Open darrais opened 2 months ago
hi @darrais
Excellent catch, that is exactly how it was supposed to be to enable you to add your own options if required. I am adding this to the next PR which will hopefully be merged this week.
Many thanks for feeding this back
uk-bolly
Describe the Issue The variable
amzn2023cis_authselect['options']
is not used anywhere.Expected Behavior If choosing to use a custom authselect profile, the user should be able to define the options to include, providing greater flexibility to the playbook.
Actual Behavior Currently, the custom authselect profile selection includes only the
with-faillock
option. Although this is aligned with requirement 4.4.2, it hinders the ability of the user to include other options.Control(s) Affected 4.4.1 and 4.4.2
Environment
Possible Solution A possible solution is to change the shell command of the 3rd task in the rule block 4.4.2 (this) to include the variable
amzn2023cis_authselect['options']
. This will allow the user to append additional options to theauthselect select
command (and, possibly, even overwrite thewith-faillock
option that is currently being set).For example, the task mentioned could be changed to: