Hello,
Running the CF stack/stack scripts as documented (VendorInsightsPrerequisiteCFT.yaml and VendorInsightsOnboardingCFT.yaml) leads to the creation of S3 buckets, IAM roles etc that are themselves "Noncompliant" with AWSVendorInsightsConformancePackv1 requirements.
Two examples for S3 buckets and IAM roles are shown below.
Inline policies in IAM roles - extensively used by AWS's own wizards such as the Systems Manager "quick configuration" wizard, not just this conformanace pack:
Hi @lenopip, Thanks for the PRs referencing this issue. I trust additional updates are coming to fully resolve the items highlighted in the report above, such as the presence of inline policies?
Hello, Running the CF stack/stack scripts as documented (
VendorInsightsPrerequisiteCFT.yaml
andVendorInsightsOnboardingCFT.yaml
) leads to the creation of S3 buckets, IAM roles etc that are themselves "Noncompliant" withAWSVendorInsightsConformancePackv1
requirements.Two examples for S3 buckets and IAM roles are shown below.
Inline policies in IAM roles - extensively used by AWS's own wizards such as the Systems Manager "quick configuration" wizard, not just this conformanace pack:
Thanks, Sid