Open srikanthm-1 opened 3 months ago
@srikanthm-1 thanks for reaching out! I ran checkov -f check.json --run-all-external-checks
against your example and it treated the result as UNKNOWN which is as expected. This check is looking for permissions delegated to service accounts only. If we use PrincipalOrgID
the scope is too broad and will include some non-service accounts. Therefore, we can't run this check against those without creating false positives.
Also note, we'll remove the odd print statement.
Describe the issue Relevant check Id: CKV_AWS_364 AWS Lambda supports having an organization as a principal (See here) but the check is not handling that.
Examples Please share an example code sample (in the IaC of your choice) + the expected outcomes.
Running
checkov --run-all-external-checks
on the above cfn template will cause the failureVersion (please complete the following information):
Additional context This check is also printing "Not a service principal" in the standard out which is messing with the output format of the command. Its not clear if that is a bug or along expected lines.