Skip to content

Commit

Permalink
aws/variants/add: - uid: mondoo-incident-response-aws-iam-administrat…
Browse files Browse the repository at this point in the history 
…or-access-group

Signed-off-by: Manuel Weber <[email protected]>
  • Loading branch information
@mm-weber
mm-weber committed Jan 18, 2024
1 parent 9afbf65 commit c81d055
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion core/mondoo-aws-incident-response.mql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,24 @@ packs:
loginProfile
groups
}
- uid: mondoo-incident-response-aws-iam-administrator-access-group
filters: |
asset.platform == "aws.iam.group"
aws.iam.attachedPolicies
.where(arn == "arn:aws:iam::aws:policy/AdministratorAccess")
.any(attachedGroups
.contains(
arn.in(asset.ids)
)
)
mql: |
aws.iam.group {
arn
name
createDate
id
usernames
}
- uid: mondoo-incident-response-aws-iam-full-access
Expand Down

0 comments on commit c81d055

Please sign in to comment.