aws / trusted-advisor-tools Goto Github PK

We need a check that looks for public S3 read/write permissions and automatically revokes these when found. This check would look for the following public permissions:

Bucket list objects
Bucket write objects (This is high severity)
Bucket read permissions
Bucket write permissions (This is high severity)

For the high severity permissions we should explicitly detail the customer should manually audit the bucket and it's objects to ensure that is has not been compromised.

This automation workflow can follow a similar pattern to the one for Exposed Access Keys linked below:

https://github.com/aws/Trusted-Advisor-Tools/tree/master/ExposedAccessKeys

Let me know what you think about this proposed check.

I was hoping you could provide an example for the check-name MFA on Root Account along with sample payload as a cloudwatch event. Due to the fact any accounts I work in already have mfa enabled on the root, I am unable to generate a cloudwatch event that would be trigged upon the rule:

{
"source": [
"aws.trustedadvisor"
],
"detail-type": [
"Trusted Advisor Check Item Refresh Notification"
],
"detail": {
"check-name": [
"MFA on Root Account",
"IAM Use"
]
}
}

Thanks!

I'm trying to use the Eisenhower Matrix App in AWS Amplify Hosting, but having some issues with the ajv package.

When I install the ajv and run the npm install command, I receive the following error message:
npm WARN [email protected] requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.

When I run npm install [email protected] to resolve it, I receive the following error message:
npm WARN @apideck/[email protected] requires a peer of ajv@>=8 but none is installed. You must install peer dependencies yourself.

I believe this is a co-dependency problem, but don't have any knowledge about Node.js.
I am really excited to run this solution in my company, if you guys can help me with that, I would really appreciate it.

The nodejs runtime for many of the examples are out of date. They are based on nodejs 6.10 and they must be updated to nodejs 8.10 or 10.

https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html

You are using Lambdas with runtime: python3.6 in Trusted-Advisor-Tools/ExposedAccessKeys/cloudformation 's exposed_access_keys.serverless.yaml.
This by your own message is in EOL.
This CF stack should be updated to provision these Lambdas with python3.9.