New check to ensure that a group has not administrative privileges

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

https://prowler.com

Apache License 2.0

10.53k stars 1.51k forks source link

New check to ensure that a group has not administrative privileges #4807

Closed puchy22 closed 3 weeks ago

puchy22 commented 3 weeks ago

New feature motivation

As described in this issue #4777 there were no checks for checking Admin privileges. Following the same logic Groups must have his own check.

Solution Proposed

Implement new check following the same logic as iam_role_administratoraccess_policy and iam_user_administrator_access_policy.

Describe alternatives you've considered

Use iam_aws_attached_policy_no_administrative_privileges with inline policies attached to groups.

Additional context

No response

puchy22 commented 3 weeks ago

Hi @jmanduca-psfy, I hope everything is going well. The PR with the new check for groups is ready if you want to take a look at it and send me some feedback.

Thanks for everything.

jmanduca-psfy commented 3 weeks ago

Hey @puchy22 , just tried it out and it works great. Thanks for implementing this! And so quickly.