aws-foundations-cis-baseline icon indicating copy to clipboard operation
aws-foundations-cis-baseline copied to clipboard

Published 20 hours ago verified publisher icon mitre

IAM Password Policy Not Found - 1.8

Open aaronlippold opened this issue 1 year ago • 3 comments

The error collection is skipping the resource when a configured password policy cannot be found, this should fail the resource and not skip it.

Related #125

aaronlippold avatar Dec 08 '23 20:12 aaronlippold

So the problem here is that apparently the AWS API throws a "NoSuchEntity" error even when the password policy is set to the defaults. Any customizing of the password policy makes the password policy suddenly detectable by the API.

That means we can't necessarily autofail the resource; in most cases, there is actually a password policy set, it's just the default.

wdower avatar Dec 11 '23 15:12 wdower

Ref: https://github.com/aws/aws-cli/issues/7265

This is a bug in the API.

wdower avatar Dec 11 '23 15:12 wdower

OK, let's raise an issue on the SDK board, they seem to be very responsive. The other thing you could do in the resources, just do some sort of no op on the backend or in the resource to work around the bug. A.k.a. have the client do a query or something that doesn't change any date, but just works around the bug.

aaronlippold avatar Dec 11 '23 17:12 aaronlippold