Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positives for CKV_AWS_70 #6287

Open
blue-tornado opened this issue May 8, 2024 · 1 comment
Open

False Positives for CKV_AWS_70 #6287

blue-tornado opened this issue May 8, 2024 · 1 comment
Labels
checks Check additions or changes

Comments

@blue-tornado
Copy link

CKV_AWS_70 is returning false positive when scanning terraform plan that is changing principal value from * to a specific principal.

Examples

Terraform plan example:

relevant part of terraform plan

                 ~ {
                     ~ Principal = {
                         ~ AWS = "*" -> "arn:aws:iam::1234567890:rolename"
                       }
                       # (5 unchanged attributes hidden)
                   },

checkov output:

Passed checks: 1, Failed checks: 1, Skipped checks: 0

Check: CKV_AWS_70: "Ensure S3 bucket does not allow an action with any Principal"
   FAILED for resource: module.mybucket.module.bucket[0].aws_s3_bucket.s3_bucket
   File: /plan.json:0-0

Version

  • Checkov Version 2.3.140
@blue-tornado blue-tornado added the checks Check additions or changes label May 8, 2024
@itariq20
Copy link

@blue-tornado Hi, can you please try to update Checkov and see if that helps, since the the latest Checkov version is 3.2.90 and you're on a much older version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
checks Check additions or changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@itariq20 @blue-tornado