You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The dataset environment admin policy contains overly permissive permissions that needs to be restricted only to the required resources. The following are flagged by CHECKOV
Create a dataset environment and run checkov against the environment stack cloudformation template to get the list of resources flagged for overly permissive permissions.
Expected behavior
The dataset environment role/policy should follow the least privileges principle that restricts permissions only to the required resources.
Your project
No response
Screenshots
No response
OS
Mac
Python version
3.10
AWS data.all version
2.6
Additional context
No response
The text was updated successfully, but these errors were encountered:
Describe the bug
The dataset environment admin policy contains overly permissive permissions that needs to be restricted only to the required resources. The following are flagged by CHECKOV
Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
Permissions to address:
"iam:CreatePolicy",
"iam:CreateServiceLinkedRole"
FAILED for resource: AWS::IAM::ManagedPolicy.dataalltestproducerenvadmin2m7oljdeservicespolicy1DD4CBB4
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
Permissions to address:
"cloudformation:Cancel*",
"cloudformation:Continue*",
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
FAILED for resource: AWS::IAM::ManagedPolicy.dataalltestproducerenvadmin2m7oljdeservicespolicy11D6FB542
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint
Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
Permissions to address:
"glue:List*"
FAILED for resource: AWS::IAM::ManagedPolicy.dataalltestproducerenvadmin2m7oljdeservicespolicy34FD1AA7D
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
How to Reproduce
Create a dataset environment and run checkov against the environment stack cloudformation template to get the list of resources flagged for overly permissive permissions.
Expected behavior
The dataset environment role/policy should follow the least privileges principle that restricts permissions only to the required resources.
Your project
No response
Screenshots
No response
OS
Mac
Python version
3.10
AWS data.all version
2.6
Additional context
No response
The text was updated successfully, but these errors were encountered: