Possible Security Problems
ctindall opened this issue · comments
Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.
severity: serious
filename: ./etc/amazon-eks-vpc.yaml
line number(s): [120]
resource(s):
Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration
severity: warning
filename: ./etc/quickstart-redhat-openshift/submodules/quickstart-aws-vpc/templates/aws-vpc.template
line number(s): [1720, 1854, 1989, 2124]
resource(s):
EC2 Subnet should not have MapPublicIpOnLaunch set to true
severity: warning
filename: ./etc/quickstart-redhat-openshift/templates/openshift.template
line number(s): [1890, 1929]
resource(s):
Elastic Load Balancer should have access logging enabled
severity: warning
filename: ./etc/quickstart-redhat-openshift/templates/openshift.template
line number(s): [617, 958, 1018, 1730, 1779]
resource(s):
IAM role should not allow * resource on its permissions policy
severity: warning
filename: ./etc/quickstart-redhat-openshift/templates/openshift.template
line number(s): [562, 674, 864]
resource(s):
S3 Bucket should have access logging configured
severity: warning
filename: ./etc/quickstart-redhat-openshift/templates/openshift.template
line number(s): [562, 674, 864]
resource(s):
S3 Bucket should have encryption option set
Cameron - thank you for the updates. We are in the process of revamping all our cluster provisioning scripts - and will shortly be removing these files. At that time we will review these recommendations again.