backup vault role level access #1593

abdullahaslam306 · 2023-03-29T22:06:59Z

No description provided.

AkhtarAmir · 2023-04-04T11:30:34Z

plugins/aws/backup/backupVaultRoleAccess.js

+    title: 'Backup Vault Role Access',
+    category: 'Backup',
+    domain: 'Storage',
+    description: 'Ensure that AWS Backup Vault are accessed through roles.',


Suggested change

description: 'Ensure that AWS Backup Vault are accessed through roles.',

description: 'Ensure that AWS Backup vaults are accessed through roles.',

AkhtarAmir · 2023-04-04T11:31:21Z

plugins/aws/backup/backupVaultRoleAccess.js

+                if (getBackupVaultAccessPolicy && getBackupVaultAccessPolicy.err && getBackupVaultAccessPolicy.err.code &&
+                        getBackupVaultAccessPolicy.err.code == 'ResourceNotFoundException') {
+                    helpers.addResult(results, 2,
+                        'No access policy found for Backup vault', region, resource);


doesn't it mean no access?

AkhtarAmir · 2023-04-04T11:31:30Z

plugins/aws/backup/backupVaultRoleAccess.js

+                    helpers.addResult(results, 0,
+                        'The Backup Vault policy does not have trust relationship statements',
+                        region, resource);
+                    return;


Suggested change

return;

continue;

AkhtarAmir · 2023-04-04T11:32:11Z

plugins/aws/backup/backupVaultRoleAccess.js

+                    continue;
+                }
+
+                if (!getBackupVaultAccessPolicy || getBackupVaultAccessPolicy.err || !getBackupVaultAccessPolicy.data) {


Suggested change

if (!getBackupVaultAccessPolicy || getBackupVaultAccessPolicy.err || !getBackupVaultAccessPolicy.data) {

if (!getBackupVaultAccessPolicy || getBackupVaultAccessPolicy.err || !getBackupVaultAccessPolicy.data || !getBackupVaultAccessPolicy.data.Policy) {

AkhtarAmir · 2023-04-04T11:43:21Z

plugins/aws/backup/backupVaultRoleAccess.js

+                var actions = [];
+                let roleAccess = true;
+                for (var statement of statements) {
+                    var principalEval = helpers.globalPrincipal(statement.Principal);


why does it have to be global principal?

AkhtarAmir · 2023-04-04T11:43:55Z

plugins/aws/backup/backupVaultRoleAccess.js

+
+                if (!roleAccess) {
+                    helpers.addResult(results, 2,
+                        'Backup Vault does not have role level access only' + actions,


Isn't actions list empty?

plugins/aws/backup/backupVaultRoleAccess.js

role level access

2aaa230

AkhtarAmir suggested changes Apr 4, 2023

View reviewed changes

AkhtarAmir added question reviewed currentrelease labels Apr 4, 2023

abdullahaslam306 added 2 commits April 4, 2023 19:28

PR issues resolved

f21adb2

lambda run time update

f594275

alphadev4 reviewed Apr 5, 2023

View reviewed changes

plugins/aws/backup/backupVaultRoleAccess.js Outdated Show resolved Hide resolved

Apply suggestions from code review

c3f6718

AkhtarAmir removed the currentrelease label Sep 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

backup vault role level access #1593

backup vault role level access #1593

abdullahaslam306 commented Mar 29, 2023

AkhtarAmir Apr 4, 2023

AkhtarAmir Apr 4, 2023

AkhtarAmir Apr 4, 2023

AkhtarAmir Apr 4, 2023

AkhtarAmir Apr 4, 2023

AkhtarAmir Apr 4, 2023

	description: 'Ensure that AWS Backup Vault are accessed through roles.',
	description: 'Ensure that AWS Backup vaults are accessed through roles.',

	if (!getBackupVaultAccessPolicy \|\| getBackupVaultAccessPolicy.err \|\| !getBackupVaultAccessPolicy.data) {
	if (!getBackupVaultAccessPolicy \|\| getBackupVaultAccessPolicy.err \|\| !getBackupVaultAccessPolicy.data \|\| !getBackupVaultAccessPolicy.data.Policy) {

backup vault role level access #1593

Are you sure you want to change the base?

backup vault role level access #1593

Conversation

abdullahaslam306 commented Mar 29, 2023

AkhtarAmir Apr 4, 2023

Choose a reason for hiding this comment

AkhtarAmir Apr 4, 2023

Choose a reason for hiding this comment

AkhtarAmir Apr 4, 2023

Choose a reason for hiding this comment

AkhtarAmir Apr 4, 2023

Choose a reason for hiding this comment

AkhtarAmir Apr 4, 2023

Choose a reason for hiding this comment

AkhtarAmir Apr 4, 2023

Choose a reason for hiding this comment