No Stack Policy
- Query id: ffe0fd52-7a8b-4a5c-8fc7-49844418e6c9
- Query name: No Stack Policy
- Platform: Ansible
- Severity: Medium
- Category: Resource Management
- CWE: 829
- URL: Github
Description¶
AWS CloudFormation Stack should have a stack policy in order to protect stack resources from update actions
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a stack, pass in the template via an URL
amazon.aws.cloudformation:
stack_name: "ansible-cloudformation"
state: present
region: us-east-1
disable_rollback: true
template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
template_parameters:
KeyName: jmartin
DiskType: ephemeral
InstanceType: m1.small
ClusterSize: 3
tags:
Stack: ansible-cloudformation
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a stack, pass in the template via an URL
amazon.aws.cloudformation:
stack_name: ansible-cloudformation
stack_policy: wowowowoowow
state: present
region: us-east-1
disable_rollback: true
template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
template_parameters:
KeyName: jmartin
DiskType: ephemeral
InstanceType: m1.small
ClusterSize: 3
tags:
Stack: ansible-cloudformation