Make example AWS UUIDS follow a specific pattern (ansible-collections…

…#1539) Make example AWS UUIDS follow a specific pattern SUMMARY Various AWS IAM resources have UUID which follow a specific pattern. Similarly AWS accounts are all 12 digit numbers (text aliases in a couple of cases). To minimize the risk of accidental data leaks use a consistent Account ID in examples (123456789012), and a specific format for the UUIDS: (AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)12345EXAMPLE54321 While this does nothing about historic data, having consistency makes it easier to prevent future leaks. Note: We should follow this up with an update to the developer docs, however I'd like to get this in prior to 5.0.0 ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/acm_certificate_info.py plugins/modules/application_autoscaling_policy.py plugins/modules/autoscaling_launch_config.py plugins/modules/autoscaling_launch_config_info.py plugins/modules/codecommit_repository.py plugins/modules/directconnect_link_aggregation_group.py plugins/modules/dms_endpoint.py plugins/modules/dynamodb_table.py plugins/modules/ec2_transit_gateway_info.py plugins/modules/ec2_transit_gateway_vpc_attachment.py plugins/modules/ec2_transit_gateway_vpc_attachment_info.py plugins/modules/ec2_vpc_peer.py plugins/modules/ec2_vpc_peering_info.py plugins/modules/ec2_vpc_vpn_info.py plugins/modules/ecs_cluster.py plugins/modules/ecs_ecr.py plugins/modules/ecs_service.py plugins/modules/ecs_service_info.py plugins/modules/ecs_task.py plugins/modules/efs.py plugins/modules/efs_info.py plugins/modules/eks_cluster.py plugins/modules/elasticache_subnet_group.py plugins/modules/elb_network_lb.py plugins/modules/elb_target_group.py plugins/modules/elb_target_group_info.py plugins/modules/elb_target_info.py plugins/modules/iam_group.py plugins/modules/iam_managed_policy.py plugins/modules/iam_mfa_device_info.py plugins/modules/iam_server_certificate_info.py plugins/modules/lightsail.py plugins/modules/lightsail_static_ip.py plugins/modules/msk_cluster.py plugins/modules/s3_bucket_notification.py plugins/modules/sns_topic.py plugins/modules/sns_topic_info.py plugins/modules/sqs_queue.py plugins/modules/stepfunctions_state_machine.py plugins/modules/stepfunctions_state_machine_execution.py plugins/modules/storagegateway_info.py plugins/modules/wafv2_web_acl.py ADDITIONAL INFORMATION While the 'secret' nature of these UUIDs is debatable (they're closer to user names than passwords), deliberately mangling them makes it easier for InfoSec teams to spot when their secret counterparts may have been leaked in combination with a real 'public' part. This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@9476422
alinabuzachis · Oct 11, 2024 · 7187a10 · 7187a10
1 parent 0db4d3f
commit 7187a10
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py
@@ -109,7 +109,7 @@
     region: ap-southeast-2
     vpc_id: vpc-12345678
     peer_vpc_id: vpc-12345678
-    peer_owner_id: 123456789102
+    peer_owner_id: 123456789012
     state: present
     tags:
       Name: Peering connection for VPC 21 to VPC 22
@@ -171,7 +171,7 @@
     region: ap-southeast-2
     vpc_id: vpc-12345678
     peer_vpc_id: vpc-12345678
-    peer_owner_id: 123456789102
+    peer_owner_id: 123456789012
     state: present
     tags:
       Name: Peering connection for VPC 21 to VPC 22
@@ -196,7 +196,7 @@
     region: ap-southeast-2
     vpc_id: vpc-12345678
     peer_vpc_id: vpc-12345678
-    peer_owner_id: 123456789102
+    peer_owner_id: 123456789012
     state: present
     tags:
       Name: Peering connection for VPC 21 to VPC 22
@@ -247,7 +247,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is in the accepted state.
@@ -299,7 +299,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is not in the deleted state.
@@ -341,7 +341,7 @@
           description: Additional information about the status of the connection.
           returned: success
           type: str
-          example: Pending Acceptance by 012345678901
+          example: Pending Acceptance by 123456789012
     tags:
       description: Tags applied to the connection.
       returned: success

diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py
@@ -88,7 +88,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is in the accepted state.
@@ -140,7 +140,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is not in the deleted state.
@@ -182,7 +182,7 @@
           description: Additional information about the status of the connection.
           returned: success
           type: str
-          example: Pending Acceptance by 012345678901
+          example: Pending Acceptance by 123456789012
     tags:
       description: Tags applied to the connection.
       returned: success