Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fetch AWS Management Account resources only when explicitly selected #2009

Merged
merged 17 commits into from
Mar 11, 2024
Merged

Fetch AWS Management Account resources only when explicitly selected #2009

merged 17 commits into from
Mar 11, 2024

Conversation

kubasobon
Copy link
Member

@kubasobon kubasobon commented Mar 7, 2024
edited
Loading

Summary of your changes

Changes introduced in this PR let user select if they want to scan the Management Account resources. Previously, the Management Account was always scanned, regardless of Accounts and/or Organizational Units selected by user. Despite making a change to Cloudbeat role assumptions, we are keeping it backward compatible.

Old role assumption logic (click to expand)
New role assumption logic (click to expand)

TODO:

Screenshot/Data

Screenshot 2024-03-06 at 16 36 24 The new Cloud Formation parameter

Related Issues

https://github.com/elastic/security-team/issues/8672

Checklist

  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary README/documentation (if appropriate)

@mergify Mergify
Copy link

mergify bot commented Mar 7, 2024

This pull request does not have a backport label. Could you fix it @kubasobon? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
    NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip label Mar 7, 2024
kubasobon
kubasobon commented Mar 7, 2024
View reviewed changes
deploy/cloudformation/elastic-agent-ec2-cspm.yml
@@ -67,6 +67,23 @@ Resources:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/SecurityAudit

# IAM Role to assume for Management Account
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This role was missing. Installing to single account resulted in 0 findings.

@kubasobon kubasobon marked this pull request as ready for review March 7, 2024 13:23
@kubasobon kubasobon requested a review from a team as a code owner March 7, 2024 13:23
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2024
edited
Loading

📊 Allure Report - 💚 No failures were reported.

Result Count
🟥 Failed 0
🟩 Passed 162
⬜ Skipped 0

@kubasobon kubasobon mentioned this pull request Mar 7, 2024
Closed
@kubasobon kubasobon enabled auto-merge (squash) March 11, 2024 14:12
@kubasobon kubasobon merged commit 1d38cd2 into elastic:main Mar 11, 2024
28 checks passed
@kubasobon kubasobon deleted the aws-accounts-tag branch March 11, 2024 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moukoublen moukoublen moukoublen approved these changes

Assignees

@kubasobon kubasobon

Labels
backport-skip
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kubasobon @moukoublen