_               _              
   ___| |__   ___  ___| | _______   __
  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
 | (__| | | |  __/ (__|   < (_) \ V / 
  \___|_| |_|\___|\___|_|\_\___/ \_/  
                                      
By bridgecrew.io | version: 2.0.170 

cloudformation scan results:

Passed checks: 33, Failed checks: 0, Skipped checks: 0

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.LambdaCustomRole
    File: hub-main.yaml:37-701

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.LambdaLocalDBRole
    File: hub-main.yaml:97-701

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.LambdaDBRole
    File: hub-main.yaml:162-701

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.LambdaPCARole
    File: hub-main.yaml:231-701

Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
    PASSED for resource: AWS::Lambda::Function.LambdaLocalDBFunction
    File: hub-main.yaml:301-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3

Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
    PASSED for resource: AWS::Lambda::Function.LambdaDBFunction
    File: hub-main.yaml:371-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3

Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
    PASSED for resource: AWS::Lambda::Function.LambdaPCAFunction
    File: hub-main.yaml:476-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3

Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
    PASSED for resource: AWS::Lambda::Function.LambdaCustomFunction
    File: hub-main.yaml:556-701
    Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3

Check: CKV_AWS_28: "Ensure Dynamodb point in time recovery (backup) is enabled"
    PASSED for resource: AWS::DynamoDB::Table.PCADynamoDB
    File: hub-main.yaml:577-607
    Guide: https://docs.bridgecrew.io/docs/general_6