hardcoded aws partition in ARNs - Githubissues

iann0036 / aws-leastprivilege

Generates an IAM policy for the CloudFormation service role that adheres to least privilege.

MIT License

110 stars 14 forks source link

hardcoded aws partition in ARNs #5

Open PatMyron opened 3 years ago

PatMyron commented 3 years ago

https://github.com/iann0036/aws-leastprivilege/tree/master/cfnlp/mappings https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-syntax

grep 'arn:aws:' cfnlp/mappings/*.py

Thought about just find-and-replacing all of them:

brew install gnu-sed
gsed -i 's/arn:aws:/arn:aws*:/' cfnlp/mappings/*.py

but a few shouldn't have that exact find-and-replace: https://github.com/iann0036/aws-leastprivilege/blob/6f9f8a2c412f262deaa96e5ce455cab47717d93b/cfnlp/mappings/cloudwatch.py#L31-L42

iann0036 commented 3 years ago

If we were to do this, I'd rather explicitly set the partition from the identified region, so maybe a function for that if it's China / GovCloud?