Fix CT4.0 update readme #342
Conversation
docs: Add AWS Control Tower 4.0 compatibility notice to README
There was a problem hiding this comment.
Two comments here:
CKV_AWS_107: Checks that a Lambda func doesn't have credentials passed via environment variables. The comment "No credentials are exposed to the Lambda function" isn't really explaining why it's safe to skip. Maybe something like: "Lambda uses IAM role-based authentication, no static credentials in env vars."
CKV_AWS_111: Flags IAM policies with * in the Resource field for write actions. The comment "IAM write actions require wildcard in resource" is concerning since it's saying there isn't really an explanation on why it's needed.
There was a problem hiding this comment.
Same concerns as my comments on sra-bedrock-guardrails-main.yaml above.
There was a problem hiding this comment.
Nit, so the PR description says: S3 bucket name reference corrected from LogArchiveAccountId to SecurityTooling(Audit)AccountId
But the README itself is aws-controltower-config-logs-{LogArchiveAccountId}-{suffix}. Think the description of the PR just needs to be updated.
3 participants
Fixes three issues in the "AWS SRA Code Library & Control Tower 4.0: Compatibility Notice" section of the README.
Two broken documentation links (ct-migrate.html and ct-update.html) replaced with correct URLs
S3 bucket name reference corrected from LogArchiveAccountId to SecurityTooling(Audit)AccountId
By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license].
Apache 2.0 License