ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update check_extra7154

Browse Source
This commit is contained in:
Shubham Shah
2021-09-20 20:06:48 -04:00
committed by GitHub
parent ff3ef0b8c0
commit 052a36207c
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
checks/check_extra7154
View File

@@ -40,7 +40,10 @@ extra7154() {
for stack in $LIST_OF_CFN_STACKS; do
CFN_STACK_DETAILS=$($AWSCLI cloudformation describe-stacks $PROFILE_OPT --region $regx --stack-name $stack --output json)
TERMINATION_ENABLED=$(echo $CFN_STACK_DETAILS | jq -r '.Stacks[].EnableTerminationProtection')
if [[ $TERMINATION_ENABLED == "true" ]]; then
ROOT_ID=$(echo $CFN_STACK_DETAILS | jq -r '.Stacks[].RootId')
if [[ $ROOT_ID != null && $TERMINATION_ENABLED == "false" ]]; then
textFail "$regx: $stack is a nested stack, enable termination protection on the root stack $ROOT_ID" "$regx" "$stack" "$ROOT_ID"
elif [[ $TERMINATION_ENABLED == "true" ]]; then
textPass "$regx: Cloudformation stack $stack has termination protection enabled" "$regx" "$stack"
else
textFail "$regx: Cloudformation stack $stack has termination protection disabled" "$regx" "$stack"