No Stack Policy
- Query id: 2f01fb2d-828a-499d-b98e-b83747305052
- Query name: No Stack Policy
- Platform: Terraform
- Severity: Medium
- Category: Resource Management
- CWE: 829
- URL: Github
Description¶
AWS CloudFormation Stack should have a stack policy in order to protect stack resources from update actions
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_cloudformation_stack" "positive1" {
name = "networking-stack"
parameters = {
VPCCidr = "10.0.0.0/16"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_cloudformation_stack" "negative1" {
name = "networking-stack"
parameters = {
VPCCidr = "10.0.0.0/16"
}
policy_url = "somepolicyurl"
}
resource "aws_cloudformation_stack" "negative2" {
name = "networking-stack"
parameters = {
VPCCidr = "10.0.0.0/16"
}
policy_body = "somepolicy"
}