Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.

severity: serious

filename: ./etc/amazon-eks-vpc.yaml

line number(s): [120]

resource(s):

Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration

severity: warning

filename: ./etc/quickstart-redhat-openshift/submodules/quickstart-aws-vpc/templates/aws-vpc.template

line number(s): [1720, 1854, 1989, 2124]

resource(s):

EC2 Subnet should not have MapPublicIpOnLaunch set to true

severity: warning

filename: ./etc/quickstart-redhat-openshift/templates/openshift.template

line number(s): [1890, 1929]

resource(s):

Elastic Load Balancer should have access logging enabled

severity: warning

filename: ./etc/quickstart-redhat-openshift/templates/openshift.template

line number(s): [617, 958, 1018, 1730, 1779]

resource(s):

IAM role should not allow * resource on its permissions policy

severity: warning

filename: ./etc/quickstart-redhat-openshift/templates/openshift.template

line number(s): [562, 674, 864]

resource(s):

S3 Bucket should have access logging configured

severity: warning

filename: ./etc/quickstart-redhat-openshift/templates/openshift.template

line number(s): [562, 674, 864]

resource(s):

S3 Bucket should have encryption option set

Cameron - thank you for the updates. We are in the process of revamping all our cluster provisioning scripts - and will shortly be removing these files. At that time we will review these recommendations again.