Description
Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.
severity: serious
filename: ./template/aws-waf-security-automations-template.yaml
line number(s): [717]
resource(s):
IAM policy should not allow * action
severity: warning
filename: ./template/aws-waf-security-automations-template.yaml
line number(s): [717]
resource(s):
IAM policy should not allow * resource
severity: warning
filename: ./template/aws-waf-security-automations-template.yaml
line number(s): [484, 628]
resource(s):
Lambda permission beside InvokeFunction might not be what you want? Not sure!?
severity: warning
filename: ./template/aws-waf-security-automations-template.yaml
line number(s): [769]
resource(s):
Resource found with an explicit name, this disallows updates that require replacement of this resource
severity: warning
filename: ./template/aws-waf-security-automations-template.yaml
line number(s): [363, 735]
resource(s):
S3 Bucket should have access logging configured
severity: warning
filename: ./template/aws-waf-security-automations-template.yaml
line number(s): [363, 735]
resource(s):
S3 Bucket should have encryption option set
severity: warning
filename: ./template/webcarter-attacker-template.yaml
line number(s): [283, 293, 303]
resource(s):
EC2 Subnet should not have MapPublicIpOnLaunch set to true