Add dataall IAM AssetsFileRole to checkov baseline

[mourya-33]

Describe the bug

CDK automatically creates an IAM Role - AssetsFileRole for managing the Assets stage in the main cicd code pipeline. However, this role has a default policy with the following unrestricted IAM permissions that are flagged by checkov scans.

{
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild",
"codebuild:StopBuild"
],
"Effect": "Allow",
"Resource": "*"
}

This needs to be added to the checkov baseline until remediated.

How to Reproduce

While deploying dataall to AWS, after the cdk synth, scan the file - cdk.out/dataall-main-cicd-stack.template.json with checkov. Checkov will have a FAILURE with the following message

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
FAILED for resource: AWS::IAM::Policy.dataallmaincdkpipelineAssetsFileRoleDefaultPolicy{Hash}
File: /dataall-main-cicd-stack.template.json: {line number}
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

Expected behavior

Once the role is added to checkov baseline, the checkov scan should no longer have a FAILURE message for the AssetsFileRole.

Your project

No response

Screenshots

No response

OS

Mac

Python version

3.10

AWS data.all version

2.3

Additional context

This issue is related to #877

[dlpzx]

Thanks for opening an issue @mourya-33. I assigned you to the issue, let us know if you need any support

[mourya-33]

Thanks Adriana