fix(aws): disallow child-accounts to overwrite policy for ai_services_opt_out
#6229
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
provider/aws
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #6229 +/- ##
==========================================
- Coverage 90.09% 90.08% -0.02%
==========================================
Files 1181 1182 +1
Lines 36275 36315 +40
==========================================
+ Hits 32682 32713 +31
- Misses 3593 3602 +9
Flags with carried forward coverage won't be shown. Click here to find out more.
|
MrCloudSec
changed the title
MrCloudSec
changed the title
ai_services_opt_out
MrCloudSec
requested changes
Dec 18, 2024
...anizations_opt_out_ai_services_policy/organizations_opt_out_ai_services_policy.metadata.json
Show resolved
Hide resolved
...zations/organizations_opt_out_ai_services_policy/organizations_opt_out_ai_services_policy.py
Outdated
Show resolved
Hide resolved
MrCloudSec
added
backport-to-v4.6
MrCloudSec
approved these changes
Dec 20, 2024
prowler-bot
added
the
was-backported
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation and see the Github Action logs for details |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
The check
organizations_opt_out_ai_services_policyjust verifies that AWS Organizations opt-out of AI services policy is enabled. However, it does not check if child-accounts are disallowed to overwrite this policy.Since the check is only checking the AWS Organizations account and not the child accounts, it's important to check that child-accounts are disallowed to overwrite the opt-out policy.
Description
This PR extends the check
organizations_opt_out_ai_services_policyto ensure that AWS Organizations opt-out of AI services policy is enabled and that child-accounts are disallowed to overwrite this policy.Checklist
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.