SonarCloud detects Permission problems on AWS resources on CloudFormation and Terraform files

Hello Terraform, CloudFormation developers,

SonarCloud is now able to detect Permission problems in your Terraform for AWS or CloudFormation files.

More precisely here are the rules covering this Permission domain:

  • S6302: Having AWS policies that grant all privileges is security-sensitive
  • S6304: Having AWS policies that grant access to all resources of an account is security-sensitive
  • S6317: AWS IAM policies should not allow privilege escalation
  • S6321: Administration services access should be restricted to specific IP addresses
  • S6329: Assigning public IP address to an AWS resource is security-sensitive
  • S6333: Creating public APIs is security-sensitive