Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

utilizing - Or: on bucket-encryption scans

See original GitHub issue

Describe the bug Whenever I run the following policy, I get the errors exemplified

To Reproduce Run the policy

Expected behavior To scan the scenarios provided

Background (please complete the following information):

  • OS: Linux Mint Tricia 19.3
  • Python Version: python 3.8.5
  • Custodian Version: 0.9.4
  • Cloud Provider: AWS
  • Policy: [please exclude any account/sensitive information]
policies:
  - name: s3-encryption-4-dummies
    resource: s3
    filters:
      - or:
        - type: bucket-encryption
          state: False
        - type: bucket-encryption
          state: True
          crypto: aws:kms
          key: alias/aws/s3
        - type: bucket-encryption
          state: True
          crypto: AES256

  • Traceback: [if applicable, please exclude sensitive/account information] 2020-08-28 18:37:16,469: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: avk-testing-cloudtrail 2020-08-28 18:37:16,479: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: cf-templates-1cez0zyz1a4v3-sa-east-1 2020-08-28 18:37:16,485: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: cf-templates-1cez0zyz1a4v3-us-east-1 2020-08-28 18:37:16,485: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,485: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,504: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,677: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,686: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,692: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,692: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,693: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,711: custodian.filters:ERROR Message: ‘list’ object has no attribute ‘get’ Bucket: ################## 2020-08-28 18:37:16,713: custodian.policy:INFO policy:s3-encryption-4-dummies resource:s3 region:us-east-1 count:2 time:3.54

  • custodian version --debug output: Custodian: 0.9.4 Python: 3.8.5 (default, Jul 22 2020, 18:54:26) [GCC 5.4.0 20160609] Platform: posix.uname_result(sysname=‘Linux’, nodename=‘karl-mint’, release=‘5.4.0-42-generic’, version=‘#46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC 2020’, machine=‘x86_64’) Using venv: False Docker: False Installed:

argcomplete==1.12.0 attrs==19.3.0 boto3==1.14.31 botocore==1.17.31 docutils==0.15.2 importlib-metadata==1.7.0 jmespath==0.10.0 jsonschema==3.2.0 pyrsistent==0.16.0 python-dateutil==2.8.1 pyyaml==5.3.1 s3transfer==0.3.3 setuptools==49.2.0 six==1.15.0 tabulate==0.8.7 urllib3==1.25.10 zipp==3.1.0

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5

github_iconTop GitHub Comments

1reaction
kapiltcommented, Feb 19, 2021

fixed in #6442

1reaction
jmwakscommented, Sep 24, 2020

@kapilt , any feedback on this issue ? This was working on 0.8.33.0 but we are seeing an issue on 0.9.5

Read more comments on GitHub >

github_iconTop Results From Across the Web

AWS::S3::Bucket BucketEncryption - AWS CloudFormation
Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket.
Read more >
Using cfsec - A Brief Guide - Owen Rumney
A brief guide covering the basics of using cfsec to scan your CloudFormation files.
Read more >
Ensure data stored in the S3 bucket is securely encrypted at rest
Encrypting and decrypting data at the S3 bucket level is transparent to users when accessing data. Fix - Runtime. AWS Console. To change...
Read more >
S3 - Encryption — Cloud Custodian documentation
The following policy will enable bucket encryption on all s3 buckets. ... Will scan all keys in the bucket for unencrypted keys and...
Read more >
S3 encryption should use Customer Managed Keys - tfsec
A static analysis security scanner for your Terraform code. ... Encryption using AWS keys provides protection for your S3 buckets.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

releng - support arm64 docker images

Next page

Add support for kinesisanalyticsv2