Created AWS policy for IAM users and data store encryption check

prancer-io / prancer-compliance-test

This repository includes cloud security policies for IaC and live resources.

https://www.prancer.io

39 stars 11 forks source link

Created AWS policy for IAM users and data store encryption check #563

Closed vatsalgit5118 closed 1 year ago

vatsalgit5118 commented 1 year ago

Created AWS policies to check,

Whether MFA is enabled or not for users and root account.
Ensure data stores are encrypted with CMKs
Instance profile IAM should be least privileged.

farchide commented 1 year ago

@rezoan please review

vatsalgit5118 commented 1 year ago

@rezoan , In the snapshot, the resource is not available. So, that policy will skip at the time of executing the compliance. And the default value of rds_encrypt_key is true. So in the result, it shows the true.

rezoan commented 1 year ago

@vatsalgit5118 is there any way i can test the scenario (how the policy get skipped if resource not available) without connecting to cloud?

vatsalgit5118 commented 1 year ago

@rezoan, If the cloud does not have the required resource, a snapshot will not be created for the corresponding master snapshot. The master snapshot ID is included in the list of master test cases. Since the snapshot list is empty, no test cases will be executed for that master snapshot, causing it to be skipped.

vatsalgit5118 commented 1 year ago

@rezoan, I have updated the PR based on the found bugs.

rezoan commented 1 year ago

all the snapshots are getting generated.