kics scan CxPolicy rule incorrectly looks for a filter pattern specific events in S3 bucket configuration changes but applies it to all metrics filters, even those not associated with cloudtrail. This rule should only apply to cloudtrail log groups that follow the eventsource pattern s3.amazonaws.com
Query id: 27c6a499-895a-4dc7-9617-5c485218db13
Query name: CloudWatch S3 policy Change Alarm Missing
Platform: Terraform
Severity: Medium
Category: Observability
Expected Behavior
Expected Behavior
Cloudwatch metric filters unrelated to cloudtrail and s3.amazonaws.com should not be flagged
Actual Behavior
Filter pattern "[MYTEXT]" for any cloudwatch log group is being flagged as not meeting the CloudWatch S3 policy Change Alarm Missing rule.
The check_expression_missing(filter) function needs additional logic to limit the results to only s3 bucket policy changes
Steps to Reproduce the Problem
Run the rule on a simple filter pattern "[MYTEXT]"
Specifications
N/A
- Version: 2.1.19
- Platform:
- Subsystem:
kics scan CxPolicy rule incorrectly looks for a filter pattern specific events in S3 bucket configuration changes but applies it to all metrics filters, even those not associated with cloudtrail. This rule should only apply to cloudtrail log groups that follow the eventsource pattern s3.amazonaws.com
Query id: 27c6a499-895a-4dc7-9617-5c485218db13
Query name: CloudWatch S3 policy Change Alarm Missing
Platform: Terraform
Severity: Medium
Category: Observability
Expected Behavior
Expected Behavior
Cloudwatch metric filters unrelated to cloudtrail and s3.amazonaws.com should not be flagged
Actual Behavior
Filter pattern "[MYTEXT]" for any cloudwatch log group is being flagged as not meeting the CloudWatch S3 policy Change Alarm Missing rule.
The check_expression_missing(filter) function needs additional logic to limit the results to only s3 bucket policy changes
Steps to Reproduce the Problem
Run the rule on a simple filter pattern "[MYTEXT]"
Specifications
N/A