Open woodyweaver opened 4 weeks ago
Hi @woodyweaver,
I will add a note in the finding's metadata to indicate that the AWS guidance involving aws:SourceAccount
and aws:SourceArn
conditions is not applicable to EKS, as confirmed by AWS. This will clarify that there is currently no way to clear the finding for EKS.
In the meantime, you could mute the finding using the Prowler mutelist since it's not remediable for now. I'll make a PR to address this soon. Thanks for your suggestion and for using Prowler! 🚀
Update: Here is the PR with the changes, please let me know if it fits the case or needs some improvement, I look forward to your response thanks for everything.
Steps to Reproduce
Run scan, inspect finding.
Expected behavior
I want for prowler to detect defects in configuration, and it does an excellent job on this front. However, I'm getting a "confused deputy" finding on our AWS EKS cluster role. The remediation guidance suggests following AWS guidance, to include "aws:SourceAccount" and/or "aws:SourceArn" condition keys. This was not successful. Opening a ticket with AWS produced language from Omar M.:
I think it would be helpful to add an explanation to the finding guidance that it is not possible (according to AWS) to clear the finding using the AWS guidance.
Actual Result with Screenshots or Logs
How did you install Prowler?
From pip package (pip install prowler)
Environment Resource
EC2 instance
OS used
RHEL 9
Prowler version
Prowler 4.3.1 (latest is 4.3.3, upgrade for the latest features)
Pip version
pip 21.2.3 from /usr/lib/python3.9/site-packages/pip (python 3.9)
Context
No response