Replies: 2 comments 2 replies
-
|
HI @NMuee, great point! We will do some research to see which similar conditions can be applied to those kind of services. |
Beta Was this translation helpful? Give feedback.
-
|
@NMuee did AWS support send you the services that support these conditions? |
Beta Was this translation helpful? Give feedback.
-
|
Nope, they said they need to investigate with their internal team and will add this into their research work |
Beta Was this translation helpful? Give feedback.
-
|
I can give it a try for the above condition keys you mentioned to services that don't ingest SourceAccount/SourceArn |
Beta Was this translation helpful? Give feedback.
-
Hello Prowler team,
I am trying to remediate this above finding "iam_role_cross_service_confused_deputy_prevention"
However, from my understanding, it seems like not all services support "aws:SourceAccount" or "aws:SourceArn".
Example: "codepipeline.amazonaws.com" and "apigateway.amazonaws.com"
My update from AWS support is that not all service principals support these conditions.
What are your view on this? Should services that are not supported not be flagged as FAIL?
Thank you
Beta Was this translation helpful? Give feedback.
All reactions