Skip to content

Commit 07db07d

Browse files
danibarranqueroodanibarranqueroo
committed
feat(aws): add bedrock_marketplace_subscription_access_least_privilege security check
Add new security check bedrock_marketplace_subscription_access_least_privilege for aws provider. Includes check implementation, metadata, and unit tests.
1 parent d18c5a8 commit 07db07d

22 files changed

+702
-10
lines changed

prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -344,6 +344,7 @@
344344
}
345345
],
346346
"Checks": [
347+
"bedrock_marketplace_subscription_access_least_privilege",
347348
"ec2_instance_profile_attached",
348349
"iam_aws_attached_policy_no_administrative_privileges",
349350
"iam_customer_attached_policy_no_administrative_privileges",

prowler/compliance/aws/c5_aws.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5130,6 +5130,7 @@
51305130
"iam_support_role_created",
51315131
"iam_user_with_temporary_credentials",
51325132
"bedrock_api_key_no_administrative_privileges",
5133+
"bedrock_marketplace_subscription_access_least_privilege",
51335134
"fms_policy_compliant",
51345135
"iam_aws_attached_policy_no_administrative_privileges",
51355136
"iam_customer_attached_policy_no_administrative_privileges",
@@ -5200,6 +5201,7 @@
52005201
"iam_support_role_created",
52015202
"iam_user_with_temporary_credentials",
52025203
"bedrock_api_key_no_administrative_privileges",
5204+
"bedrock_marketplace_subscription_access_least_privilege",
52035205
"fms_policy_compliant",
52045206
"iam_aws_attached_policy_no_administrative_privileges",
52055207
"iam_customer_attached_policy_no_administrative_privileges",

prowler/compliance/aws/cisa_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,7 @@
183183
}
184184
],
185185
"Checks": [
186+
"bedrock_marketplace_subscription_access_least_privilege",
186187
"elbv2_ssl_listeners",
187188
"iam_no_custom_policy_permissive_role_assumption",
188189
"iam_aws_attached_policy_no_administrative_privileges",

prowler/compliance/aws/csa_ccm_4.0_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3317,6 +3317,7 @@
33173317
}
33183318
],
33193319
"Checks": [
3320+
"bedrock_marketplace_subscription_access_least_privilege",
33203321
"iam_aws_attached_policy_no_administrative_privileges",
33213322
"iam_customer_attached_policy_no_administrative_privileges",
33223323
"iam_inline_policy_no_administrative_privileges",

prowler/compliance/aws/fedramp_20x_ksi_low_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@
8686
}
8787
],
8888
"Checks": [
89+
"bedrock_marketplace_subscription_access_least_privilege",
8990
"iam_administrator_access_with_mfa",
9091
"iam_aws_attached_policy_no_administrative_privileges",
9192
"iam_customer_attached_policy_no_administrative_privileges",

prowler/compliance/aws/fedramp_moderate_revision_4_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -300,6 +300,7 @@
300300
}
301301
],
302302
"Checks": [
303+
"bedrock_marketplace_subscription_access_least_privilege",
303304
"ec2_ebs_public_snapshot",
304305
"ec2_instance_public_ip",
305306
"ec2_instance_imdsv2_enabled",

prowler/compliance/aws/ffiec_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -418,6 +418,7 @@
418418
}
419419
],
420420
"Checks": [
421+
"bedrock_marketplace_subscription_access_least_privilege",
421422
"ec2_instance_profile_attached",
422423
"iam_policy_attached_only_to_group_or_roles",
423424
"iam_aws_attached_policy_no_administrative_privileges",

prowler/compliance/aws/hipaa_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -265,6 +265,7 @@
265265
}
266266
],
267267
"Checks": [
268+
"bedrock_marketplace_subscription_access_least_privilege",
268269
"iam_aws_attached_policy_no_administrative_privileges",
269270
"iam_customer_attached_policy_no_administrative_privileges",
270271
"iam_inline_policy_no_administrative_privileges"

prowler/compliance/aws/iso27001_2022_aws.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -306,6 +306,7 @@
306306
}
307307
],
308308
"Checks": [
309+
"bedrock_marketplace_subscription_access_least_privilege",
309310
"iam_aws_attached_policy_no_administrative_privileges",
310311
"iam_customer_attached_policy_no_administrative_privileges",
311312
"iam_inline_policy_no_administrative_privileges"
@@ -970,6 +971,7 @@
970971
}
971972
],
972973
"Checks": [
974+
"bedrock_marketplace_subscription_access_least_privilege",
973975
"ec2_instance_profile_attached",
974976
"iam_aws_attached_policy_no_administrative_privileges",
975977
"iam_customer_attached_policy_no_administrative_privileges",

prowler/compliance/aws/kisa_isms_p_2023_aws.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1389,6 +1389,7 @@
13891389
"Checks": [
13901390
"accessanalyzer_enabled",
13911391
"accessanalyzer_enabled_without_findings",
1392+
"bedrock_marketplace_subscription_access_least_privilege",
13921393
"iam_administrator_access_with_mfa",
13931394
"iam_avoid_root_usage",
13941395
"iam_aws_attached_policy_no_administrative_privileges",

0 commit comments

Comments
 (0)