dataall Implement least privilege permissions for the IAM role SecretsManagerRDSPostgreSQLRotationSingleUserRole

Implement least privilege permissions for the IAM role SecretsManagerRDSPostgreSQLRotationSingleUserRole

Open mourya-33 opened this issue 8 months ago • 5 comments

Describe the bug

The IAM role SecretsManagerRDSPostgreSQLRotationSingleUserRole has overly permissive permissions that is flagged by checkov scan (scan result below)

CheckID : CKV_AWS_111 CheckName : Ensure IAM policies does not allow write access without constraints File : /dataall-staging-backend-stage-backend-stack-AuroraDatabasestagingRotationSingleUser36E-1P9OZ9G9U4NU7.yaml:133-253 Resource : AWS::IAM::Role.SecretsManagerRDSPostgreSQLRotationSingleUserRole Guideline : CKV_AWS_111

This needs to be restricted to the required resources only.

How to Reproduce

Post deployment, run a checkov scan on the template for Aurora stacks. The scan report would include the entry for the role with a FAILED error message as described in the description above.

Expected behavior

The IAM role permissions should be restricted to only the required resources.

Your project

No response

Screenshots

No response

OS

Mac

Python version

3.10

AWS data.all version

2.5

Additional context

No response

Jun 08 '24 05:06 mourya-33

dataall dataall copied to clipboard

Implement least privilege permissions for the IAM role SecretsManagerRDSPostgreSQLRotationSingleUserRole

Describe the bug

How to Reproduce

Expected behavior

Your project

Screenshots

OS

Python version

AWS data.all version

Additional context

dataall
dataall copied to clipboard