Zilvinas Saltys

@mourya-33 can we close this ? does checkov still complain on this ?

@noah-paige @dlpzx @anmolsgandhi was this not completed already?

@anmolsgandhi @mourya-33 @noah-paige updated this to mention reworking checkov scanning to use checkov baselines as I couldn't find any other open tickets for that.

@noah-paige @dlpzx I would also say that dataset UI probably has the same problems and should receive same treatment.

@anmolsgandhi I absolutely think that this should be extended further than just datasets. This would be very useful for environments too. But I think yes we should make it extendable...

@SofiaSazonova I like everything I see, I like the enforcement mechanisms. One I would like to bring up potentially as next enhancement later on is **default values.** Let us imagine...

@dlpzx @SofiaSazonova @anmolsgandhi we ran into this issue on IAM policies when a role accumulated 38+ shares. Would be nice to prioritize this one.

@dlpzx @noah-paige these should managed the same way like bucket permissions .. data.all should only have access to databases that have been imported and nothing else.

I noticed that this gets even more confusing when importing a glue db which is encrypted with KMS CMK - this causes the CF custom resource to throw an exception...

@dlpzx @mourya-33 @anmolsgandhi I think we just put this as a checkov exception. I don't think this one is worth solving.