You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(ops): harden ephemeral-stack cleanup script (defense in depth)
Security/robustness review of scripts/cleanup-ephemeral-stacks.sh (#72):
- Fail CLOSED on unparseable CreationTime. Previously a parse failure fell
back to epoch 0, making every matching stack look ~billions of seconds old
and eligible for deletion — the age gate failed open. Now it SKIPs.
- Validate --max-age-hours is a non-negative integer before arithmetic
(rejects injected/garbage input).
- Print account + caller ARN (sts:GetCallerIdentity) before any action so the
operator can confirm blast radius; hard-fail if identity can't be resolved.
- Tolerate a single delete-stack failure instead of aborting the whole loop
under set -e (would otherwise orphan later stacks); track and report a
Failed count, and only increment Deleted on a delete actually initiated.
- Remove dead --force-eni flag (parsed but never used; shellcheck SC2034).
- Annotate the JMESPath --query backticks as intentional (shellcheck SC2016).
shellcheck: clean (exit 0). semgrep --config=auto: 0 findings.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
0 commit comments