Hello Terraform, CloudFormation developers,
SonarCloud is now able to detect Permission problems in your Terraform for AWS or CloudFormation files.
More precisely here are the rules covering this Permission domain:
- S6302: Having AWS policies that grant all privileges is security-sensitive
- S6304: Having AWS policies that grant access to all resources of an account is security-sensitive
- S6317: AWS IAM policies should not allow privilege escalation
- S6321: Administration services access should be restricted to specific IP addresses
- S6329: Assigning public IP address to an AWS resource is security-sensitive
- S6333: Creating public APIs is security-sensitive
Enjoy!
Alex