This repository has been archived by the owner on Feb 15, 2022. It is now read-only.
Possible Security Problems #81
Comments
|
Thanks for these items. We will review and add this to our backlog and address. Updates to come. |
|
Thanks for submitting. Some updates:
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.
severity: serious
filename:
./JumpHost/template.jsonline number(s): [241]
resource(s):
Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration
severity: warning
filename:
./VPC/aws-scca-vdss-stack-singleAZ.jsonline number(s): [140]
resource(s):
EC2 Subnet should not have MapPublicIpOnLaunch set to true
severity: warning
filename:
./VPC/aws-scca-vdss-stack-singleAZ.template.jsonline number(s): [122]
resource(s):
EC2 Subnet should not have MapPublicIpOnLaunch set to true
severity: warning
filename:
./VPC/route-table-update-post-EC2-builds.jsonline number(s): [163]
resource(s):
IAM role should not allow * resource on its permissions policy
severity: warning
filename:
./JumpHost/template.jsonline number(s): [241]
resource(s):
Security Groups found with ingress cidr that is not /32
severity: warning
filename:
./JumpHost/template.jsonline number(s): [241]
resource(s):
Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB
severity: warning
filename:
./JumpHost/template.jsonline number(s): [241]
resource(s):
Security Groups found ingress with port range instead of just a single port
The text was updated successfully, but these errors were encountered: