Adding policies #11
Merged
Adding policies #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/test all |
|
/test all |
osterman
previously approved these changes
Feb 26, 2021
|
/test all |
|
/test all |
aknysh
reviewed
Feb 26, 2021
aknysh
reviewed
Feb 26, 2021
aknysh
reviewed
Feb 26, 2021
aknysh
reviewed
Feb 26, 2021
Co-authored-by: Andriy Knysh <aknysh@users.noreply.github.com>
|
/test all |
|
/test all |
|
/test all |
…-service-control-policies into adding_policies
osterman
reviewed
Mar 23, 2021
…-service-control-policies into adding_policies
aknysh
reviewed
Mar 24, 2021
|
This pull request is now in conflict. Could you fix it @jamengual? 🙏 |
|
/test all |
aknysh
reviewed
Mar 23, 2022
catalog/cloudtrail-policies.yaml
Outdated
| - "cloudtrail:PutEventSelectors" | ||
| - "cloudtrail:StopLogging" | ||
| - "cloudtrail:UpdateTrail" | ||
|
|
There was a problem hiding this comment.
need
resources:
- "*"
also, can you maybe combine these two policies?
or clean them up since they gave overlapping actions
aknysh
previously requested changes
Mar 23, 2022
mergify
bot
dismissed
aknysh’s stale review
This Pull Request has been updated, so we're dismissing all reviews.
|
/test all |
aknysh
reviewed
Mar 23, 2022
| @@ -0,0 +1,12 @@ | |||
| - sid: "DenyLambdaWithoutVpc" | |||
There was a problem hiding this comment.
@jamengual is this policy correct?
- It says "Deny" but the value is
true- should it be "false"? - Other policies use "Bool" in the test, not "Null"
condition:
- test: "Bool"
variable: "rds:StorageEncrypted"
values:
- false
aknysh
reviewed
Mar 23, 2022
aknysh
reviewed
Mar 23, 2022
catalog/s3-policies.yaml
Outdated
| %{ for r in split(",", s3_regions_lockdown) } | ||
| - ${trimspace(r)} | ||
| %{ endfor } | ||
| - test: "Null" |
aknysh
reviewed
Mar 23, 2022
catalog/vpc-policies.yaml
Outdated
| - "ec2:CreateVpcPeeringConnection" | ||
| - "ec2:AcceptVpcPeeringConnection" | ||
| - "globalaccelerator:Create*" | ||
| - "globalaccelerator:Update*" |
There was a problem hiding this comment.
why it's related to creating/updating of globalaccelerator?
Global Accelerator itself does not need a VPC
aknysh
reviewed
Mar 23, 2022
|
/test all |
aknysh
approved these changes
Mar 24, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
why
references