Closed crochcunill closed 2 years ago
Conclussions
Recommendations 1- Create a test that compare the results of the AWS CLI command get-account-authorization-details before/after SEA update/upgrade 2- Create a small suite of tests to verify persmissions that are deemed important enough to deserve their own test
Further work
The full version of the finding for this spike have been gathered in the following spreadsheet
For some background info about the relation between KC users and AWS roles check https://bcgov.sharepoint.com/:b:/t/01368-CPFScrumTeam/EUpY8z_4ZUVBssWFJtcBbOAB72B1Y57yQSbLR7HGQi8vZA?e=IokLfl
Description To compile a list of the personas from the keycloak SSO roles. Then test systematically what each of these personas can can can not do.
I will need the input from Warren. Not sure if I will also require Avneet.
Additional Info There's some interesting documentation here https://github.com/canada-ca/cloud-guardrails-aws but we don't want to use Prowler or CloudCustodian, we want to test in CheckPoint CloudGuard CSPM
Deliverables