Fail on iam:PassRole with resource * #147
Assignees
Labels
customer
Initiated from, or received feedback about from outside Stelligent
Comments
ghost
added
the
customer
Merged
twellspring
pushed a commit
that referenced
this issue
Jul 2, 2019
twellspring
pushed a commit
that referenced
this issue
Jul 2, 2019
twellspring
pushed a commit
that referenced
this issue
Jul 10, 2019
ghost
pushed a commit
that referenced
this issue
Jul 10, 2019
* cfn templates created, first rules created * role rule complete, tests passing * policy rule complete, tests passing * All tests pass * Linted files * add permutations and more test cases * base rule for passrole * Figured out keyword arguments * #147 wildcard pattern changed to recursive * #147 change class variable to constant * #147 update wildcard_patterns to correctly handle non-string inputs
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cloned from https://gitlab.com/jhctechnology/aws-cloudformation-utilities/awslint/issues/21
iam:PassRoleonResource: "*"can be dangerous because it can allow a user to elevate their own permissions by passing a privileged role to a trusted entity to run commands they could not normally run on their own.This is an extension of existing cfn_nag rules W11, W12, and W13 to escalate these warnings to failures when a policy contains the
iam:PassRoleaction.The text was updated successfully, but these errors were encountered: