Skip to content

feat(preflight): build preflight package for AWS #1716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
PengyuanZhao merged 3 commits into from
Jun 9, 2025
Merged

feat(preflight): build preflight package for AWS #1716

PengyuanZhao merged 3 commits into from
Jun 9, 2025

Conversation

@PengyuanZhao
Copy link
Contributor

@PengyuanZhao PengyuanZhao commented May 28, 2025
edited
Loading

Summary

This PR creates the package which serves functions to do preflight checks for AWS integrations including Agentless, Config and CloudTrail.

The following tasks will be run sequentially:

  • Fetch caller info
  • Fetch all policies
  • Extract permission from policies
  • Find out the missing required permissions.
  • Fetch other account details including:
    • Enabled regions
    • Existing CloudTrail
    • EKS clusters
    • If the call can access organization
      • Fetch management account ID
      • Fetch all account IDs and org unit IDs

How did you test this change?

Run integration test in preflight_aws_test.go

@PengyuanZhao PengyuanZhao requested a review from a team as a code owner May 28, 2025 15:15
@PengyuanZhao PengyuanZhao requested review from aneesh-mysore, charanbir and jeffreynglw and removed request for a team May 28, 2025 15:15
@github-actions
Copy link

github-actions bot commented May 28, 2025
edited
Loading

Lacework Code Security found potential new issues in this PR.

sca found potential 5 new issues 
Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

jeffreynglw
jeffreynglw reviewed May 28, 2025
View reviewed changes
jeffreynglw
jeffreynglw reviewed May 28, 2025
View reviewed changes
@lacework-code-security
Copy link

lacework-code-security bot commented May 28, 2025

(Audit Mode) sca found potential 5 new issues 
Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

Potential hardcoded credentials. The code snippet will not be displayed for security reasons.

@PengyuanZhao PengyuanZhao mentioned this pull request Jun 3, 2025
Merged
@PengyuanZhao PengyuanZhao merged commit e90c63c into main Jun 9, 2025
13 checks passed
@PengyuanZhao PengyuanZhao deleted the pengyuan/CAD-841 branch June 9, 2025 16:46
@lacework-releng lacework-releng mentioned this pull request Jun 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffreynglw jeffreynglw jeffreynglw left review comments

@lokesh-vadlamudi lokesh-vadlamudi lokesh-vadlamudi approved these changes

@charanbir charanbir Awaiting requested review from charanbir charanbir was automatically assigned from lacework/eng-product-platform

@aneesh-mysore aneesh-mysore Awaiting requested review from aneesh-mysore aneesh-mysore was automatically assigned from lacework/eng-product-platform

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PengyuanZhao @jeffreynglw @lokesh-vadlamudi