github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ecr/no_public_access.cf.go (about) 1 package ecr 2 3 var cloudFormationNoPublicAccessGoodExamples = []string{ 4 `--- 5 Resources: 6 GoodExample: 7 Type: AWS::ECR::Repository 8 Properties: 9 RepositoryName: "test-repository" 10 ImageTagImmutability: IMMUTABLE 11 ImageScanningConfiguration: 12 ScanOnPush: false 13 EncryptionConfiguration: 14 EncryptionType: KMS 15 KmsKey: "alias/ecr-key" 16 RepositoryPolicyText: 17 Version: "2012-10-17" 18 Statement: 19 - 20 Sid: AllowPushPull 21 Effect: Allow 22 Principal: 23 AWS: 24 - "arn:aws:iam::123456789012:user/Alice" 25 Action: 26 - "ecr:GetDownloadUrlForLayer" 27 - "ecr:BatchGetImage" 28 - "ecr:BatchCheckLayerAvailability" 29 - "ecr:PutImage" 30 - "ecr:InitiateLayerUpload" 31 - "ecr:UploadLayerPart" 32 - "ecr:CompleteLayerUpload" 33 `, 34 } 35 36 var cloudFormationNoPublicAccessBadExamples = []string{ 37 `--- 38 Resources: 39 BadExample: 40 Type: AWS::ECR::Repository 41 Properties: 42 RepositoryName: "test-repository" 43 ImageScanningConfiguration: 44 ScanOnPush: false 45 RepositoryPolicyText: 46 Version: "2012-10-17" 47 Statement: 48 - 49 Sid: AllowPushPull 50 Effect: Allow 51 Principal: 52 AWS: 53 - "*" 54 Action: 55 - "ecr:GetDownloadUrlForLayer" 56 - "ecr:BatchGetImage" 57 - "ecr:BatchCheckLayerAvailability" 58 - "ecr:PutImage" 59 - "ecr:InitiateLayerUpload" 60 - "ecr:UploadLayerPart" 61 - "ecr:CompleteLayerUpload" 62 `, 63 } 64 65 var cloudFormationNoPublicAccessLinks = []string{} 66 67 var cloudFormationNoPublicAccessRemediationMarkdown = ``