BOM - AWS DynamoDB

Query id: 4e67c0ae-38a0-47f4-a50c-f0c9b75826df
Query name: BOM - AWS DynamoDB
Platform: CloudFormation
Severity: Trace
Category: Bill Of Materials
URL: Github

Description¶

A list of DynamoDB resources found. Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale.
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

< Re

Positive test num. 2 - yaml file

< Re

Positive test num. 3 - yaml file

< Re

/span>

AWSTemplateFormatVersion: '2010-09-09' sources: DynamoDBEndpoint: Type: "AWS::EC2::VPCEndpoint" Properties: RouteTableIds: - !Ref PublicRouteTable - !Ref Private0RouteTable - !Ref Private1RouteTable - !Ref Private2RouteTable ServiceName: !Sub "com.amazonaws.${AWS::Region}.dynamodb" VpcId: !Ref VPC PolicyDocument: { "Id": "Policy", "Version": "2012-10-17", "Statement": [ { "Sid": "Statement", "Action": "dynamodb:*", "Effect": "Allow", "Resource": "arn:aws:dynamodb:ap-southeast-2:123412341234:table/test", "Principal": "*" } ] } class="w">  DynamoDBOnDemandTable2: Type: "AWS::DynamoDB::Table" Properties: TableName: test AttributeDefinitions: - AttributeName: pk AttributeType: S KeySchema: - AttributeName: pk KeyType: HASH BillingMode: PAY_PER_REQUEST SSESpecification: SSEEnabled: false SSEType: "KMS" /span>AWSTemplateFormatVersion: '2010-09-09' sources: DynamoDBEndpoint: Type: "AWS::EC2::VPCEndpoint" Properties: RouteTableIds: - !Ref PublicRouteTable - !Ref Private0RouteTable - !Ref Private1RouteTable - !Ref Private2RouteTable ServiceName: !Sub "com.amazonaws.${AWS::Region}.dynamodb" VpcId: !Ref VPC PolicyDocument: { "Id": "Policy", "Version": "2012-10-17", "Statement": [ { "Sid": "Statement", "Action": "dynamodb:*", "Effect": "Allow", "Resource": "*", "Principal": "*" } ] } class="w">  DynamoDBOnDemandTable2: Type: "AWS::DynamoDB::Table" Properties: TableName: test2 AttributeDefinitions: - AttributeName: pk AttributeType: S KeySchema: - AttributeName: pk KeyType: HASH BillingMode: PAY_PER_REQUEST SSESpecification: SSEEnabled: false SSEType: "KMS" /span>AWSTemplateFormatVersion: '2010-09-09' sources: DynamoDBEndpoint: Type: "AWS::EC2::VPCEndpoint" Properties: RouteTableIds: - !Ref PublicRouteTable - !Ref Private0RouteTable - !Ref Private1RouteTable - !Ref Private2RouteTable ServiceName: !Sub "com.amazonaws.${AWS::Region}.dynamodb" VpcId: !Ref VPC PolicyDocument: { "Id": "Policy", "Version": "2012-10-17", "Statement": [ { "Sid": "Statement", "Action": "dynamodb:*", "Effect": "Allow", "Resource": "arn:aws:dynamodb:ap-southeast-2:123412341234:table/other", "Principal": "*" } ] } class="w">  DynamoDBOnDemandTable2: Type: "AWS::DynamoDB::Table" Properties: TableName: test3 AttributeDefinitions: - AttributeName: pk AttributeType: S KeySchema: - AttributeName: pk KeyType: HASH BillingMode: PAY_PER_REQUEST SSESpecification: SSEEnabled: false SSEType: "KMS"
Positive test num. 4 - yaml file

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DynamoDBOnDemandTable2:
    Type: "AWS::DynamoDB::Table"
    Properties:
      TableName: test4
      AttributeDefinitions:
        - AttributeName: pk
          AttributeType: S
      KeySchema:
        - AttributeName: pk
          KeyType: HASH
      BillingMode: PAY_PER_REQUEST
      SSESpecification:
        SSEEnabled: false
        SSEType: "KMS"



Code samples without security vulnerabilities¶
Negative test num. 1 - yaml fileAWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true