safeguards-plugin no-wild-iam-role-statements fails on actions that require * resources

no-wild-iam-role-statements fails on actions that require * resources

Open zachwhaley opened this issue 2 years ago • 1 comments

If one enables tracing, Serverless generates the following IAM role policy statement with a * resource.

        {
            "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }

The * resource is actually the only option you can choose when using these actions. But Safeguards is unaware of this and fails the no-wild-iam-role-statements policy regardless.

Oct 21 '22 15:10 zachwhaley

@zachwhaley thanks for report! PR with a fix is welcome

Oct 25 '22 07:10 medikoo

safeguards-plugin safeguards-plugin copied to clipboard

no-wild-iam-role-statements fails on actions that require * resources

safeguards-plugin
safeguards-plugin copied to clipboard