awslabs/aws-automated-incident-response-and-forensics

The AWSOrgAccessToMemoryModules bucket policy has incorrect permissions

UrfTheManatee opened this issue · 0 comments

UrfTheManatee commented

The AWSOrgAccessToMemoryModules bucket policy has incorrect permissions, missing the access to the actual bucket.

Referring to

aws-automated-incident-response-and-forensics/CloudFormation/3-security_IR-Disk_Mem_automation.yaml

Lines 2483 to 2493 in a7fda73

- Sid: AWSOrgAccessToMemoryModules
Principal: "*"
Action:
- s3:Get*
- s3:List*
Resource:
- !Sub "arn:${AWS::Partition}:s3:::${rMemoryModuleBucket}/*"
Effect: "Allow"
Condition:
StringEquals:
aws:PrincipalOrgID: !Sub "${pOrgId}"

The permissions are incorrect as the access to the actual bucket is missing.