring