caulking should alert on ARNs (AWS Resources)
Opened this issue · 1 comments
pburkholder commented
Security considerations
[note any potential changes to security boundaries, practices, documentation, risk that arise directly from this story]
bengerman13 commented
ARN format:
arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id
so we should have a regex something like:
arn:aws(-us-gov|-cn)?:[^:]+:[^:]*:\d{12}:[^:\s]+
need to double-check whether it's guaranteed that account ids are 12 numeric digits