search

turbot / steampipe-mod-aws-perimeter

Is your AWS perimeter secure? Use Powerpipe and Steampipe to check your AWS accounts for public resources, resources shared with untrusted accounts, insecure network configurations and more.
https://hub.powerpipe.io/mods/turbot/aws_perimeter
Apache License 2.0
105 stars 6 forks source link

Add trusted controls for AWS policies #18

Closed omerosaienni closed 1 year ago

omerosaienni commented 2 years ago

Share Controls

omerosaienni@engineering ~/source-code/steampipe/steampipe-mod-aws-perimeter(updating-perimeter-mod-to-use-analyse-table)$ steampipe check benchmark.shared_access

Shared Access .............................................................................................................................................. 94 / 401 [==========]
| 
+ RAM Shared Access ........................................................................................................................................  2 /   2 [=         ]
| | 
| + Resources shared through RAM should only be shared with trusted accounts ...............................................................................  1 /   1 [=         ]
| | | 
| | ALARM: subnet/subnet-0324f9123e334dc08 shared with untrusted accounts ["111122223333", "333322221111", "222244446666"]. ............................... us-east-1 232332322323
| | 
| + Resources shared through RAM should only be shared with trusted OUs ....................................................................................  0 /   0 [          ]
| | 
| + Resources shared through RAM should only be shared with trusted organizations ..........................................................................  1 /   1 [=         ]
|   | 
|   ALARM: subnet/subnet-0324f9123e334dc08 shared with untrusted organization ["o-a1a1a1aa11"]. ........................................................... us-east-1 232332322323
|   
+ Shared Access Settings ...................................................................................................................................  0 /  24 [=         ]
| | 
| + Config service aggregator should only collect data from trusted accounts ...............................................................................  0 /   0 [          ]
| | 
| + Directory Service directories should only be shared with trusted accounts ..............................................................................  0 /   0 [          ]
| | 
| + DLM policies should only share EBS snapshot copies with trusted accounts ...............................................................................  0 /   0 [          ]
| | 
| + EBS snapshots should only be shared with trusted accounts ..............................................................................................  0 /   6 [=         ]
| | | 
| | OK   : snap-02fb96ea75cc078ff is not shared. .......................................................................................................... us-east-1 232332322323
| | OK   : snap-0e3cd6d751a0d274e is not shared. .......................................................................................................... us-east-1 232332322323
| | OK   : snap-09c14fff2c4c1b36b is not shared. .......................................................................................................... us-east-1 232332322323
| | OK   : snap-01c573b1f4ebad60f is not shared. .......................................................................................................... us-east-1 232332322323
| | OK   : snap-0d052e9a6dc0b710b is not shared. .......................................................................................................... us-east-1 232332322323
| | OK   : snap-0263366219ef8e62d is not shared. .......................................................................................................... us-east-1 232332322323
| | 
| + EC2 AMIs should only be shared with trusted accounts ...................................................................................................  0 /   6 [=         ]
| | | 
| | INFO : ami-public-instance-1 is public. ............................................................................................................... us-east-1 232332322323
| | INFO : ami-public-instance-2 shared with untrusted account ["333322221111"]. .......................................................................... us-east-1 232332322323
| | INFO : ami-public-instance-3 shared with untrusted accounts ["333322221111", "111122223333"]. ......................................................... us-east-1 232332322323
| | OK   : ami-private-image-1 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-private-image-2 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-private-image-3 is not shared. ............................................................................................................. us-east-1 232332322323
| | 
| + EC2 AMIs should only be shared with trusted OUs ........................................................................................................  0 /   6 [=         ]
| | | 
| | INFO : ami-public-instance-1 is public. ............................................................................................................... us-east-1 232332322323
| | OK   : ami-private-image-1 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-private-image-2 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-private-image-3 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-public-instance-2 is not shared. ........................................................................................................... us-east-1 232332322323
| | OK   : ami-public-instance-3 is not shared. ........................................................................................................... us-east-1 232332322323
| | 
| + EC2 AMIs should only be shared with trusted organizations ..............................................................................................  0 /   6 [=         ]
| | | 
| | INFO : ami-public-instance-1 is public. ............................................................................................................... us-east-1 232332322323
| | OK   : ami-private-image-1 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-private-image-2 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-private-image-3 is not shared. ............................................................................................................. us-east-1 232332322323
| | OK   : ami-public-instance-2 is not shared. ........................................................................................................... us-east-1 232332322323
| | OK   : ami-public-instance-3 is not shared. ........................................................................................................... us-east-1 232332322323
| | 
| + GuardDuty findings should only be shared with trusted accounts .........................................................................................  0 /   0 [          ]
| | 
| + RDS DB snapshots should only be shared with trusted accounts ...........................................................................................  0 /   0 [          ]
|   
+ Shared Access ............................................................................................................................................ 92 / 375 [==========]
  | 
  + Resource Policy Shared Accounts Access ................................................................................................................. 26 /  98 [===       ]
  | | 
  | + ECR repository policies should prohibit untrusted account access .....................................................................................  1 /   2 [==        ]
  | | | 
  | | ALARM: omero-test-private trust policy grants cross-account access to 1 untrusted account: ["123456789012"]. ........................................ us-east-1 232332322323
  | | OK   : omero-test-private-2 trust policy does not reference any accounts. ........................................................................... us-east-1 232332322323
  | | 
  | + Glacier vault policies should prohibit untrusted account access ......................................................................................  0 /   0 [          ]
  | | 
  | + IAM role trust policies should prohibit untrusted account access ..................................................................................... 21 /  91 [===       ]
  | | | 
  | | ALARM: iam_trusted_access_role_10 trust policy grants cross-account access to 1 untrusted account: ["688720832404"]. .......................................... 232332322323
  | | ALARM: iam_trusted_access_role_3 trust policy grants cross-account access to 1 untrusted account: ["688720832404"]. ........................................... 232332322323
  | | ALARM: iam_trusted_access_role_41 trust policy grants cross-account access to 1 untrusted account: ["688720832404"]. .......................................... 232332322323
  | | ALARM: iam_trusted_access_role_9 trust policy grants cross-account access to 1 untrusted account: ["688720832404"]. ........................................... 232332322323
  | | ALARM: rexaac-assume-role trust policy grants cross-account access to 1 untrusted account: ["333322221111"]. .................................................. 232332322323
  | | ALARM: test-public-1 trust policy grants cross-account access to 1 untrusted account: ["*"]. .................................................................. 232332322323
  | | ALARM: test-public-role-5 trust policy grants cross-account access to 1 untrusted account: ["*"]. ............................................................. 232332322323
  | | ALARM: test-role-2 trust policy grants cross-account access to 1 untrusted account: ["688720832404"]. ......................................................... 232332322323
  | | ALARM: test-role-mulitple trust policy grants cross-account access to 2 untrusted accounts: ["181849339477", "688720832404"]. ................................. 232332322323
  | | ALARM: test-role-mulitple-2 trust policy grants cross-account access to 4 untrusted accounts: ["111122223333", "222244446666", "181849339477", "688720832404"]. 232332322323
  | | ALARM: test-role-org-1 trust policy grants cross-account access to 1 untrusted account: ["232332322323"]. ..................................................... 232332322323
  | | ALARM: test-role-org-2 trust policy grants cross-account access to 1 untrusted account: ["232332322323"]. ..................................................... 232332322323
  | | ALARM: test-role-org-3 trust policy grants cross-account access to 1 untrusted account: ["232332322323"]. ..................................................... 232332322323
  | | ALARM: test-role-org-4 trust policy grants cross-account access to 1 untrusted account: ["*"]. ................................................................ 232332322323
  | | ALARM: test-role-org-5 trust policy grants cross-account access to 1 untrusted account: ["232332322323"]. ..................................................... 232332322323
  | | ALARM: test-role-public-2 trust policy grants cross-account access to 1 untrusted account: ["*"]. ............................................................. 232332322323
  | | ALARM: test-role-public-3 trust policy grants cross-account access to 1 untrusted account: ["*"]. ............................................................. 232332322323
  | | ALARM: test-role-public-4 trust policy grants cross-account access to 1 untrusted account: ["*"]. ............................................................. 232332322323
  | | ALARM: test-role-public-5 trust policy grants cross-account access to 1 untrusted account: ["*"]. ............................................................. 232332322323
  | | ALARM: test-steampipe-role-1 trust policy grants cross-account access to 1 untrusted account: ["*"]. .......................................................... 232332322323
  | | ALARM: us-east-1_PtrpBLBqu_Manage-only trust policy grants cross-account access to 1 untrusted account: ["688720832404"]. ..................................... 232332322323
  | | OK   : AWS-QuickSetup-StackSet-Local-AdministrationRole trust policy does not reference any accounts. ......................................................... 232332322323
  | | OK   : AWS-QuickSetup-StackSet-Local-ExecutionRole trust policy does not reference any cross-accounts. ........................................................ 232332322323
  | | OK   : AWSReservedSSO_SSO-Admin_ce6cf919091b63ee trust policy does not reference any accounts. ................................................................ 232332322323
  | | OK   : AWSReservedSSO_SSO-ReadOnly_7e9831f0c1810592 trust policy does not reference any accounts. ............................................................. 232332322323
  | | OK   : AWSServiceRoleForAccessAnalyzer trust policy does not reference any accounts. .......................................................................... 232332322323
  | | OK   : AWSServiceRoleForAutoScaling trust policy does not reference any accounts. ............................................................................. 232332322323
  | | OK   : AWSServiceRoleForBackup trust policy does not reference any accounts. .................................................................................. 232332322323
  | | OK   : AWSServiceRoleForCloudTrail trust policy does not reference any accounts. .............................................................................. 232332322323
  | | OK   : AWSServiceRoleForComputeOptimizer trust policy does not reference any accounts. ........................................................................ 232332322323
  | | OK   : AWSServiceRoleForConfig trust policy does not reference any accounts. .................................................................................. 232332322323
  | | OK   : AWSServiceRoleForApplicationAutoScaling_DynamoDBTable trust policy does not reference any accounts. .................................................... 232332322323
  | | OK   : AWSServiceRoleForECS trust policy does not reference any accounts. ..................................................................................... 232332322323
  | | OK   : AWSServiceRoleForApplicationAutoScaling_ECSService trust policy does not reference any accounts. ....................................................... 232332322323
  | | OK   : AWSServiceRoleForElastiCache trust policy does not reference any accounts. ............................................................................. 232332322323
  | | OK   : AWSServiceRoleForElasticLoadBalancing trust policy does not reference any accounts. .................................................................... 232332322323
  | | OK   : AWSServiceRoleForGlobalAccelerator trust policy does not reference any accounts. ....................................................................... 232332322323
  | | OK   : AWSServiceRoleForCloudFrontLogger trust policy does not reference any accounts. ........................................................................ 232332322323
  | | OK   : AWSServiceRoleForAPIGateway trust policy does not reference any accounts. .............................................................................. 232332322323
  | | OK   : AWSServiceRoleForOrganizations trust policy does not reference any accounts. ........................................................................... 232332322323
  | | OK   : AWSServiceRoleForRDS trust policy does not reference any accounts. ..................................................................................... 232332322323
  | | OK   : AWSServiceRoleForBackupReports trust policy does not reference any accounts. ........................................................................... 232332322323
  | | OK   : AWSServiceRoleForSecurityHub trust policy does not reference any accounts. ............................................................................. 232332322323
  | | OK   : AWSServiceRoleForAmazonSSM trust policy does not reference any accounts. ............................................................................... 232332322323
  | | OK   : AWSServiceRoleForSSO trust policy does not reference any accounts. ..................................................................................... 232332322323
  | | OK   : AWSServiceRoleForSupport trust policy does not reference any accounts. ................................................................................. 232332322323
  | | OK   : AWSServiceRoleForTrustedAdvisor trust policy does not reference any accounts. .......................................................................... 232332322323
  | | OK   : ec2_s3_read_only trust policy does not reference any accounts. ......................................................................................... 232332322323
  | | OK   : ec2_s3_read_only_2 trust policy does not reference any accounts. ....................................................................................... 232332322323
  | | OK   : ec2_s3_read_only_3 trust policy does not reference any accounts. ....................................................................................... 232332322323
  | | OK   : iam_trusted_access_role_2 trust policy does not reference any cross-accounts. .......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_20 trust policy does not reference any cross-accounts. ......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_30 trust policy does not reference any accounts. ............................................................................... 232332322323
  | | OK   : iam_trusted_access_role_4 trust policy does not reference any cross-accounts. .......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_5 trust policy does not reference any accounts. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_6 trust policy does not reference any accounts. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_7 trust policy does not reference any accounts. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_8 trust policy does not reference any accounts. ................................................................................ 232332322323
  | | OK   : my-sso-role trust policy does not reference any accounts. .............................................................................................. 232332322323
  | | OK   : PublishFlowLogsToCloudWatchRole trust policy does not reference any accounts. .......................................................................... 232332322323
  | | OK   : PublishToCloudWatchLogsRole trust policy does not reference any accounts. .............................................................................. 232332322323
  | | OK   : resource-policy-analysis-role-1 trust policy does not reference any accounts. .......................................................................... 232332322323
  | | OK   : AWSBackupDefaultServiceRole trust policy does not reference any accounts. .............................................................................. 232332322323
  | | OK   : test-function-2-role-i16umoc8 trust policy does not reference any accounts. ............................................................................ 232332322323
  | | OK   : test-function-3-role-ofc3xrg2 trust policy does not reference any accounts. ............................................................................ 232332322323
  | | OK   : test-function-4-role-bjzyzpti trust policy does not reference any accounts. ............................................................................ 232332322323
  | | OK   : test-function-role-ouk9m007 trust policy does not reference any accounts. .............................................................................. 232332322323
  | | OK   : test-admin-role trust policy does not reference any cross-accounts. .................................................................................... 232332322323
  | | OK   : test-amazon-1 trust policy does not reference any accounts. ............................................................................................ 232332322323
  | | OK   : test-aws-amazon-sub-type-1 trust policy does not reference any accounts. ............................................................................... 232332322323
  | | OK   : test-aws-is-broken trust policy does not reference any accounts. ....................................................................................... 232332322323
  | | OK   : test-google-1 trust policy does not reference any accounts. ............................................................................................ 232332322323
  | | OK   : test-google-2 trust policy does not reference any accounts. ............................................................................................ 232332322323
  | | OK   : test-google-role trust policy does not reference any accounts. ......................................................................................... 232332322323
  | | OK   : test-messy-1 trust policy does not reference any accounts. ............................................................................................. 232332322323
  | | OK   : test-role-3 trust policy does not reference any accounts. .............................................................................................. 232332322323
  | | OK   : test-role-self trust policy does not reference any cross-accounts. ..................................................................................... 232332322323
  | | OK   : test-rubbish3 trust policy does not reference any accounts. ............................................................................................ 232332322323
  | | OK   : test-saml-role-1 trust policy does not reference any accounts. ......................................................................................... 232332322323
  | | OK   : test-service-role-1 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : test-service-role-2 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : test-service-role-3 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : test-service-role-4 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : test-service-role-5 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : test-service-role-6 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : test-web-identity-1 trust policy does not reference any accounts. ...................................................................................... 232332322323
  | | OK   : us-east-1_PtrpBLBqu-authRole trust policy does not reference any accounts. ............................................................................. 232332322323
  | | OK   : us-east-1_PtrpBLBqu_Full-access trust policy does not reference any accounts. .......................................................................... 232332322323
  | | OK   : us-east-1_u8mhp37to-authRole trust policy does not reference any accounts. ............................................................................. 232332322323
  | | OK   : us-east-1_u8mhp37to_Full-access trust policy does not reference any accounts. .......................................................................... 232332322323
  | | OK   : us-east-1_u8mhp37to_Manage-only trust policy does not reference any accounts. .......................................................................... 232332322323
  | | 
  | + KMS key policies should prohibit untrusted account access ............................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: 62a473ea-2733-44eb-a626-352318acced6 trust policy grants cross-account access to 2 untrusted accounts: ["*", "232332322323"]. ................ us-east-1 232332322323
  | | 
  | + Lambda function policies should prohibit untrusted account access ....................................................................................  2 /   3 [==        ]
  | | | 
  | | ALARM: test-function-3 trust policy grants cross-account access to 1 untrusted account: ["333322221111"]. ........................................... us-east-1 232332322323
  | | ALARM: test-function-4 trust policy grants cross-account access to 2 untrusted accounts: ["333322221111", "222244446666"]. .......................... us-east-1 232332322323
  | | OK   : test-function trust policy does not reference any cross-accounts. ............................................................................ us-east-1 232332322323
  | | 
  | + S3 bucket policies should prohibit untrusted account access ..........................................................................................  0 /   0 [          ]
  | | 
  | + SNS topic policies should prohibit untrusted account access ..........................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Default_CloudWatch_Alarms_Topic trust policy grants cross-account access to 1 untrusted account: ["*"]. ...................................... us-east-1 232332322323
  | | 
  | + SQS queue policies should prohibit untrusted account access ..........................................................................................  0 /   0 [          ]
  |   
  + Resource Policy Shared Organizations Access ............................................................................................................  6 /  92 [===       ]
  | | 
  | + ECR repository policies should prohibit untrusted organization access ................................................................................  0 /   2 [=         ]
  | | | 
  | | OK   : omero-test-private trust policy does not reference any organizations. ........................................................................ us-east-1 232332322323
  | | OK   : omero-test-private-2 trust policy does not reference any organizations. ...................................................................... us-east-1 232332322323
  | | 
  | + Glacier vault policies should prohibit untrusted organization access .................................................................................  0 /   0 [          ]
  | | 
  | + IAM role trust policies should prohibit untrusted organization access ................................................................................  5 /  86 [===       ]
  | | | 
  | | ALARM: test-role-org-1 trust policy grants access to 1 untrusted organization: ["o-valid"]. ................................................................... 232332322323
  | | ALARM: test-role-org-2 trust policy grants access to 2 untrusted organizations: ["o-valid1", "o-valid2"]. ..................................................... 232332322323
  | | ALARM: test-role-org-3 trust policy grants access to 3 untrusted organizations: ["o-valid1", "o-valid2", "o-valid3"]. ......................................... 232332322323
  | | ALARM: test-role-org-4 trust policy grants access to 3 untrusted organizations: ["o-valid1", "o-valid2", "o-valid3"]. ......................................... 232332322323
  | | ALARM: test-role-org-5 trust policy grants access to 3 untrusted organizations: ["o-valid1", "o-valid2", "o-valid3"]. ......................................... 232332322323
  | | OK   : AWS-QuickSetup-StackSet-Local-AdministrationRole trust policy does not reference any organizations. .................................................... 232332322323
  | | OK   : AWS-QuickSetup-StackSet-Local-ExecutionRole trust policy does not reference any organizations. ......................................................... 232332322323
  | | OK   : AWSReservedSSO_SSO-Admin_ce6cf919091b63ee trust policy does not reference any organizations. ........................................................... 232332322323
  | | OK   : AWSReservedSSO_SSO-ReadOnly_7e9831f0c1810592 trust policy does not reference any organizations. ........................................................ 232332322323
  | | OK   : AWSServiceRoleForAccessAnalyzer trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : AWSServiceRoleForAutoScaling trust policy does not reference any organizations. ........................................................................ 232332322323
  | | OK   : AWSServiceRoleForBackup trust policy does not reference any organizations. ............................................................................. 232332322323
  | | OK   : AWSServiceRoleForCloudTrail trust policy does not reference any organizations. ......................................................................... 232332322323
  | | OK   : AWSServiceRoleForComputeOptimizer trust policy does not reference any organizations. ................................................................... 232332322323
  | | OK   : AWSServiceRoleForApplicationAutoScaling_DynamoDBTable trust policy does not reference any organizations. ............................................... 232332322323
  | | OK   : AWSServiceRoleForECS trust policy does not reference any organizations. ................................................................................ 232332322323
  | | OK   : AWSServiceRoleForApplicationAutoScaling_ECSService trust policy does not reference any organizations. .................................................. 232332322323
  | | OK   : AWSServiceRoleForElastiCache trust policy does not reference any organizations. ........................................................................ 232332322323
  | | OK   : AWSServiceRoleForElasticLoadBalancing trust policy does not reference any organizations. ............................................................... 232332322323
  | | OK   : AWSServiceRoleForGlobalAccelerator trust policy does not reference any organizations. .................................................................. 232332322323
  | | OK   : AWSServiceRoleForCloudFrontLogger trust policy does not reference any organizations. ................................................................... 232332322323
  | | OK   : AWSServiceRoleForOrganizations trust policy does not reference any organizations. ...................................................................... 232332322323
  | | OK   : AWSServiceRoleForRDS trust policy does not reference any organizations. ................................................................................ 232332322323
  | | OK   : AWSServiceRoleForBackupReports trust policy does not reference any organizations. ...................................................................... 232332322323
  | | OK   : AWSServiceRoleForAmazonSSM trust policy does not reference any organizations. .......................................................................... 232332322323
  | | OK   : AWSServiceRoleForSSO trust policy does not reference any organizations. ................................................................................ 232332322323
  | | OK   : AWSServiceRoleForSupport trust policy does not reference any organizations. ............................................................................ 232332322323
  | | OK   : AWSServiceRoleForTrustedAdvisor trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : ec2_s3_read_only trust policy does not reference any organizations. .................................................................................... 232332322323
  | | OK   : ec2_s3_read_only_2 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : ec2_s3_read_only_3 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : iam_trusted_access_role_1 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_2 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_20 trust policy does not reference any organizations. .......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_3 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_30 trust policy does not reference any organizations. .......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_4 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_41 trust policy does not reference any organizations. .......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_5 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_6 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_7 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_8 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : iam_trusted_access_role_9 trust policy does not reference any organizations. ........................................................................... 232332322323
  | | OK   : my-sso-role trust policy does not reference any organizations. ......................................................................................... 232332322323
  | | OK   : PublishFlowLogsToCloudWatchRole trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : PublishToCloudWatchLogsRole trust policy does not reference any organizations. ......................................................................... 232332322323
  | | OK   : resource-policy-analysis-role-1 trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : rexaac-assume-role trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : AWSBackupDefaultServiceRole trust policy does not reference any organizations. ......................................................................... 232332322323
  | | OK   : test-function-2-role-i16umoc8 trust policy does not reference any organizations. ....................................................................... 232332322323
  | | OK   : test-function-3-role-ofc3xrg2 trust policy does not reference any organizations. ....................................................................... 232332322323
  | | OK   : test-function-4-role-bjzyzpti trust policy does not reference any organizations. ....................................................................... 232332322323
  | | OK   : test-function-role-ouk9m007 trust policy does not reference any organizations. ......................................................................... 232332322323
  | | OK   : test-admin-role trust policy does not reference any organizations. ..................................................................................... 232332322323
  | | OK   : test-amazon-1 trust policy does not reference any organizations. ....................................................................................... 232332322323
  | | OK   : test-aws-amazon-sub-type-1 trust policy does not reference any organizations. .......................................................................... 232332322323
  | | OK   : test-aws-is-broken trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-google-2 trust policy does not reference any organizations. ....................................................................................... 232332322323
  | | OK   : test-google-role trust policy does not reference any organizations. .................................................................................... 232332322323
  | | OK   : test-messy-1 trust policy does not reference any organizations. ........................................................................................ 232332322323
  | | OK   : test-public-1 trust policy does not reference any organizations. ....................................................................................... 232332322323
  | | OK   : test-public-role-5 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-role-2 trust policy does not reference any organizations. ......................................................................................... 232332322323
  | | OK   : test-role-3 trust policy does not reference any organizations. ......................................................................................... 232332322323
  | | OK   : test-role-mulitple trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-role-mulitple-2 trust policy does not reference any organizations. ................................................................................ 232332322323
  | | OK   : test-role-public-2 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-role-public-3 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-role-public-4 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-role-public-5 trust policy does not reference any organizations. .................................................................................. 232332322323
  | | OK   : test-role-self trust policy does not reference any organizations. ...................................................................................... 232332322323
  | | OK   : test-rubbish3 trust policy does not reference any organizations. ....................................................................................... 232332322323
  | | OK   : test-saml-role-1 trust policy does not reference any organizations. .................................................................................... 232332322323
  | | OK   : test-service-role-1 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : test-service-role-2 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : test-service-role-3 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : test-service-role-4 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : test-service-role-5 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : test-service-role-6 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : test-steampipe-role-1 trust policy does not reference any organizations. ............................................................................... 232332322323
  | | OK   : test-web-identity-1 trust policy does not reference any organizations. ................................................................................. 232332322323
  | | OK   : us-east-1_PtrpBLBqu_Full-access trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : us-east-1_PtrpBLBqu_Manage-only trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : us-east-1_u8mhp37to-authRole trust policy does not reference any organizations. ........................................................................ 232332322323
  | | OK   : us-east-1_u8mhp37to_Full-access trust policy does not reference any organizations. ..................................................................... 232332322323
  | | OK   : us-east-1_u8mhp37to_Manage-only trust policy does not reference any organizations. ..................................................................... 232332322323
  | | 
  | + KMS key policies should prohibit untrusted organization access .......................................................................................  0 /   0 [          ]
  | | 
  | + Lambda function policies should prohibit untrusted organization access ...............................................................................  0 /   2 [=         ]
  | | | 
  | | OK   : test-function trust policy does not reference any organizations. ............................................................................. us-east-1 232332322323
  | | OK   : test-function-4 trust policy does not reference any organizations. ........................................................................... us-east-1 232332322323
  | | 
  | + S3 bucket policies should prohibit untrusted organization access .....................................................................................  0 /   2 [=         ]
  | | | 
  | | OK   : account-tags-test-bucket trust policy does not reference any organizations. .................................................................. us-east-1 232332322323
  | | OK   : omero-resource-policy-bucket trust policy does not reference any organizations. .............................................................. us-east-1 232332322323
  | | 
  | + SNS topic policies should prohibit untrusted organization access .....................................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Default_CloudWatch_Alarms_Topic trust policy does not reference any organizations. ........................................................... us-east-1 232332322323
  | | 
  | + SQS queue policies should prohibit untrusted organization access .....................................................................................  0 /   0 [          ]
  |   
  + Resource Policy Shared Services Access ................................................................................................................. 42 /  92 [===       ]
  | | 
  | + ECR repository policies should prohibit untrusted organization access ................................................................................  2 /   2 [=         ]
  | | | 
  | | ALARM: omero-test-private trust policy grants access to 1 untrusted service: ["codebuild.amazonaws.com"]. ........................................... us-east-1 232332322323
  | | ALARM: omero-test-private-2 trust policy grants access to 1 untrusted service: ["codebuild.amazonaws.com"]. ......................................... us-east-1 232332322323
  | | 
  | + Glacier vault policies should prohibit untrusted organization access .................................................................................  0 /   0 [          ]
  | | 
  | + IAM role trust policies should prohibit untrusted organization access ................................................................................ 40 /  89 [===       ]
  | | | 
  | | ALARM: AWS-QuickSetup-StackSet-Local-AdministrationRole trust policy grants access to 1 untrusted service: ["cloudformation.amazonaws.com"]. .................. 232332322323
  | | ALARM: AWSServiceRoleForAccessAnalyzer trust policy grants access to 1 untrusted service: ["access-analyzer.amazonaws.com"]. .................................. 232332322323
  | | ALARM: AWSServiceRoleForAutoScaling trust policy grants access to 1 untrusted service: ["autoscaling.amazonaws.com"]. ......................................... 232332322323
  | | ALARM: AWSServiceRoleForBackup trust policy grants access to 1 untrusted service: ["backup.amazonaws.com"]. ................................................... 232332322323
  | | ALARM: AWSServiceRoleForCloudTrail trust policy grants access to 1 untrusted service: ["cloudtrail.amazonaws.com"]. ........................................... 232332322323
  | | ALARM: AWSServiceRoleForComputeOptimizer trust policy grants access to 1 untrusted service: ["compute-optimizer.amazonaws.com"]. .............................. 232332322323
  | | ALARM: AWSServiceRoleForConfig trust policy grants access to 1 untrusted service: ["config.amazonaws.com"]. ................................................... 232332322323
  | | ALARM: AWSServiceRoleForApplicationAutoScaling_DynamoDBTable trust policy grants access to 1 untrusted service: ["dynamodb.application-autoscaling.amazonaws.c… 232332322323
  | | ALARM: AWSServiceRoleForECS trust policy grants access to 1 untrusted service: ["ecs.amazonaws.com"]. ......................................................... 232332322323
  | | ALARM: AWSServiceRoleForApplicationAutoScaling_ECSService trust policy grants access to 1 untrusted service: ["ecs.application-autoscaling.amazonaws.com"]. ... 232332322323
  | | ALARM: AWSServiceRoleForElastiCache trust policy grants access to 1 untrusted service: ["elasticache.amazonaws.com"]. ......................................... 232332322323
  | | ALARM: AWSServiceRoleForGlobalAccelerator trust policy grants access to 1 untrusted service: ["globalaccelerator.amazonaws.com"]. ............................. 232332322323
  | | ALARM: AWSServiceRoleForCloudFrontLogger trust policy grants access to 1 untrusted service: ["logger.cloudfront.amazonaws.com"]. .............................. 232332322323
  | | ALARM: AWSServiceRoleForAPIGateway trust policy grants access to 1 untrusted service: ["ops.apigateway.amazonaws.com"]. ....................................... 232332322323
  | | ALARM: AWSServiceRoleForOrganizations trust policy grants access to 1 untrusted service: ["organizations.amazonaws.com"]. ..................................... 232332322323
  | | ALARM: AWSServiceRoleForRDS trust policy grants access to 1 untrusted service: ["rds.amazonaws.com"]. ......................................................... 232332322323
  | | ALARM: AWSServiceRoleForBackupReports trust policy grants access to 1 untrusted service: ["reports.backup.amazonaws.com"]. .................................... 232332322323
  | | ALARM: AWSServiceRoleForSecurityHub trust policy grants access to 1 untrusted service: ["securityhub.amazonaws.com"]. ......................................... 232332322323
  | | ALARM: AWSServiceRoleForAmazonSSM trust policy grants access to 1 untrusted service: ["ssm.amazonaws.com"]. ................................................... 232332322323
  | | ALARM: AWSServiceRoleForSSO trust policy grants access to 1 untrusted service: ["sso.amazonaws.com"]. ......................................................... 232332322323
  | | ALARM: AWSServiceRoleForSupport trust policy grants access to 1 untrusted service: ["support.amazonaws.com"]. ................................................. 232332322323
  | | ALARM: AWSServiceRoleForTrustedAdvisor trust policy grants access to 1 untrusted service: ["trustedadvisor.amazonaws.com"]. ................................... 232332322323
  | | ALARM: ec2_s3_read_only_3 trust policy grants access to 1 untrusted service: ["lambda.amazonaws.com"]. ........................................................ 232332322323
  | | ALARM: PublishFlowLogsToCloudWatchRole trust policy grants access to 1 untrusted service: ["vpc-flow-logs.amazonaws.com"]. .................................... 232332322323
  | | ALARM: PublishToCloudWatchLogsRole trust policy grants access to 1 untrusted service: ["vpc-flow-logs.amazonaws.com"]. ........................................ 232332322323
  | | ALARM: AWSBackupDefaultServiceRole trust policy grants access to 1 untrusted service: ["backup.amazonaws.com"]. ............................................... 232332322323
  | | ALARM: test-function-2-role-i16umoc8 trust policy grants access to 1 untrusted service: ["lambda.amazonaws.com"]. ............................................. 232332322323
  | | ALARM: test-function-3-role-ofc3xrg2 trust policy grants access to 1 untrusted service: ["lambda.amazonaws.com"]. ............................................. 232332322323
  | | ALARM: test-function-4-role-bjzyzpti trust policy grants access to 1 untrusted service: ["lambda.amazonaws.com"]. ............................................. 232332322323
  | | ALARM: test-function-role-ouk9m007 trust policy grants access to 1 untrusted service: ["lambda.amazonaws.com"]. ............................................... 232332322323
  | | ALARM: test-aws-is-broken trust policy grants access to 1 untrusted service: ["lambda.amazonaws.com"]. ........................................................ 232332322323
  | | ALARM: test-public-role-5 trust policy grants access to 2 untrusted services: ["cloudwatch.amazonaws.com", "ecs.amazonaws.com"]. .............................. 232332322323
  | | ALARM: test-role-public-3 trust policy grants access to 1 untrusted service: ["ecs.amazonaws.com"]. ........................................................... 232332322323
  | | ALARM: test-role-public-4 trust policy grants access to 2 untrusted services: ["cloudwatch.amazonaws.com", "ecs.amazonaws.com"]. .............................. 232332322323
  | | ALARM: test-role-public-5 trust policy grants access to 3 untrusted services: ["cloudwatch.amazonaws.com", "ecs.amazonaws.com", "fsx.amazonaws.com"]. ......... 232332322323
  | | ALARM: test-service-role-1 trust policy grants access to 1 untrusted service: ["access-analyzer.amazonaws.com"]. .............................................. 232332322323
  | | ALARM: test-service-role-2 trust policy grants access to 2 untrusted services: ["access-analyzer.amazonaws.com", "backup.amazonaws.com"]. ..................... 232332322323
  | | ALARM: test-service-role-3 trust policy grants access to 3 untrusted services: ["access-analyzer.amazonaws.com", "backup.amazonaws.com", "cloudtrail.amazonaws… 232332322323
  | | ALARM: test-service-role-4 trust policy grants access to 4 untrusted services: ["access-analyzer.amazonaws.com", "backup.amazonaws.com", "cloudtrail.amazonaws… 232332322323
  | | ALARM: test-service-role-5 trust policy grants access to 3 untrusted services: ["access-analyzer.amazonaws.com", "backup.amazonaws.com", "globalaccelerator.am… 232332322323
  | | OK   : AWS-QuickSetup-StackSet-Local-ExecutionRole trust policy does not reference any services. .............................................................. 232332322323
  | | OK   : AWSReservedSSO_SSO-Admin_ce6cf919091b63ee trust policy does not reference any services. ................................................................ 232332322323
  | | OK   : AWSReservedSSO_SSO-ReadOnly_7e9831f0c1810592 trust policy does not reference any services. ............................................................. 232332322323
  | | OK   : AWSServiceRoleForElasticLoadBalancing trust policy grants access to 1 trusted service(s). .............................................................. 232332322323
  | | OK   : ec2_s3_read_only trust policy grants access to 1 trusted service(s). ................................................................................... 232332322323
  | | OK   : ec2_s3_read_only_2 trust policy grants access to 1 trusted service(s). ................................................................................. 232332322323
  | | OK   : iam_trusted_access_role_1 trust policy grants access to 1 trusted service(s). .......................................................................... 232332322323
  | | OK   : iam_trusted_access_role_10 trust policy does not reference any services. ............................................................................... 232332322323
  | | OK   : iam_trusted_access_role_2 trust policy does not reference any services. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_20 trust policy does not reference any services. ............................................................................... 232332322323
  | | OK   : iam_trusted_access_role_30 trust policy does not reference any services. ............................................................................... 232332322323
  | | OK   : iam_trusted_access_role_4 trust policy does not reference any services. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_41 trust policy does not reference any services. ............................................................................... 232332322323
  | | OK   : iam_trusted_access_role_5 trust policy does not reference any services. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_6 trust policy does not reference any services. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_7 trust policy does not reference any services. ................................................................................ 232332322323
  | | OK   : iam_trusted_access_role_9 trust policy does not reference any services. ................................................................................ 232332322323
  | | OK   : my-sso-role trust policy does not reference any services. .............................................................................................. 232332322323
  | | OK   : resource-policy-analysis-role-1 trust policy grants access to 1 trusted service(s). .................................................................... 232332322323
  | | OK   : rexaac-assume-role trust policy does not reference any services. ....................................................................................... 232332322323
  | | OK   : test-admin-role trust policy does not reference any services. .......................................................................................... 232332322323
  | | OK   : test-amazon-1 trust policy does not reference any services. ............................................................................................ 232332322323
  | | OK   : test-aws-amazon-sub-type-1 trust policy does not reference any services. ............................................................................... 232332322323
  | | OK   : test-google-1 trust policy does not reference any services. ............................................................................................ 232332322323
  | | OK   : test-google-2 trust policy does not reference any services. ............................................................................................ 232332322323
  | | OK   : test-google-role trust policy does not reference any services. ......................................................................................... 232332322323
  | | OK   : test-messy-1 trust policy does not reference any services. ............................................................................................. 232332322323
  | | OK   : test-public-1 trust policy does not reference any services. ............................................................................................ 232332322323
  | | OK   : test-role-3 trust policy does not reference any services. .............................................................................................. 232332322323
  | | OK   : test-role-mulitple trust policy does not reference any services. ....................................................................................... 232332322323
  | | OK   : test-role-mulitple-2 trust policy does not reference any services. ..................................................................................... 232332322323
  | | OK   : test-role-org-1 trust policy does not reference any services. .......................................................................................... 232332322323
  | | OK   : test-role-org-2 trust policy does not reference any services. .......................................................................................... 232332322323
  | | OK   : test-role-org-3 trust policy does not reference any services. .......................................................................................... 232332322323
  | | OK   : test-role-org-4 trust policy does not reference any services. .......................................................................................... 232332322323
  | | OK   : test-role-org-5 trust policy does not reference any services. .......................................................................................... 232332322323
  | | OK   : test-role-public-2 trust policy grants access to 1 trusted service(s). ................................................................................. 232332322323
  | | OK   : test-role-self trust policy does not reference any services. ........................................................................................... 232332322323
  | | OK   : test-rubbish3 trust policy does not reference any services. ............................................................................................ 232332322323
  | | OK   : test-saml-role-1 trust policy does not reference any services. ......................................................................................... 232332322323
  | | OK   : test-service-role-6 trust policy grants access to 1 trusted service(s). ................................................................................ 232332322323
  | | OK   : test-steampipe-role-1 trust policy does not reference any services. .................................................................................... 232332322323
  | | OK   : test-web-identity-1 trust policy does not reference any services. ...................................................................................... 232332322323
  | | OK   : us-east-1_PtrpBLBqu-authRole trust policy does not reference any services. ............................................................................. 232332322323
  | | OK   : us-east-1_PtrpBLBqu_Full-access trust policy does not reference any services. .......................................................................... 232332322323
  | | OK   : us-east-1_PtrpBLBqu_Manage-only trust policy does not reference any services. .......................................................................... 232332322323
  | | OK   : us-east-1_u8mhp37to-authRole trust policy does not reference any services. ............................................................................. 232332322323
  | | OK   : us-east-1_u8mhp37to_Full-access trust policy does not reference any services. .......................................................................... 232332322323
  | | OK   : us-east-1_u8mhp37to_Manage-only trust policy does not reference any services. .......................................................................... 232332322323
  | | 
  | + KMS key policies should prohibit untrusted organization access .......................................................................................  0 /   0 [          ]
  | | 
  | + Lambda function policies should prohibit untrusted organization access ...............................................................................  0 /   0 [          ]
  | | 
  | + S3 bucket policies should prohibit untrusted organization access .....................................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : omero-resource-policy-bucket trust policy does not reference any services. ................................................................... us-east-1 232332322323
  | | 
  | + SNS topic policies should prohibit untrusted organization access .....................................................................................  0 /   0 [          ]
  | | 
  | + SQS queue policies should prohibit untrusted organization access .....................................................................................  0 /   0 [          ]
  |   
  + Resource Policy Shared Indentity Providers Access ...................................................................................................... 18 /  93 [===       ]
    | 
    + ECR repository policies should prohibit access of untrusted identity providers .......................................................................  0 /   2 [=         ]
    | | 
    | OK   : omero-test-private trust policy does not reference any identity providers. ................................................................... us-east-1 232332322323
    | OK   : omero-test-pr
    | 
    + Glacier vault policies should prohibit access of untrusted identity providers ........................................................................  0 /   0 [          ]
    | 
    + IAM role trust policies should prohibit access of untrusted identity providers ....................................................................... 17 /  89 [===       ]
    | | 
    | ALARM: AWSReservedSSO_SSO-ReadOnly_7e9831f0c1810592 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWS… 232332322323
    | ALARM: iam_trusted_access_role_30 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5… 232332322323
    | ALARM: iam_trusted_access_role_5 trust policy grants access to 2 untrusted identity providers: ["arn:aws:iam::232332322323:saml-provider/SSO1_WITH_A_NAME", "a… 232332322323
    | ALARM: iam_trusted_access_role_6 trust policy grants access to 1 untrusted identity provider: ["www.amazon.com"]. ............................................. 232332322323
    | ALARM: iam_trusted_access_role_7 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5d… 232332322323
    | ALARM: iam_trusted_access_role_8 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5d… 232332322323
    | ALARM: my-sso-role trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5d4_DO_NOT_DELET… 232332322323
    | ALARM: test-amazon-1 trust policy grants access to 1 untrusted identity provider: ["www.amazon.com"]. ......................................................... 232332322323
    | ALARM: test-aws-amazon-sub-type-1 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5… 232332322323
    | ALARM: test-google-1 trust policy grants access to 1 untrusted identity provider: ["accounts.google.com"]. .................................................... 232332322323
    | ALARM: test-google-2 trust policy grants access to 1 untrusted identity provider: ["accounts.google.com"]. .................................................... 232332322323
    | ALARM: test-google-role trust policy grants access to 1 untrusted identity provider: ["accounts.google.com"]. ................................................. 232332322323
    | ALARM: test-messy-1 trust policy grants access to 2 untrusted identity providers: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5d4_DO_NOT_DEL… 232332322323
    | ALARM: test-role-3 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::688720832404:saml-provider/provider-name"]. .................... 232332322323
    | ALARM: test-rubbish3 trust policy grants access to 1 untrusted identity provider: ["accounts.google.com"]. .................................................... 232332322323
    | ALARM: test-saml-role-1 trust policy grants access to 1 untrusted identity provider: ["arn:aws:iam::232332322323:saml-provider/AWSSSO_2d3ba2e36f2ba5d4_DO_NOT_… 232332322323
    | ALARM: test-web-identity-1 trust policy grants access to 1 untrusted identity provider: ["accounts.google.com"]. .............................................. 232332322323
    | OK   : AWS-QuickSetup-StackSet-Local-AdministrationRole trust policy does not reference any identity providers. ............................................... 232332322323
    | OK   : AWS-QuickSetup-StackSet-Local-ExecutionRole trust policy does not reference any identity providers. .................................................... 232332322323
    | OK   : AWSServiceRoleForAccessAnalyzer trust policy does not reference any identity providers. ................................................................ 232332322323
    | OK   : AWSServiceRoleForBackup trust policy does not reference any identity providers. ........................................................................ 232332322323
    | OK   : AWSServiceRoleForCloudTrail trust policy does not reference any identity providers. .................................................................... 232332322323
    | OK   : AWSServiceRoleForComputeOptimizer trust policy does not reference any identity providers. .............................................................. 232332322323
    | OK   : AWSServiceRoleForConfig trust policy does not reference any identity providers. ........................................................................ 232332322323
    | OK   : AWSServiceRoleForApplicationAutoScaling_DynamoDBTable trust policy does not reference any identity providers. .......................................... 232332322323
    | OK   : AWSServiceRoleForECS trust policy does not reference any identity providers. ........................................................................... 232332322323
    | OK   : AWSServiceRoleForApplicationAutoScaling_ECSService trust policy does not reference any identity providers. ............................................. 232332322323
    | OK   : AWSServiceRoleForElastiCache trust policy does not reference any identity providers. ................................................................... 232332322323
    | OK   : AWSServiceRoleForElasticLoadBalancing trust policy does not reference any identity providers. .......................................................... 232332322323
    | OK   : AWSServiceRoleForGlobalAccelerator trust policy does not reference any identity providers. ............................................................. 232332322323
    | OK   : AWSServiceRoleForCloudFrontLogger trust policy does not reference any identity providers. .............................................................. 232332322323
    | OK   : AWSServiceRoleForAPIGateway trust policy does not reference any identity providers. .................................................................... 232332322323
    | OK   : AWSServiceRoleForOrganizations trust policy does not reference any identity providers. ................................................................. 232332322323
    | OK   : AWSServiceRoleForRDS trust policy does not reference any identity providers. ........................................................................... 232332322323
    | OK   : AWSServiceRoleForBackupReports trust policy does not reference any identity providers. ................................................................. 232332322323
    | OK   : AWSServiceRoleForSecurityHub trust policy does not reference any identity providers. ................................................................... 232332322323
    | OK   : AWSServiceRoleForAmazonSSM trust policy does not reference any identity providers. ..................................................................... 232332322323
    | OK   : AWSServiceRoleForSSO trust policy does not reference any identity providers. ........................................................................... 232332322323
    | OK   : AWSServiceRoleForSupport trust policy does not reference any identity providers. ....................................................................... 232332322323
    | OK   : ec2_s3_read_only trust policy does not reference any identity providers. ............................................................................... 232332322323
    | OK   : ec2_s3_read_only_2 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : ec2_s3_read_only_3 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : iam_trusted_access_role_1 trust policy grants access to 1 trusted identity provider(s). ................................................................ 232332322323
    | OK   : iam_trusted_access_role_10 trust policy does not reference any identity providers. ..................................................................... 232332322323
    | OK   : iam_trusted_access_role_2 trust policy does not reference any identity providers. ...................................................................... 232332322323
    | OK   : iam_trusted_access_role_20 trust policy does not reference any identity providers. ..................................................................... 232332322323
    | OK   : iam_trusted_access_role_3 trust policy does not reference any identity providers. ...................................................................... 232332322323
    | OK   : iam_trusted_access_role_4 trust policy does not reference any identity providers. ...................................................................... 232332322323
    | OK   : iam_trusted_access_role_41 trust policy does not reference any identity providers. ..................................................................... 232332322323
    | OK   : iam_trusted_access_role_9 trust policy does not reference any identity providers. ...................................................................... 232332322323
    | OK   : PublishFlowLogsToCloudWatchRole trust policy does not reference any identity providers. ................................................................ 232332322323
    | OK   : PublishToCloudWatchLogsRole trust policy does not reference any identity providers. .................................................................... 232332322323
    | OK   : resource-policy-analysis-role-1 trust policy does not reference any identity providers. ................................................................ 232332322323
    | OK   : rexaac-assume-role trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : AWSBackupDefaultServiceRole trust policy does not reference any identity providers. .................................................................... 232332322323
    | OK   : test-function-2-role-i16umoc8 trust policy does not reference any identity providers. .................................................................. 232332322323
    | OK   : test-function-3-role-ofc3xrg2 trust policy does not reference any identity providers. .................................................................. 232332322323
    | OK   : test-function-4-role-bjzyzpti trust policy does not reference any identity providers. .................................................................. 232332322323
    | OK   : test-function-role-ouk9m007 trust policy does not reference any identity providers. .................................................................... 232332322323
    | OK   : test-admin-role trust policy does not reference any identity providers. ................................................................................ 232332322323
    | OK   : test-aws-is-broken trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-public-1 trust policy does not reference any identity providers. .................................................................................. 232332322323
    | OK   : test-public-role-5 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-role-2 trust policy grants access to 1 trusted identity provider(s). .............................................................................. 232332322323
    | OK   : test-role-mulitple trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-role-mulitple-2 trust policy does not reference any identity providers. ........................................................................... 232332322323
    | OK   : test-role-org-1 trust policy does not reference any identity providers. ................................................................................ 232332322323
    | OK   : test-role-org-2 trust policy does not reference any identity providers. ................................................................................ 232332322323
    | OK   : test-role-org-3 trust policy does not reference any identity providers. ................................................................................ 232332322323
    | OK   : test-role-org-4 trust policy does not reference any identity providers. ................................................................................ 232332322323
    | OK   : test-role-org-5 trust policy does not reference any identity providers. ................................................................................ 232332322323
    | OK   : test-role-public-2 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-role-public-3 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-role-public-4 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-role-public-5 trust policy does not reference any identity providers. ............................................................................. 232332322323
    | OK   : test-role-self trust policy does not reference any identity providers. ................................................................................. 232332322323
    | OK   : test-service-role-1 trust policy does not reference any identity providers. ............................................................................ 232332322323
    | OK   : test-service-role-2 trust policy does not reference any identity providers. ............................................................................ 232332322323
    | OK   : test-service-role-3 trust policy does not reference any identity providers. ............................................................................ 232332322323
    | OK   : test-service-role-4 trust policy does not reference any identity providers. ............................................................................ 232332322323
    | OK   : test-service-role-5 trust policy does not reference any identity providers. ............................................................................ 232332322323
    | OK   : test-service-role-6 trust policy does not reference any identity providers. ............................................................................ 232332322323
    | OK   : test-steampipe-role-1 trust policy does not reference any identity providers. .......................................................................... 232332322323
    | OK   : us-east-1_PtrpBLBqu-authRole trust policy grants access to 1 trusted identity provider(s). ............................................................. 232332322323
    | OK   : us-east-1_PtrpBLBqu_Full-access trust policy grants access to 1 trusted identity provider(s). .......................................................... 232332322323
    | OK   : us-east-1_PtrpBLBqu_Manage-only trust policy grants access to 1 trusted identity provider(s). .......................................................... 232332322323
    | OK   : us-east-1_u8mhp37to-authRole trust policy grants access to 1 trusted identity provider(s). ............................................................. 232332322323
    | OK   : us-east-1_u8mhp37to_Full-access trust policy grants access to 1 trusted identity provider(s). .......................................................... 232332322323
    | OK   : us-east-1_u8mhp37to_Manage-only trust policy grants access to 1 trusted identity provider(s). .......................................................... 232332322323
    | 
    + KMS key policies should prohibit access of untrusted identity providers ..............................................................................  0 /   1 [=         ]
    | | 
    | OK   : 62a473ea-2733-44eb-a626-352318acced6 trust policy does not reference any identity providers. ................................................. us-east-1 232332322323
    | 
    + Lambda function policies should prohibit access of untrusted identity providers ......................................................................  0 /   1 [=         ]
    | | 
    | OK   : test-function-4 trust policy does not reference any identity providers. ...................................................................... us-east-1 232332322323
    | 
    + S3 bucket policies should prohibit access of untrusted identity providers ............................................................................  0 /   0 [          ]
    | 
    + SNS topic policies should prohibit access of untrusted identity providers ............................................................................  0 /   1 [=         ]
    | | 
    | OK   : Default_CloudWatch_Alarms_Topic trust policy does not reference any identity providers. ...................................................... us-east-1 232332322323
    | 
    + SQS queue policies should prohibit access of untrusted identity providers ............................................................................  0 /   0 [          ]

Summary

OK .............................................................................................................................................................. 302 [========  ]
SKIP .............................................................................................................................................................. 0 [          ]
INFO .............................................................................................................................................................. 5 [=         ]
ALARM ............................................................................................................................................................ 92 [===       ]
ERROR ............................................................................................................................................................. 2 [=         ]

TOTAL ...................................................................................................................................................... 94 / 401 [==========]
omerosaienni@engineering ~/source-code/steampipe/steampipe-mod-aws-perimeter(updating-perimeter-mod-to-use-analyse-table)$
omerosaienni commented 2 years ago

Public Access

omerosaienni@engineering ~/source-code/steampipe/steampipe-mod-aws-perimeter(updating-perimeter-mod-to-use-analyse-table)$ steampipe check benchmark.public_access

Public Access .............................................................................................................................................. 60 / 133 [==========]
| 
+ Public Access Settings ...................................................................................................................................  3 /  34 [===       ]
| | 
| + API Gateway APIs should prohibit public access .........................................................................................................  0 /   0 [          ]
| | 
| + Database Migration Service (DMS) replication instances should not be public ............................................................................  0 /   0 [          ]
| | 
| + EBS snapshots should not be publicly restorable ........................................................................................................  0 /   6 [=         ]
| | | 
| | OK   : snap-09c14fff2c4c1b36b not publicly restorable. ................................................................................................ us-east-1 123456789012
| | OK   : snap-0e3cd6d751a0d274e not publicly restorable. ................................................................................................ us-east-1 123456789012
| | OK   : snap-01c573b1f4ebad60f not publicly restorable. ................................................................................................ us-east-1 123456789012
| | OK   : snap-0d052e9a6dc0b710b not publicly restorable. ................................................................................................ us-east-1 123456789012
| | OK   : snap-02fb96ea75cc078ff not publicly restorable. ................................................................................................ us-east-1 123456789012
| | OK   : snap-0263366219ef8e62d not publicly restorable. ................................................................................................ us-east-1 123456789012
| | 
| + EC2 AMIs should not be shared publicly .................................................................................................................  1 /   6 [==        ]
| | | 
| | ALARM: ami-public-instance-1 publicly accessible. ..................................................................................................... us-east-1 123456789012
| | OK   : ami-private-image-1 not publicly accessible. ................................................................................................... us-east-1 123456789012
| | OK   : ami-private-image-2 not publicly accessible. ................................................................................................... us-east-1 123456789012
| | OK   : ami-private-image-3 not publicly accessible. ................................................................................................... us-east-1 123456789012
| | OK   : ami-public-instance-2 not publicly accessible. ................................................................................................. us-east-1 123456789012
| | OK   : ami-public-instance-3 not publicly accessible. ................................................................................................. us-east-1 123456789012
| | 
| + EKS cluster endpoints should prohibit public access ....................................................................................................  0 /   0 [          ]
| | 
| + RDS DB cluster snapshots should not be publicly restorable .............................................................................................  0 /   0 [          ]
| | 
| + RDS DB instances should prohibit public accesss ........................................................................................................  0 /   0 [          ]
| | 
| + RDS DB snapshots should not be publicly restorable .....................................................................................................  0 /   0 [          ]
| | 
| + Redshift clusters should prohibit public access ........................................................................................................  0 /   0 [          ]
| | 
| + S3 bucket ACLs should prohibit public read access ......................................................................................................  0 /   7 [=         ]
| | | 
| | OK   : config-bucket-111122223333 not publicly readable. .............................................................................................. us-east-1 111122223333
| | OK   : test-omero-bucket-1 not publicly readable. ..................................................................................................... us-east-1 111122223333
| | OK   : account-tags-test-bucket not publicly readable. ................................................................................................ us-east-1 111122223333
| | OK   : my-test-bucket-errored not publicly readable. .................................................................................................. us-east-1 111122223333
| | OK   : omero-cloudfront-test-bucket not publicly readable. ............................................................................................ us-east-1 111122223333
| | OK   : aws-cloudtrail-logs-111122223333-84bb46df not publicly readable. ............................................................................... us-east-1 111122223333
| | OK   : omero-resource-policy-bucket not publicly readable. ............................................................................................ us-east-1 111122223333
| | 
| + S3 bucket ACLs should prohibit public write access .....................................................................................................  0 /   7 [=         ]
| | | 
| | OK   : config-bucket-111122223333 not publicly writable. .............................................................................................. us-east-1 111122223333
| | OK   : test-omero-bucket-1 not publicly writable. ..................................................................................................... us-east-1 111122223333
| | OK   : account-tags-test-bucket not publicly writable. ................................................................................................ us-east-1 111122223333
| | OK   : my-test-bucket-errored not publicly writable. .................................................................................................. us-east-1 111122223333
| | OK   : omero-cloudfront-test-bucket not publicly writable. ............................................................................................ us-east-1 111122223333
| | OK   : aws-cloudtrail-logs-111122223333-84bb46df not publicly writable. ............................................................................... us-east-1 111122223333
| | OK   : omero-resource-policy-bucket not publicly writable. ............................................................................................ us-east-1 111122223333
| | 
| + S3 account settings should block public access .........................................................................................................  1 /   1 [=         ]
| | | 
| | ALARM: Account level public access not enabled for: block_public_acls, block_public_policy, ignore_public_acls, restrict_public_buckets. ........................ 111122223333
| | 
| + S3 buckets should block public access at bucket level ..................................................................................................  1 /   7 [==        ]
| | | 
| | ALARM: omero-resource-policy-bucket not enabled for: block_public_policy, restrict_public_buckets. .................................................... us-east-1 111122223333
| | OK   : account-tags-test-bucket all public access blocks enabled. ..................................................................................... us-east-1 111122223333
| | OK   : config-bucket-111122223333 all public access blocks enabled. ................................................................................... us-east-1 111122223333
| | OK   : test-omero-bucket-1 all public access blocks enabled. .......................................................................................... us-east-1 111122223333
| | OK   : my-test-bucket-errored all public access blocks enabled. ....................................................................................... us-east-1 111122223333
| | OK   : omero-cloudfront-test-bucket all public access blocks enabled. ................................................................................. us-east-1 111122223333
| | OK   : aws-cloudtrail-logs-111122223333-84bb46df all public access blocks enabled. .................................................................... us-east-1 111122223333
| | 
| + SageMaker notebook instances should be prohibited from direct internet access ..........................................................................  0 /   0 [          ]
|   
+ Resource Policy Public Access ............................................................................................................................ 57 /  99 [========  ]
  | 
  + ECR repository policies should prohibit public access ..................................................................................................  1 /   2 [==        ]
  | | 
  | ALARM: omero-test-private-2 policy contains 1 statement that allow public access: [CodeBuildAccess]. .................................................. us-east-1 111122223333
  | OK   : omero-test-private policy does not allow public access. ........................................................................................ us-east-1 111122223333
  | 
  + Glacier vault policies should prohibit public access ...................................................................................................  0 /   0 [          ]
  | 
  + IAM role trust policies should prohibit public access .................................................................................................. 54 /  91 [=======   ]
  | | 
  | ALARM: AWS-QuickSetup-StackSet-Local-AdministrationRole policy contains 1 statement that allow public access: [Statement[1]]. ................................... 111122223333
  | ALARM: AWSServiceRoleForAccessAnalyzer policy contains 1 statement that allow public access: [Statement[1]]. .................................................... 111122223333
  | ALARM: AWSServiceRoleForAutoScaling policy contains 1 statement that allow public access: [Statement[1]]. ....................................................... 111122223333
  | ALARM: AWSServiceRoleForBackup policy contains 1 statement that allow public access: [Statement[1]]. ............................................................ 111122223333
  | ALARM: AWSServiceRoleForCloudTrail policy contains 1 statement that allow public access: [Statement[1]]. ........................................................ 111122223333
  | ALARM: AWSServiceRoleForComputeOptimizer policy contains 1 statement that allow public access: [Statement[1]]. .................................................. 111122223333
  | ALARM: AWSServiceRoleForConfig policy contains 1 statement that allow public access: [Statement[1]]. ............................................................ 111122223333
  | ALARM: AWSServiceRoleForApplicationAutoScaling_DynamoDBTable policy contains 1 statement that allow public access: [Statement[1]]. .............................. 111122223333
  | ALARM: AWSServiceRoleForECS policy contains 1 statement that allow public access: [Statement[1]]. ............................................................... 111122223333
  | ALARM: AWSServiceRoleForApplicationAutoScaling_ECSService policy contains 1 statement that allow public access: [Statement[1]]. ................................. 111122223333
  | ALARM: AWSServiceRoleForElastiCache policy contains 1 statement that allow public access: [Statement[1]]. ....................................................... 111122223333
  | ALARM: AWSServiceRoleForElasticLoadBalancing policy contains 1 statement that allow public access: [Statement[1]]. .............................................. 111122223333
  | ALARM: AWSServiceRoleForGlobalAccelerator policy contains 1 statement that allow public access: [Statement[1]]. ................................................. 111122223333
  | ALARM: AWSServiceRoleForCloudFrontLogger policy contains 1 statement that allow public access: [Statement[1]]. .................................................. 111122223333
  | ALARM: AWSServiceRoleForAPIGateway policy contains 1 statement that allow public access: [Statement[1]]. ........................................................ 111122223333
  | ALARM: AWSServiceRoleForOrganizations policy contains 1 statement that allow public access: [Statement[1]]. ..................................................... 111122223333
  | ALARM: AWSServiceRoleForRDS policy contains 1 statement that allow public access: [Statement[1]]. ............................................................... 111122223333
  | ALARM: AWSServiceRoleForBackupReports policy contains 1 statement that allow public access: [Statement[1]]. ..................................................... 111122223333
  | ALARM: AWSServiceRoleForSecurityHub policy contains 1 statement that allow public access: [Statement[1]]. ....................................................... 111122223333
  | ALARM: AWSServiceRoleForAmazonSSM policy contains 1 statement that allow public access: [Statement[1]]. ......................................................... 111122223333
  | ALARM: AWSServiceRoleForSSO policy contains 1 statement that allow public access: [Statement[1]]. ............................................................... 111122223333
  | ALARM: AWSServiceRoleForSupport policy contains 1 statement that allow public access: [Statement[1]]. ........................................................... 111122223333
  | ALARM: AWSServiceRoleForTrustedAdvisor policy contains 1 statement that allow public access: [Statement[1]]. .................................................... 111122223333
  | ALARM: ec2_s3_read_only policy contains 1 statement that allow public access: [Statement[1]]. ................................................................... 111122223333
  | ALARM: ec2_s3_read_only_2 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................. 111122223333
  | ALARM: ec2_s3_read_only_3 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................. 111122223333
  | ALARM: iam_trusted_access_role_1 policy contains 1 statement that allow public access: [Statement[3]]. .......................................................... 111122223333
  | ALARM: iam_trusted_access_role_5 policy contains 1 statement that allow public access: [Statement[1]]. .......................................................... 111122223333
  | ALARM: PublishFlowLogsToCloudWatchRole policy contains 1 statement that allow public access: [Statement[1]]. .................................................... 111122223333
  | ALARM: PublishToCloudWatchLogsRole policy contains 1 statement that allow public access: [Statement[1]]. ........................................................ 111122223333
  | ALARM: resource-policy-analysis-role-1 policy contains 1 statement that allow public access: [Statement[1]]. .................................................... 111122223333
  | ALARM: AWSBackupDefaultServiceRole policy contains 1 statement that allow public access: [Statement[1]]. ........................................................ 111122223333
  | ALARM: test-function-2-role-i16umoc8 policy contains 1 statement that allow public access: [Statement[1]]. ...................................................... 111122223333
  | ALARM: test-function-3-role-ofc3xrg2 policy contains 1 statement that allow public access: [Statement[1]]. ...................................................... 111122223333
  | ALARM: test-function-4-role-bjzyzpti policy contains 1 statement that allow public access: [Statement[1]]. ...................................................... 111122223333
  | ALARM: test-function-role-ouk9m007 policy contains 1 statement that allow public access: [Statement[1]]. ........................................................ 111122223333
  | ALARM: test-aws-is-broken policy contains 1 statement that allow public access: [Statement[1]]. ................................................................. 111122223333
  | ALARM: test-messy-1 policy contains 1 statement that allow public access: [Statement[1]]. ....................................................................... 111122223333
  | ALARM: test-public-1 policy contains 1 statement that allow public access: [Statement[1]]. ...................................................................... 111122223333
  | ALARM: test-public-role-5 policy contains 3 statement that allow public access: [Statement[1], Statement[2], and 1 more]. ....................................... 111122223333
  | ALARM: test-role-2 policy contains 1 statement that allow public access: [Statement[1]]. ........................................................................ 111122223333
  | ALARM: test-role-3 policy contains 1 statement that allow public access: [Statement[1]]. ........................................................................ 111122223333
  | ALARM: test-role-org-4 policy contains 1 statement that allow public access: [Statement[1]]. .................................................................... 111122223333
  | ALARM: test-role-public-2 policy contains 2 statement that allow public access: [Statement[1], Statement[2]]. ................................................... 111122223333
  | ALARM: test-role-public-3 policy contains 3 statement that allow public access: [Statement[1], Statement[2], and 1 more]. ....................................... 111122223333
  | ALARM: test-role-public-4 policy contains 3 statement that allow public access: [Statement[1], Statement[2], and 1 more]. ....................................... 111122223333
  | ALARM: test-role-public-5 policy contains 4 statement that allow public access: [Statement[1], Statement[2], and 2 more]. ....................................... 111122223333
  | ALARM: test-service-role-1 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................ 111122223333
  | ALARM: test-service-role-2 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................ 111122223333
  | ALARM: test-service-role-3 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................ 111122223333
  | ALARM: test-service-role-4 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................ 111122223333
  | ALARM: test-service-role-5 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................ 111122223333
  | ALARM: test-service-role-6 policy contains 1 statement that allow public access: [Statement[1]]. ................................................................ 111122223333
  | ALARM: test-steampipe-role-1 policy contains 1 statement that allow public access: [Statement[1]]. .............................................................. 111122223333
  | OK   : AWS-QuickSetup-StackSet-Local-ExecutionRole policy does not allow public access. ......................................................................... 111122223333
  | OK   : AWSReservedSSO_SSO-Admin_ce6cf919091b63ee policy does not allow public access. ........................................................................... 111122223333
  | OK   : AWSReservedSSO_SSO-ReadOnly_7e9831f0c1810592 policy does not allow public access. ........................................................................ 111122223333
  | OK   : iam_trusted_access_role_10 policy does not allow public access. .......................................................................................... 111122223333
  | OK   : iam_trusted_access_role_2 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : iam_trusted_access_role_20 policy does not allow public access. .......................................................................................... 111122223333
  | OK   : iam_trusted_access_role_3 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : iam_trusted_access_role_30 policy does not allow public access. .......................................................................................... 111122223333
  | OK   : iam_trusted_access_role_4 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : iam_trusted_access_role_41 policy does not allow public access. .......................................................................................... 111122223333
  | OK   : iam_trusted_access_role_6 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : iam_trusted_access_role_7 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : iam_trusted_access_role_8 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : iam_trusted_access_role_9 policy does not allow public access. ........................................................................................... 111122223333
  | OK   : rexaac-assume-role policy does not allow public access. .................................................................................................. 111122223333
  | OK   : test-admin-role policy does not allow public access. ..................................................................................................... 111122223333
  | OK   : test-amazon-1 policy does not allow public access. ....................................................................................................... 111122223333
  | OK   : test-aws-amazon-sub-type-1 policy does not allow public access. .......................................................................................... 111122223333
  | OK   : test-google-1 policy does not allow public access. ....................................................................................................... 111122223333
  | OK   : test-google-2 policy does not allow public access. ....................................................................................................... 111122223333
  | OK   : test-google-role policy does not allow public access. .................................................................................................... 111122223333
  | OK   : test-role-mulitple policy does not allow public access. .................................................................................................. 111122223333
  | OK   : test-role-mulitple-2 policy does not allow public access. ................................................................................................ 111122223333
  | OK   : test-role-org-1 policy does not allow public access. ..................................................................................................... 111122223333
  | OK   : test-role-org-2 policy does not allow public access. ..................................................................................................... 111122223333
  | OK   : test-role-org-3 policy does not allow public access. ..................................................................................................... 111122223333
  | OK   : test-role-org-5 policy does not allow public access. ..................................................................................................... 111122223333
  | OK   : test-role-self policy does not allow public access. ...................................................................................................... 111122223333
  | OK   : test-rubbish3 policy does not allow public access. ....................................................................................................... 111122223333
  | OK   : test-saml-role-1 policy does not allow public access. .................................................................................................... 111122223333
  | OK   : test-web-identity-1 policy does not allow public access. ................................................................................................. 111122223333
  | OK   : us-east-1_PtrpBLBqu-authRole policy does not allow public access. ........................................................................................ 111122223333
  | OK   : us-east-1_PtrpBLBqu_Full-access policy does not allow public access. ..................................................................................... 111122223333
  | OK   : us-east-1_PtrpBLBqu_Manage-only policy does not allow public access. ..................................................................................... 111122223333
  | OK   : us-east-1_u8mhp37to-authRole policy does not allow public access. ........................................................................................ 111122223333
  | OK   : us-east-1_u8mhp37to_Full-access policy does not allow public access. ..................................................................................... 111122223333
  | OK   : us-east-1_u8mhp37to_Manage-only policy does not allow public access. ..................................................................................... 111122223333
  | 
  + KMS key policies should prohibit public access .........................................................................................................  1 /   1 [=         ]
  | | 
  | ALARM: 62a473ea-2733-44eb-a626-352318acced6 policy contains 5 statement that allow public access: [Allow CloudTrail to describe key, Allow CloudTrail … us-east-1 111122223333
  | 
  + Lambda function policies should prohibit public access .................................................................................................  0 /   3 [=         ]
  | | 
  | OK   : test-function policy does not allow public access. ............................................................................................. us-east-1 111122223333
  | OK   : test-function-3 policy does not allow public access. ........................................................................................... us-east-1 111122223333
  | OK   : test-function-4 policy does not allow public access. ........................................................................................... us-east-1 111122223333
  | 
  + S3 bucket policies should prohibit public access .......................................................................................................  0 /   1 [=         ]
  | | 
  | OK   : omero-cloudfront-test-bucket policy does not allow public access. .............................................................................. us-east-1 111122223333
  | 
  + SNS topic policies should prohibit public access .......................................................................................................  1 /   1 [=         ]
  | | 
  | ALARM: Default_CloudWatch_Alarms_Topic policy contains 1 statement that allow public access: [__default_statement_ID]. ................................ us-east-1 111122223333
  | 
  + SQS queue policies should prohibit public access .......................................................................................................  0 /   0 [          ]

Summary

OK ............................................................................................................................................................... 73 [======    ]
SKIP .............................................................................................................................................................. 0 [          ]
INFO .............................................................................................................................................................. 0 [          ]
ALARM ............................................................................................................................................................ 60 [=====     ]
ERROR ............................................................................................................................................................. 0 [          ]

TOTAL ...................................................................................................................................................... 60 / 133 [==========]
omerosaienni@engineering ~/source-code/steampipe/steampipe-mod-aws-perimeter(updating-perimeter-mod-to-use-analyse-table)$
github-actions[bot] commented 1 year ago

'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.'

github-actions[bot] commented 1 year ago

'This PR was closed because it has been stalled for 90 days with no activity.'