Comments (7)
Hey @kmcquade , thanks for the suggestion!
I did upgrade to 0.1.3 and while the upgrade did not help directly, tweaking the policy statement did.
I am still playing around with those parameters, so don't want to jump to any conclusions yet, but does a policy not get listed if the resource in the policy statement does not exist?
I just wrote a random non-existent resource name on my first run (when the policy was not listed), but when I changed it to "*", the policy showed up just fine in the "Customer Policies" tab.
I'll report if I find anything interesting along the way!
from cloudsplaining.
Hey @arshpunia! Have you tried it on a more recent version of Cloudsplaining? Version 0.1.0 fixed some issues with the exclusions mechanism. Most current version is 0.1.3.
The download command is the same, so just try installing the latest version and running it on your authz file. Let me know if that helps.
from cloudsplaining.
Mind joining the Gitter? https://gitter.im/cloudsplaining/community. I'd love to pick your brain as you're learning :)
I am still playing around with those parameters, so don't want to jump to any conclusions yet, but does a policy not get listed if the resource in the policy statement does not exist?
It doesn't look up resource ARNs to see if they exist in the AWS account.
when I changed it to "*", the policy showed up just fine in the "Customer Policies" tab.
That's by design. It only shows up in the "Customer Policies" tab or the "AWS Policies" tab if there's a security finding - PrivEsc, Infra modification, Resource Exposure, or Data Exfiltration. If there isn't, and the policy is not flagged as having a security issue, then it won't show up in those tabs at all.
Regarding the "Customer Policies" tab
Do you think I should change the names of those tabs? I thought about naming it "Customer Policy Findings" or "AWS Policy Findings" to make the purpose of those tabs clear, but that would make the navbar take up multiple lines, which would look cluttered.
I could just modify the text at the beginning of those tabs. Currently it's "The following table shows a list of Customer created IAM Policies that are currently used in the account - both Managed Policies and Inline Policies. If the policy is an inline policy, the table indicates the IAM Principal that the inline policy is associated with." I can revise that so it's clear that it only shows up in that tab if it's flagged as a finding. What do you think about that?
from cloudsplaining.
That's by design. It only shows up in the "Customer Policies" tab or the "AWS Policies" tab if there's a security finding - PrivEsc, Infra modification, Resource Exposure, or Data Exfiltration. If there isn't, and the policy is not flagged as having a security issue, then it won't show up in those tabs at all.
That makes sense. I'm sorry if I missed out on that part while reading up on the documentation.
Regarding the "Customer Policies" tab
I think that the tab-names are fairly self-explanatory, and the IAM Principals table also gives "pointers" on where to find details on a policy by classifying it as Customer Managed/AWS Managed/Customer Inline and so on.
I can revise that so it's clear that it only shows up in that tab if it's flagged as a finding. What do you think about that?
I think that's a great idea. It would help to just add that final line to both "AWS Policies" and "Customer Policies" tab for some added clarity.
And sure, I'll join the Gitter! :)
Thanks so much for all your help on this!
from cloudsplaining.
I'm sorry if I missed out on that part while reading up on the documentation.
No worries at all. If you are experiencing that, then I’m sure other users are as well, so I am glad to make changes so that is highlighted properly.
I think that's a great idea. It would help to just add that final line to both "AWS Policies" and "Customer Policies" tab for some added clarity.
Sweet. I’ll go ahead and do that.
from cloudsplaining.
Bingo! Thank you so much.
I'd be happy to contribute if you have any suggestions.
I've joined the gitter and if all's good, can we close the issue?
from cloudsplaining.
Sure thing! I’ll add the text we agreed on after the weekend before 0.1.4 release
from cloudsplaining.
Related Issues (20)
- Provide option to flag all risky actions, regardless of resource constraints or conditions
- Multi-Account Scan Strips Leading Zeros From Account ID HOT 3
- Migrate from Vue 2 -> Vue 3 and upgrade dependencies HOT 4
- Not able to run the tool HOT 2
- It would be nice to have an inclusion specifying version of scanning
- Unable to scan multiple accounts HOT 1
- Add new read actions to detection list
- Incorrect Link in Docs
- Infrastructure Modification check ignores conditions set on policy HOT 6
- is this solution runnable within a lambda HOT 1
- (InvalidClientTokenId) when calling the GetAccountAuthorizationDetails operation HOT 5
- Unable to identify "Policy leveraged by Compute Service Role" HOT 1
- Rightsizing the broad IAM policies Automatically
- Unhandled exception when running multi-account scan HOT 3
- Cannot build due to pyyaml-6.0 errors
- problem with installation from brew
- TypeError: list indices must be integers or slices, not str (Windows 10) HOT 5
- Security Risk Assessment HOT 1
- ARN Not found HOT 2
- Automatically publish container to Docker Hub via GitHub Actions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloudsplaining.