Throwing errors on Resolved findings
Closed this issue · 2 comments
rajiv-g commented
When validating policy with CFN template, I see that it still throws errors on resolved findings.
{
"findingType": "SECURITY_WARNING",
"code": "EXTERNAL_PRINCIPAL",
"message": "Resource policy allows access from external principals.",
"resourceName": "iconnector-logs",
"policyName": "BucketPolicy",
"details": {
"action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"changeType": "UNCHANGED",
"condition": {
"aws:PrincipalArn": "arn:aws:iam::123456789:role/eksctl-*"
},
"createdAt": "2022-03-10T12:00:07+00:00",
"existingFindingId": "2b601f5e-10c5-4728-8550-xxxxxx",
"existingFindingStatus": "RESOLVED",
"id": "e4e000fd-e87e-4b76-9239-7xxxxxxx",
"isPublic": false,
"principal": {
"AWS": "*"
},
"resource": "arn:aws:s3:::connector-logs",
"resourceOwnerAccount": "123456789",
"resourceType": "AWS::S3::Bucket",
"sources": [
{
"type": "POLICY"
}
],
"status": "RESOLVED"
}
}
Its resolved but it return exist status 2.
mluttrell commented
Hi - thanks for opening this issue. I agree that only active findings should be returned in this case. I'll add this to the backlog to be updated.
mluttrell commented
This should be resolved in release 0.0.12: https://github.com/awslabs/aws-cloudformation-iam-policy-validator/releases/tag/v0.0.12
Please let me know if that doesn't resolve your issue and I'll reopen.