_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 2.0.170
cloudformation scan results:
Passed checks: 33, Failed checks: 0, Skipped checks: 0
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
PASSED for resource: AWS::IAM::Role.LambdaCustomRole
File: hub-main.yaml:37-701
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
File: hub-main.yaml:97-701
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
PASSED for resource: AWS::IAM::Role.LambdaDBRole
File: hub-main.yaml:162-701
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
PASSED for resource: AWS::IAM::Role.LambdaPCARole
File: hub-main.yaml:231-701
Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
PASSED for resource: AWS::Lambda::Function.LambdaLocalDBFunction
File: hub-main.yaml:301-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3
Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
PASSED for resource: AWS::Lambda::Function.LambdaDBFunction
File: hub-main.yaml:371-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3
Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
PASSED for resource: AWS::Lambda::Function.LambdaPCAFunction
File: hub-main.yaml:476-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3
Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
PASSED for resource: AWS::Lambda::Function.LambdaCustomFunction
File: hub-main.yaml:556-701
Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3
Check: CKV_AWS_28: "Ensure Dynamodb point in time recovery (backup) is enabled"
PASSED for resource: AWS::DynamoDB::Table.PCADynamoDB
File: hub-main.yaml:577-607
Guide: https://docs.bridgecrew.io/docs/general_6