BOM - AWS DynamoDB
- Query id: 4e67c0ae-38a0-47f4-a50c-f0c9b75826df
- Query name: BOM - AWS DynamoDB
- Platform: CloudFormation
- Severity: Trace
- Category: Bill Of Materials
- CWE: Ongoing
- URL: Github
Description¶
A list of DynamoDB resources found. Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
DynamoDBEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref PublicRouteTable
- !Ref Private0RouteTable
- !Ref Private1RouteTable
- !Ref Private2RouteTable
ServiceName:
!Sub "com.amazonaws.${AWS::Region}.dynamodb"
VpcId: !Ref VPC
PolicyDocument: {
"Id": "Policy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement",
"Action": "dynamodb:*",
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:ap-southeast-2:123412341234:table/test",
"Principal": "*"
}
]
}
DynamoDBOnDemandTable2:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: test
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
KeySchema:
- AttributeName: pk
KeyType: HASH
BillingMode: PAY_PER_REQUEST
SSESpecification:
SSEEnabled: false
SSEType: "KMS"
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
DynamoDBEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref PublicRouteTable
- !Ref Private0RouteTable
- !Ref Private1RouteTable
- !Ref Private2RouteTable
ServiceName:
!Sub "com.amazonaws.${AWS::Region}.dynamodb"
VpcId: !Ref VPC
PolicyDocument: {
"Id": "Policy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement",
"Action": "dynamodb:*",
"Effect": "Allow",
"Resource": "*",
"Principal": "*"
}
]
}
DynamoDBOnDemandTable2:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: test2
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
KeySchema:
- AttributeName: pk
KeyType: HASH
BillingMode: PAY_PER_REQUEST
SSESpecification:
SSEEnabled: false
SSEType: "KMS"
Positive test num. 3 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
DynamoDBEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref PublicRouteTable
- !Ref Private0RouteTable
- !Ref Private1RouteTable
- !Ref Private2RouteTable
ServiceName:
!Sub "com.amazonaws.${AWS::Region}.dynamodb"
VpcId: !Ref VPC
PolicyDocument: {
"Id": "Policy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement",
"Action": "dynamodb:*",
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:ap-southeast-2:123412341234:table/other",
"Principal": "*"
}
]
}
DynamoDBOnDemandTable2:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: test3
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
KeySchema:
- AttributeName: pk
KeyType: HASH
BillingMode: PAY_PER_REQUEST
SSESpecification:
SSEEnabled: false
SSEType: "KMS"
Positive test num. 4 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
DynamoDBOnDemandTable2:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: test4
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
KeySchema:
- AttributeName: pk
KeyType: HASH
BillingMode: PAY_PER_REQUEST
SSESpecification:
SSEEnabled: false
SSEType: "KMS"