Rodrigo Montoro
Rodrigo Montoro
Playing around with cross account possibilities we noticed that if you edit your Trust Role Policy Document to * instead of an accountid Cloudsploit won't trigger an alert running against...
We did some research here https://sidechannel.blog/en/unwanted-permissions-that-may-impact-security-when-using-the-readonlyaccess-policy-in-aws/ `READ_ONLY_DATA_EXFILTRATION_ACTIONS = [ "apigateway:GET", "athena:GetDatabase", "athena:GetQueryExecution", "athena:GetQueryResults", "cassandra:Select", "chime:Retrieve*", "cloudtrail:LookupEvents", "config:SelectResourceConfig", "datapipeline:QueryObjects", "dax:Query", "dax:Scan", "dynamodb:Get*", "dynamodb:Query", "dynamodb:Scan", "ec2:DescribeInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot", "es:ESHttpGet", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable",...