github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/lambda/restrict_source_arn.cf.go (about) 1 package lambda 2 3 var cloudFormationRestrictSourceArnGoodExamples = []string{ 4 `--- 5 Resources: 6 GoodExample: 7 Type: AWS::Lambda::Function 8 Properties: 9 Handler: index.handler 10 Role: arn:aws:iam::123456789012:role/lambda-role 11 Code: 12 S3Bucket: my-bucket 13 S3Key: function.zip 14 Runtime: nodejs12.x 15 Timeout: 5 16 TracingConfig: 17 Mode: Active 18 VpcConfig: 19 SecurityGroupIds: 20 - sg-085912345678492fb 21 SubnetIds: 22 - subnet-071f712345678e7c8 23 - subnet-07fd123456788a036 24 GoodPermission: 25 Type: AWS::Lambda::Permission 26 Properties: 27 FunctionName: !Ref BadExample 28 Action: lambda:InvokeFunction 29 Principal: s3.amazonaws.com 30 SourceArn: "lambda.amazonaws.com" 31 32 `, 33 } 34 35 var cloudFormationRestrictSourceArnBadExamples = []string{ 36 `--- 37 Resources: 38 BadExample: 39 Type: AWS::Lambda::Function 40 Properties: 41 Handler: index.handler 42 Role: arn:aws:iam::123456789012:role/lambda-role 43 Code: 44 S3Bucket: my-bucket 45 S3Key: function.zip 46 Runtime: nodejs12.x 47 Timeout: 5 48 TracingConfig: 49 Mode: Active 50 VpcConfig: 51 SecurityGroupIds: 52 - sg-085912345678492fb 53 SubnetIds: 54 - subnet-071f712345678e7c8 55 - subnet-07fd123456788a036 56 BadPermission: 57 Type: AWS::Lambda::Permission 58 Properties: 59 FunctionName: !Ref BadExample 60 Action: lambda:InvokeFunction 61 Principal: s3.amazonaws.com 62 63 `, 64 } 65 66 var cloudFormationRestrictSourceArnLinks = []string{} 67 68 var cloudFormationRestrictSourceArnRemediationMarkdown = ``