Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[extra7132, extra7133, extra7113] Fails for DocumentDB instances #811

Closed
h1008 opened this issue Jun 3, 2021 · 3 comments
Closed

[extra7132, extra7133, extra7113] Fails for DocumentDB instances #811

h1008 opened this issue Jun 3, 2021 · 3 comments
Labels
bug

Comments

@h1008
Copy link
Contributor

h1008 commented Jun 3, 2021
edited
Loading

Hi,

the rds describe-db-instances command (as used by the checks extra7132, extra7133, and extra7113) also lists DocumentDB instances which do not support enhanced monitoring/multi-AZ/deletion protection [1]. So these checks fail if you have a DocumentDB cluster and it's not possible to fix the checks.

Proposed solution:

  • Filter output of describe-db-instances command to ignore DB Instances with Engine "docdb".
  • Add a specific check for deletion protection for docdb clusters (using the command docdb describe-db-clusters).

[1] DocumentDB does support deletion protection, but it's a configuration option for clusters, not individual instances. See result of docdb describe-db-clusters.
@h1008 h1008 changed the title [check_extra7132, check_extra7133] Fails for DocumentDB instances [extra7132, extra7133, extra7113] Fails for DocumentDB instances Jun 3, 2021
@toniblyx
Copy link
Member

toniblyx commented Jun 3, 2021

Thanks for let me know, in the meantime you can use the whitelist feature to prevent that fail.

@toniblyx toniblyx added the bug label Jun 3, 2021
@toniblyx
Copy link
Member

toniblyx commented Jun 3, 2021
edited
Loading

Can you please try changing the checks with this query instead and see if that fixes the issue? --query 'DBInstances[?Engine != docdb].DBInstanceIdentifier'. If it does please, feel free to send a PR with a fix. Thanks

@h1008
Copy link
Contributor Author

h1008 commented Jun 5, 2021
edited
Loading

It almost worked - I just had to set the string in single quotes: --query "DBInstances[?Engine != 'docdb'].DBInstanceIdentifier".
I'll prepare a PR.

h1008 added a commit to h1008/prowler that referenced this issue Jun 5, 2021
@h1008
Fixed issue prowler-cloud#811
5aeb670
toniblyx added a commit that referenced this issue Jun 8, 2021
@toniblyx
Fixed issue #811 @h1008
701d568 
Fixed issue #811 @h1008
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@toniblyx @h1008