ECS Service Admin Role Is Present
- Query id: 7db727c1-1720-468e-b80e-06697f71e09e
- Query name: ECS Service Admin Role Is Present
- Platform: Ansible
- Severity: High
- Category: Access Control
- URL: Github
Description¶
ECS Services must not have Admin roles, which means the attribute 'role' must not be an admin role
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
#this is a problematic code where the query should report a result(s)
- name: ECS Service
community.aws.ecs_service:
state: present
name: console-test-service
cluster: new_cluster
task_definition: 'new_cluster-task:1'
desired_count: 0
role: admin