AWS CodeBuild project environment privileged mode is enabled

Description

This policy is checking to make sure that the environments within AWS CodeBuild project do not have privileged mode enabled. Having privileged mode enabled can be a significant risk as it provides enhanced permissions that could potentially be misused or exploited. This could lead to unauthorized access or changes within the environment, which might cause damage or loss of data. Therefore, it is critical to maintain only the necessary permissions and avoid enabling privileged mode, as this can potentially breach secure practices.

Code Example

hcl

resource "aws_codebuild_project" "example" {
  environment {
    privileged_mode = false
  }
}

Remediation

Terraform

Resource: aws_codebuild_project
Arguments: environment.privileged_mode

To fix this issue, you need to ensure that the privileged mode is not enabled in the CodeBuild project environment configuration.

Rule Details

Field	Value
ID	IAC-0363
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_316

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS CodeBuild project environment privileged mode is enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS CodeBuild project environment privileged mode is enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS CodeBuild project environment privileged mode is enabled

Description

Code Example

Remediation

Rule Details

References