Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve security contexts promoting TFSec integration and usage. #1256

Closed
rodrigobersa opened this issue Dec 13, 2022 · 0 comments · Fixed by #1363, #1364, #1365, #1366 or #1367
Closed

Improve security contexts promoting TFSec integration and usage. #1256

rodrigobersa opened this issue Dec 13, 2022 · 0 comments · Fixed by #1363, #1364, #1365, #1366 or #1367
Assignees
Labels
enhancement New feature or request

Comments

@rodrigobersa
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

What is the outcome that you are trying to reach?

  • Provide an accurate solution for customer using TFSec with EKS Blueprints dealing with HIGH or CRITICAL security reports, regarding to:
    • Usage of wildcards on IAM Policies.
    • Ingress rule for Security Groups with excessive access, either regarding to Ports or CIDR blocks.
    • Public access to EKS Cluster.
    • Kubernetes Secrets Encryption.

Describe the solution you would like

Describe alternatives you have considered

Create a good practices guidance for customers using TFSec, so they can address their specific issues using that.

Additional context

There are some specific situations that can create a false positive behavior and others that at may require a more open policy but can be improved as well like some states from Karpenter and regarding EBS CSI Driver.

Today we have a wide set of global rules to workaround some scenarios, that we can improve narrowing to targeted rules.

@bryantbiggs bryantbiggs added the enhancement New feature or request label Dec 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
2 participants