You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/queries/ansible-queries.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,7 @@ Below are listed queries related to Ansible AWS:
14
14
|S3 Bucket Allows Put Action From All Principals<br/><sup><sub>a0f1bfe0-741e-473f-b3b2-13e66f856fab</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Access Control|<ahref="../ansible-queries/aws/a0f1bfe0-741e-473f-b3b2-13e66f856fab"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/a0f1bfe0-741e-473f-b3b2-13e66f856fab')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/s3_bucket_module.html">Documentation</a><br/>|
15
15
|S3 Bucket With All Permissions<br/><sup><sub>6a6d7e56-c913-4549-b5c5-5221e624d2ec</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Access Control|<ahref="../ansible-queries/aws/6a6d7e56-c913-4549-b5c5-5221e624d2ec"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/6a6d7e56-c913-4549-b5c5-5221e624d2ec')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/s3_bucket_module.html#parameter-policy">Documentation</a><br/>|
16
16
|S3 Bucket With Public Access<br/><sup><sub>c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Access Control|<ahref="../ansible-queries/aws/c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_s3_module.html#parameter-permission">Documentation</a><br/>|
17
+
|SNS Topic is Publicly Accessible<br/><sup><sub>905f4741-f965-45c1-98db-f7a00a0e5c73</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Access Control|<ahref="../ansible-queries/aws/905f4741-f965-45c1-98db-f7a00a0e5c73"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/905f4741-f965-45c1-98db-f7a00a0e5c73')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/sns_topic_module.html">Documentation</a><br/>|
17
18
|RDS DB Instance Publicly Accessible<br/><sup><sub>c09e3ca5-f08a-4717-9c87-3919c5e6d209</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Insecure Configurations|<ahref="../ansible-queries/aws/c09e3ca5-f08a-4717-9c87-3919c5e6d209"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/c09e3ca5-f08a-4717-9c87-3919c5e6d209')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/rds_instance_module.html#parameter-auto_minor_version_upgrade">Documentation</a><br/>|
18
19
|DB Security Group With Public Scope<br/><sup><sub>0956aedf-6a7a-478b-ab56-63e2b19923ad</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Networking and Firewall|<ahref="../ansible-queries/aws/0956aedf-6a7a-478b-ab56-63e2b19923ad"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/0956aedf-6a7a-478b-ab56-63e2b19923ad')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_group_module.html">Documentation</a><br/>|
19
20
|RDS Associated with Public Subnet<br/><sup><sub>16732649-4ff6-4cd2-8746-e72c13fae4b8</sub></sup>|<spanstyle="color:#ff0000">Critical</span>|Networking and Firewall|<ahref="../ansible-queries/aws/16732649-4ff6-4cd2-8746-e72c13fae4b8"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/16732649-4ff6-4cd2-8746-e72c13fae4b8')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/rds_instance_module.html#parameter-db_subnet_group_name">Documentation</a><br/>|
@@ -24,7 +25,7 @@ Below are listed queries related to Ansible AWS:
24
25
|S3 Bucket ACL Allows Read to Any Authenticated User<br/><sup><sub>75480b31-f349-4b9a-861f-bce19588e674</sub></sup>|<spanstyle="color:#bb2124">High</span>|Access Control|<ahref="../ansible-queries/aws/75480b31-f349-4b9a-861f-bce19588e674"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/75480b31-f349-4b9a-861f-bce19588e674')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_s3_module.html#parameter-permission">Documentation</a><br/>|
25
26
|S3 Bucket Allows Get Action From All Principals<br/><sup><sub>53bce6a8-5492-4b1b-81cf-664385f0c4bf</sub></sup>|<spanstyle="color:#bb2124">High</span>|Access Control|<ahref="../ansible-queries/aws/53bce6a8-5492-4b1b-81cf-664385f0c4bf"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/53bce6a8-5492-4b1b-81cf-664385f0c4bf')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/s3_bucket_module.html">Documentation</a><br/>|
26
27
|S3 Bucket Allows List Action From All Principals<br/><sup><sub>d395a950-12ce-4314-a742-ac5a785ab44e</sub></sup>|<spanstyle="color:#bb2124">High</span>|Access Control|<ahref="../ansible-queries/aws/d395a950-12ce-4314-a742-ac5a785ab44e"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/d395a950-12ce-4314-a742-ac5a785ab44e')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/amazon/aws/s3_bucket_module.html">Documentation</a><br/>|
27
-
|SNS Topic is Publicly Accessible<br/><sup><sub>905f4741-f965-45c1-98db-f7a00a0e5c73</sub></sup>|<spanstyle="color:#bb2124">High</span>|Access Control|<ahref="../ansible-queries/aws/905f4741-f965-45c1-98db-f7a00a0e5c73"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/905f4741-f965-45c1-98db-f7a00a0e5c73')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/sns_topic_module.html">Documentation</a><br/>|
28
+
|SES Policy With Allowed IAM Actions<br/><sup><sub>8ed0bfce-f780-46d4-b086-21c3628f09ad</sub></sup>|<spanstyle="color:#bb2124">High</span>|Access Control|<ahref="../ansible-queries/aws/8ed0bfce-f780-46d4-b086-21c3628f09ad"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/8ed0bfce-f780-46d4-b086-21c3628f09ad')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/aws_ses_identity_policy_module.html#parameter-policy">Documentation</a><br/>|
28
29
|SQS Policy Allows All Actions<br/><sup><sub>ed9b3beb-92cf-44d9-a9d2-171eeba569d4</sub></sup>|<spanstyle="color:#bb2124">High</span>|Access Control|<ahref="../ansible-queries/aws/ed9b3beb-92cf-44d9-a9d2-171eeba569d4"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/ed9b3beb-92cf-44d9-a9d2-171eeba569d4')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/sqs_queue_module.html">Documentation</a><br/>|
|Config Rule For Encrypted Volumes Disabled<br/><sup><sub>7674a686-e4b1-4a95-83d4-1fd53c623d84</sub></sup>|<spanstyle="color:#bb2124">High</span>|Encryption|<ahref="../ansible-queries/aws/7674a686-e4b1-4a95-83d4-1fd53c623d84"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/7674a686-e4b1-4a95-83d4-1fd53c623d84')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/aws_config_rule_module.html#parameter-source/identifier">Documentation</a><br/>|
@@ -65,7 +66,6 @@ Below are listed queries related to Ansible AWS:
65
66
|IAM Role Allows All Principals To Assume<br/><sup><sub>babdedcf-d859-43da-9a7b-6d72e661a8fd</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Access Control|<ahref="../ansible-queries/aws/babdedcf-d859-43da-9a7b-6d72e661a8fd"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/babdedcf-d859-43da-9a7b-6d72e661a8fd')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html">Documentation</a><br/>|
66
67
|Lambda Permission Principal Is Wildcard<br/><sup><sub>1d972c56-8ec2-48c1-a578-887adb09c57a</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Access Control|<ahref="../ansible-queries/aws/1d972c56-8ec2-48c1-a578-887adb09c57a"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/1d972c56-8ec2-48c1-a578-887adb09c57a')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/lambda_policy_module.html">Documentation</a><br/>|
67
68
|Public Lambda via API Gateway<br/><sup><sub>5e92d816-2177-4083-85b4-f61b4f7176d9</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Access Control|<ahref="../ansible-queries/aws/5e92d816-2177-4083-85b4-f61b4f7176d9"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/5e92d816-2177-4083-85b4-f61b4f7176d9')">Query details</a><br><ahref="https://docs.ansible.com/ansible/2.4/lambda_policy_module.html">Documentation</a><br/>|
68
-
|SES Policy With Allowed IAM Actions<br/><sup><sub>8ed0bfce-f780-46d4-b086-21c3628f09ad</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Access Control|<ahref="../ansible-queries/aws/8ed0bfce-f780-46d4-b086-21c3628f09ad"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/8ed0bfce-f780-46d4-b086-21c3628f09ad')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/aws_ses_identity_policy_module.html#parameter-policy">Documentation</a><br/>|
69
69
|SQS Policy With Public Access<br/><sup><sub>d994585f-defb-4b51-b6d2-c70f020ceb10</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Access Control|<ahref="../ansible-queries/aws/d994585f-defb-4b51-b6d2-c70f020ceb10"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/d994585f-defb-4b51-b6d2-c70f020ceb10')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/sqs_queue_module.html">Documentation</a><br/>|
70
70
|Auto Scaling Group With No Associated ELB<br/><sup><sub>050f085f-a8db-4072-9010-2cca235cc02f</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Availability|<ahref="../ansible-queries/aws/050f085f-a8db-4072-9010-2cca235cc02f"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/050f085f-a8db-4072-9010-2cca235cc02f')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/ec2_asg_module.html#parameter-load_balancers">Documentation</a><br/>|
71
71
|CMK Is Unusable<br/><sup><sub>133fee21-37ef-45df-a563-4d07edc169f4</sub></sup>|<spanstyle="color:#ff7213">Medium</span>|Availability|<ahref="../ansible-queries/aws/133fee21-37ef-45df-a563-4d07edc169f4"onclick="newWindowOpenerSafe(event, '../ansible-queries/aws/133fee21-37ef-45df-a563-4d07edc169f4')">Query details</a><br><ahref="https://docs.ansible.com/ansible/latest/collections/community/aws/aws_kms_module.html#parameter-enabled">Documentation</a><br/>|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments