New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: AWS inline policies not considered for various checks #3833
Comments
@jfagoagas I was thinking about how to address this shortcoming myself. It is straightforward to extend the existing checks to also cover If I wanted to create a separate check just for inline policies, I'd have to duplicate a lot of code for How would you go about this? |
Hi @rieck-srlabs I think with the current approach we should create new checks for the inline policies. Regarding the
What do you think? |
Steps to Reproduce
There are various AWS checks that currently only consider
"Custom"
policies:iam_policy_no_full_access_to_cloudtrail
iam_policy_no_full_access_to_kms
iam_policy_allows_privilege_escalation
To reproduce,
prowler aws
Expected behavior
I expected overprivileged inline policies to be flagged by Prowler.
These checks should treat inline and custom policies identically. From a security POV, there is no practical distinction between custom policies and inline policies.
Actual Result with Screenshots or Logs
n/a
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
Local development environment
OS used
macOS
Prowler version
Prowler 4.1.0 (You are running the latest version, yay!)
Pip version
n/a
Context
No response
The text was updated successfully, but these errors were encountered: