caulking should alert on ARNs (AWS Resources)

cloud-gov / caulking

Prevent leaks with gitleaks, and use tests to validate

Other

32 stars 11 forks source link

caulking should alert on ARNs (AWS Resources) #68

Open pburkholder opened 2 years ago

pburkholder commented 2 years ago

Security considerations

[note any potential changes to security boundaries, practices, documentation, risk that arise directly from this story]

bengerman13 commented 2 years ago

ARN format:

arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id

so we should have a regex something like: arn:aws(-us-gov|-cn)?:[^:]+:[^:]*:\d{12}:[^:\s]+ need to double-check whether it's guaranteed that account ids are 12 numeric digits