Checks/Aws/Test-SecretsmanagerNotPubliclyAccessible.ps1
|
function Test-SecretsmanagerNotPubliclyAccessible { <# .SYNOPSIS Secrets Manager secret resource policy does not allow public access .DESCRIPTION **AWS Secrets Manager secrets** are evaluated for **public exposure** through resource-based policies that grant broad access, such as `Principal: "*"`, which would allow any principal to perform actions on the secret. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: secretsmanager_not_publicly_accessible [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check secretsmanager_not_publicly_accessible for reference.', 'N/A', 'secretsmanager Resources') } |