You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want for prowler to detect defects in configuration, and it does an excellent job on this front. However, I'm getting a "confused deputy" finding on our AWS EKS cluster role. The remediation guidance suggests following AWS guidance, to include "aws:SourceAccount" and/or "aws:SourceArn" condition keys. This was not successful. Opening a ticket with AWS produced language from Omar M.:
You mentioned that you were following the AWS recommendations by adding the “aws:SourceAccount” and “aws:SourceArn” condition keys and that you were still getting the error. I was able to reproduce this similar issue from my end as well and I have check and verified with our internal team that as of now EKS services does not support these conditions to prevent cross-account confused deputy attacks. Also, currently there are no other condition that you can use. It seems that there is currently no way to get around this finding for your use case (with EKS).
I reached out to our service team to provide this feedback but as a support engineer we do not have any ETA when will EKS provide support to these conditions. I was able to find an active feature request to add support for these conditions. I have gone ahead and have added a +1 and have added your case to the request in support of it. Unfortunately, I do not have any ETA for when/if this feature will be released. However, I do recommend keeping an eye on the AWS What’s New page [2] and AWS News Blog [3] for information on new feature releases.
I think it would be helpful to add an explanation to the finding guidance that it is not possible (according to AWS) to clear the finding using the AWS guidance.
Actual Result with Screenshots or Logs
How did you install Prowler?
From pip package (pip install prowler)
Environment Resource
EC2 instance
OS used
RHEL 9
Prowler version
Prowler 4.3.1 (latest is 4.3.3, upgrade for the latest features)
Pip version
pip 21.2.3 from /usr/lib/python3.9/site-packages/pip (python 3.9)
Context
No response
The text was updated successfully, but these errors were encountered:
I will add a note in the finding's metadata to indicate that the AWS guidance involving aws:SourceAccount and aws:SourceArn conditions is not applicable to EKS, as confirmed by AWS. This will clarify that there is currently no way to clear the finding for EKS.
In the meantime, you could mute the finding using the Prowler mutelist since it's not remediable for now. I'll make a PR to address this soon. Thanks for your suggestion and for using Prowler! 🚀
Update: Here is the PR with the changes, please let me know if it fits the case or needs some improvement, I look forward to your response thanks for everything.
Steps to Reproduce
Run scan, inspect finding.
Expected behavior
I want for prowler to detect defects in configuration, and it does an excellent job on this front. However, I'm getting a "confused deputy" finding on our AWS EKS cluster role. The remediation guidance suggests following AWS guidance, to include "aws:SourceAccount" and/or "aws:SourceArn" condition keys. This was not successful. Opening a ticket with AWS produced language from Omar M.:
I think it would be helpful to add an explanation to the finding guidance that it is not possible (according to AWS) to clear the finding using the AWS guidance.
Actual Result with Screenshots or Logs
How did you install Prowler?
From pip package (pip install prowler)
Environment Resource
EC2 instance
OS used
RHEL 9
Prowler version
Prowler 4.3.1 (latest is 4.3.3, upgrade for the latest features)
Pip version
pip 21.2.3 from /usr/lib/python3.9/site-packages/pip (python 3.9)
Context
No response
The text was updated successfully, but these errors were encountered: