-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Look for AdministratorAccess policy in SAM function #74
Comments
ghost
closed this as completed
May 8, 2019
ghost
reopened this
May 30, 2019
ghost
added this to To do
in cfn_nag
Jan 2, 2020
pshelby
pushed a commit
to pshelby/cfn-model
that referenced
this issue
Feb 27, 2020
…match how SAM transforms templates.
ghost
pushed a commit
to stelligent/cfn-model
that referenced
this issue
Feb 28, 2020
…sforms templates (#64) * stelligent/cfn_nag#74 Reworking Serverless transform to more closely match how SAM transforms templates. 1. Generating an IAM role for each serverless function, if Role property not provided. 2. Parsing serverless function properties to correctly populate generated role. 3. Updating spec tests. * Updating array syntax to use ruby's %w[].
pshelby
pushed a commit
to pshelby/cfn_nag
that referenced
this issue
Feb 28, 2020
…s transforms of IAM roles per serverless function. Modified rpsec test to ensure AdministratorAccess and other permissive policies were marked as violations.
ghost
pushed a commit
that referenced
this issue
Mar 2, 2020
* Updating deprecated 'version' property to 'ruby-version' for setup-ruby action. * #74 Upgrading cfn-model version to utilize better Serverless transforms of IAM roles per serverless function. Modified rpsec test to ensure AdministratorAccess and other permissive policies were marked as violations.
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the very least, look for something like:
Transform: AWS::Serverless-2016-10-31
Resources:
FunctionName:
Type: AWS::Serverless::Function
Properties:
Policies: AdministratorAccess
but also perhaps review other AWS managed policies that would provide too much power.
The text was updated successfully, but these errors were encountered: