checkov-acm-pca-spoke

       _               _              
   ___| |__   ___  ___| | _______   __
  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
 | (__| | | |  __/ (__|   < (_) \ V / 
  \___|_| |_|\___|\___|_|\_\___/ \_/  
                                      
By bridgecrew.io | version: 2.0.170 

cloudformation scan results:

Passed checks: 22, Failed checks: 0, Skipped checks: 0

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.LambdaAssumeRole
    File: spoke-main.yaml:12-41

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.LambdaDescribeRole
    File: spoke-main.yaml:43-93

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure

Check: CKV_AWS_61: "Ensure IAM role allows only specific principals in account to assume it"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45

Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management without constraints"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122
    Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint

Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122
    Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44

Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
    PASSED for resource: AWS::IAM::Role.EventInvokeRole
    File: spoke-main.yaml:95-122

Check: CKV_AWS_45: "Ensure no hard-coded secrets exist in lambda environment"
    PASSED for resource: AWS::Lambda::Function.LambdaDescribeFunction
    File: spoke-main.yaml:124-166
    Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_3