varunjain99
commented
1 year ago Also should figure out which compliance frameworks if any this maps to
Open varunjain99 opened 1 year ago
varunjain99
commented
1 year ago Also should figure out which compliance frameworks if any this maps to
Follow the directions here to add the rule - https://docs.zeuscloud.io/contribute/add-security-rule
You will need to first update cartography to set environment variables in the ECSContainerDefinition node. Currently it does not set this. This should be a basic SET operation in https://github.com/Zeus-Labs/cartography/blob/master/cartography/intel/aws/ecs.py#L294. Update an unit tests and/or integration tests in cartography appropriately. Open a PR in Zeus-Labs fork of cartography for this. Then include an update to the cartography submodule in this repo.
The Neo4J query probably should check if any of ['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY','ECS_ENGINE_AUTH_DATA'] show up in the name field of the environment variables
Create a cdk stack (https://github.com/Zeus-Labs/ZeusCloud/blob/main/cdk/bin/cdk.ts) with an ECS cluster/task definition that violates / doesn't violate this condition. You could just include AWS_SECRET_ACCESS_KEY as an environment variable with some dummy values.
Run ZeusCloud and check that the rule works correctly. You can speed up cartography running by commenting out intel modules that are run here: (https://github.com/Zeus-Labs/cartography/blob/master/cartography/intel/aws/resources.py)