You must be logged in to view saved presets
Cloudformation Guard Rules for CodeBuild
CloudFormation guard rules template for AWS CodeBuild resources
The following rules are included:
- No Clear Text Credentials in Environment Variables
- GitHub or Bitbucket Source Repository URLs use OAuth
let codebuild_projects = Resources.*[
Type == "AWS::CodeBuild::Project"
]
let codebuild_sourcecredentials = Resources.*[
Type == "AWS::CodeBuild::SourceCredential"
]
rule codebuild_env_variables_clear_text_value when %codebuild_projects !empty {
%codebuild_projects {
Properties {
Environment !exists OR
Environment exists
when Environment exists {
Environment {
EnvironmentVariables !exists OR
EnvironmentVariables exists
when EnvironmentVariables exists {
EnvironmentVariables.* {
Type != "PLAINTEXT" OR
Type == "PLAINTEXT"
when Type == "PLAINTEXT" {
Name NOT IN ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "PASSWORD"] <<Clear text credentials are used.>>
}
}
}
}
}
}
}
}
rule github_bitbucket_oauth when %codebuild_sourcecredentials !empty {
%codebuild_sourcecredentials {
Properties {
when ServerType in ["BITBUCKET","GITHUB","GITHUB_ENTERPRISE"] {
AuthType == "OAUTH" <<OAuth credentials not used.>>
}
}
}
}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.