Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated Policy Pack as per review #826

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Updated Policy Pack as per review #826

wants to merge 4 commits into from

Conversation

RahulLah19
Copy link
Contributor

@RahulLah19 RahulLah19 commented Jul 25, 2024
edited
Loading

Updated

  • Azure > Cosmos DB > Database Account - Enforce Azure Cosmos DB Database Accounts to be Accessible to Selected Networks
  • Azure > Cosmos DB > Database Account > Firewall - Azure CIS v2.0.0 - Section 4 - Database Services
  • AWS > IAM > Stack - Deny all AWS IAM actions from Unapproved Networks
  • AWS > VPC > Security Group > Ingress Rules - Enforce Block Unapproved Network Access for AWS VPC Security Groups
  • AWS > VPC > Security Group > Egress Rules > Approved - enforce_default_security_groups_to_not_allow_any_access
  • AWS > VPC > Security Group > Approved - Enforce AWS VPC Default Security Groups to Not Exist
  • AWS > VPC > Elastic IP > Approved - Enforce AWS VPC Elastic IPs to Not Be Unassociated
  • AWS > VPC > Elastic IP > Approved - Enforce AWS VPC Elastic IPs to Not Exist
  • AWS > VPC > Security Group > Ingress Rules > Approved - Enforce Removal of Common Admin Ports Open to the Internet for AWS VPC Security Groups

Test Screenshots

Azure > Cosmos DB > Database Account - Enforce Azure Cosmos DB Database Accounts to be Accessible to Selected Networks

image
image

AWS > VPC > Security Group > Ingress Rules - Enforce Block Unapproved Network Access for AWS VPC Security Groups

image
image

AWS > VPC > Security Group > Egress Rules > Approved - enforce_default_security_groups_to_not_allow_any_access

image
image
image

@RahulLah19 RahulLah19 self-assigned this Jul 25, 2024
RahulLah19 and others added 3 commits July 25, 2024 21:06
@RahulLah19
Added the warning for poller in readme
5f10f03
@Joeturbot
Updates to the Global Event Handler PP
b4dd8e1 
- Added Service Roles policy settings. Avoids the extra complexity of using the IAM > Stack.  This also makes this PP self-contained.
- Update the README.md with additional info about that nature of the required IAM role and how it's used.
@Joeturbot
Improvements to GEH PP
a6756be 
- Added decommission notes
- Added decommission policy values for GEH and Service Roles policy settings.
- Added note that GEH requires a deployed CloudTrail trail.
- Clarified that the GEH Service Role can be made by Guardrails or some other way.
@github-actions GitHub Actions
Copy link

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale label Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SumitPopat SumitPopat Awaiting requested review from SumitPopat

At least 1 approving review is required to merge this pull request.

Assignees

@RahulLah19 RahulLah19

Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RahulLah19 @Joeturbot