Skip to content

Commit

Permalink
feat(terraform): add CKV_AWS_364 to ensure that AWS Lambda Permission…
Browse files Browse the repository at this point in the history 
…s are not global when granting permission to an AWS Service. (#4375)

* Added lambda permission check against services defined in principal

* Added LambaServicePermission tests

* fixed imports and style-guide compatibility

* Updated to fix tests and add ID

* Added terraform test to get a CKV id for my Cloudformation test

* Fixed styling errors

* Flipped CFN logic to match terraform logic

* Updated to add newline at end of file to pass flake8 check

* Updated to harden service principal checks

* Added additional tests examples to demonstrate alternative service principals

* Fixed the syntax to pass

* bump CKV check version to 287

* Updated CKV to 293

* Fixed className and added missing comma from test set

* Update checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Keeping descriptions identical

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/cloudformation/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Update checkov/terraform/checks/resource/aws/LambdaServicePermission.py

Co-authored-by: Anton Grübel <[email protected]>

* Updated rule id

* Applying self.get_evaluated_keys to terraform

* Updated tests to align terraform and cloudformation.  Moved two examples to unknown, rather than pass/fail

* Updated cfn to ensure passed cfn-lint PR checks

* Updated terraform checkid

* Fixed potentially calling split on non-string

* adjust logic to fix test

---------

Co-authored-by: Anton Grübel <[email protected]>
  • Loading branch information
@andyloughran @gruebel @actions-user
2 people authored and actions-user committed Oct 11, 2023
1 parent b0bef88 commit 185b354
Show file tree
Hide file tree
Showing 4 changed files with 4,343 additions and 4,338 deletions.
Loading

0 comments on commit 185b354

Please sign in to comment.