From the course: Cloud Security for DevSecOps Engineers: From Security Models to API Protection
Join today to access over 24,900 courses taught by industry experts.
Scan misconfigured IaC files and report findings using Trivy
From the course: Cloud Security for DevSecOps Engineers: From Security Models to API Protection
Scan misconfigured IaC files and report findings using Trivy
- [Instructor] In this video, we're going to scan some misconfigured AWS resources in Terraform using Trivy. Before we get into scanning it with Trivy, the first thing that I'm going to do is I'm going to explain what the resources are and what some of the security implications are of each one of those resources. To start, we have an s3 bucket, and this s3 bucket is configured to allow public read access to anyone which could lead to data exposure. Another resource that we have is a KMS key, and this KMS key has an overly permissive KMS key policy associated with it that allows anyone any account to use it. The reason why this is a security risk is because it allows unauthorized access to encrypted data by allowing anyone and any resource to use it to decrypt data, especially if it's being used for sensitive data. And lastly, we have an iam resource or an iam role, and we also have an iam role policy. The issue with this resource is that the iam role, which will be associated or…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Getting set up in GitHub Codespaces4m 46s
-
What is infrastructure as code (IaC)?5m 27s
-
(Locked)
Common security risks with IaC4m 46s
-
(Locked)
Policy-as-code basics4m 21s
-
(Locked)
IaC scanning basics5m 32s
-
(Locked)
Scan misconfigured IaC files and report findings using Trivy3m 30s
-
(Locked)
Purpose of automating IaC security scans1m 52s
-
(Locked)
GitHub Actions IaC scanning with Trivy6m 52s
-
(Locked)
-