Merge pull request #263 from cloud-gov/overhaul

updated thresholds to only look for 300 days warn and 360 days violation
cloud-gov · Dec 10, 2024 · e5405be · e5405be
2 parents ff7ef6d + 1005597
commit e5405be
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/ci/aws-iam-check-keys/find_stale_keys.py b/ci/aws-iam-check-keys/find_stale_keys.py
@@ -65,6 +65,10 @@ def main():
     com_region = "us-east-1"
     gov_region = "us-gov-west-1"
 
+    # Note that the thresholds in both thresholds.yml and other_iam_users.yml are now set
+    # to default to a warning of 300 days and a violation at 360 days
+    # This was decided based on a discussion with compliance over
+    # the finding related to stale keys 
     thresholds = load_thresholds(thresholds_filename)
     com_users_list = load_system_users(com_users_filename, thresholds)
     gov_users_list = load_system_users(gov_users_filename, thresholds)

diff --git a/ci/aws-iam-check-keys/thresholds.yml b/ci/aws-iam-check-keys/thresholds.yml
@@ -1,20 +1,20 @@
 - account_type: "Operator"
   is_wildcard: True
-  warn: 75
-  violation: 90
+  warn: 300
+  violation: 360
   alert: True
 - account_type: "Platform"
   is_wildcard: True
-  warn: 80
-  violation: 165
+  warn: 300
+  violation: 360
   alert: True
 - account_type: "Application"
   is_wildcard: True
-  warn: 80
-  violation: 165
+  warn: 360 
+  violation: 360
   alert: True
 - account_type: "Customer"
   is_wildcard: True
-  warn: 0
-  violation: 0
+  warn: 300
+  violation: 360
   alert: False