Ignore deleted CloudFormation stacks

SecurityFTW / cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

GNU General Public License v3.0

1.13k stars 217 forks source link

Ignore deleted CloudFormation stacks #44

Closed gverschu-mgx closed 3 years ago

gverschu-mgx commented 4 years ago

Implements a query filter on StackStatus to ignore CloudFormation stacks that have DELETE_COMPLETE as StackStatus. This will reduce the executing time significantly on some AWS accounts.

Reason: Performing an audit on an AWS account with a big amount of deleted CloudFormation stacks takes very long. The checks that are modified by this change do not make sense on deleted stacks. These checks are:

Check Cloud Formation stacks are using SNS
Check stacks have a policy

gverschu-mgx commented 3 years ago

@shivankar-madaan Any chance this PR can be merged or are there comments that need to be resolved first ?

shivankar-madaan commented 3 years ago

Looks good to me. Thanks for the PR!