Merge pull request #16 from aws-samples/fix/security-findings

athewsey · anajmi07 · web-flow · commit 3e648e0bfcda · 2025-11-05T15:16:04.000+08:00
Enable access logging on provisioned S3 bucket and scope down some
IAM role permissions.

Co-authored-by: Aamna Najmi &lt;anajmi@amazon.de&gt;
diff --git a/infra/modules/agentcore-iam-role/bedrock-agentcore-policy.tf b/infra/modules/agentcore-iam-role/bedrock-agentcore-policy.tf
@@ -11,7 +11,11 @@ resource "aws_iam_policy" "bedrock_permissions" {
           "bedrock:InvokeModel",
           "bedrock:InvokeModelWithResponseStream"
         ]
-        Resource = "*"
+        Resource = [
+          "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/anthropic.*",
+          "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/amazon.*",
+          "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/meta.*"
+        ]
       }
     ]
   })
@@ -28,8 +32,7 @@ resource "aws_iam_policy" "ecr_permissions" {
         Effect = "Allow"
         Action = [
           "ecr:BatchGetImage",
-          "ecr:GetDownloadUrlForLayer",
-          "ecr:GetAuthorizationToken"
+          "ecr:GetDownloadUrlForLayer"
         ]
         Resource = [
           "arn:aws:ecr:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:repository/*"
@@ -41,6 +44,8 @@ resource "aws_iam_policy" "ecr_permissions" {
         Action = [
           "ecr:GetAuthorizationToken"
         ]
+        # This action does not accept any restrictions on the resource, per the docs:
+        # https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerregistry.html
         Resource = "*"
       }
     ]
@@ -100,9 +105,14 @@ resource "aws_iam_policy" "monitoring_permissions" {
           "xray:GetSamplingRules",
           "xray:GetSamplingTargets"
         ]
-        Resource = "*"
+        Resource = [
+          "arn:aws:xray:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:trace/*"
+        ]
       },
       {
+        # WILDCARD JUSTIFICATION: CloudWatch PutMetricData requires Resource="*" 
+        # as per AWS documentation. Condition restricts to bedrock-agentcore namespace only.
+        # Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html
         Effect   = "Allow"
         Resource = "*"
         Action   = "cloudwatch:PutMetricData"
diff --git a/infra/modules/kb-stack/main.tf b/infra/modules/kb-stack/main.tf
@@ -12,6 +12,49 @@ resource "aws_s3_bucket_public_access_block" "kb_bucket_pab" {
   restrict_public_buckets = true
 }
 
+# Access logging bucket
+resource "aws_s3_bucket" "access_logs" {
+  bucket_prefix = "${var.name}-access-logs"
+}
+
+resource "aws_s3_bucket_public_access_block" "access_logs_pab" {
+  bucket = aws_s3_bucket.access_logs.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+# Enable access logging
+resource "aws_s3_bucket_logging" "kb_bucket_logging" {
+  bucket = aws_s3_bucket.kb_bucket.id
+
+  target_bucket = aws_s3_bucket.access_logs.id
+  target_prefix = "access-logs/"
+}
+
+# Lifecycle configuration
+resource "aws_s3_bucket_lifecycle_configuration" "kb_bucket_lifecycle" {
+  bucket = aws_s3_bucket.kb_bucket.id
+
+  rule {
+    id     = "knowledge_base_lifecycle"
+    status = "Enabled"
+
+    filter {}
+    transition {
+      days          = 30
+      storage_class = "STANDARD_IA"
+    }
+
+    transition {
+      days          = 90
+      storage_class = "GLACIER"
+    }
+  }
+}
+
 # IAM Role for Bedrock
 resource "aws_iam_role" "bedrock_role" {
   name = "${var.name}-bedrock-role"
diff --git a/infra/modules/knowledge-base/main.tf b/infra/modules/knowledge-base/main.tf
@@ -7,7 +7,16 @@ resource "aws_iam_role_policy" "bedrock_kb_sample_kb_model" {
     Version = "2012-10-17"
     Statement = [
       {
-        Action   = ["aoss:*"]
+        Action   = [
+          "aoss:CreateIndex",
+          "aoss:DescribeIndex",
+          "aoss:UpdateIndex",
+          "aoss:DeleteIndex",
+          "aoss:WriteDocument",
+          "aoss:ReadDocument",
+          "aoss:SearchDocument",
+          "aoss:DeleteDocument"
+        ]
         Effect   = "Allow"
         Resource = [var.opensearch_arn]
       },

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,11 @@ resource "aws_iam_policy" "bedrock_permissions" {`
`11`	`11`	`"bedrock:InvokeModel",`
`12`	`12`	`"bedrock:InvokeModelWithResponseStream"`
`13`	`13`	`]`
`14`		`- Resource = "*"`
	`14`	`+ Resource = [`
	`15`	`+ "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/anthropic.*",`
	`16`	`+ "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/amazon.*",`
	`17`	`+ "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/meta.*"`
	`18`	`+ ]`
`15`	`19`	`}`
`16`	`20`	`]`
`17`	`21`	`})`
`@@ -28,8 +32,7 @@ resource "aws_iam_policy" "ecr_permissions" {`
`28`	`32`	`Effect = "Allow"`
`29`	`33`	`Action = [`
`30`	`34`	`"ecr:BatchGetImage",`
`31`		`- "ecr:GetDownloadUrlForLayer",`
`32`		`- "ecr:GetAuthorizationToken"`
	`35`	`+ "ecr:GetDownloadUrlForLayer"`
`33`	`36`	`]`
`34`	`37`	`Resource = [`
`35`	`38`	`"arn:aws:ecr:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:repository/*"`
`@@ -41,6 +44,8 @@ resource "aws_iam_policy" "ecr_permissions" {`
`41`	`44`	`Action = [`
`42`	`45`	`"ecr:GetAuthorizationToken"`
`43`	`46`	`]`
	`47`	`+ # This action does not accept any restrictions on the resource, per the docs:`
	`48`	`+ # https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerregistry.html`
`44`	`49`	`Resource = "*"`
`45`	`50`	`}`
`46`	`51`	`]`
`@@ -100,9 +105,14 @@ resource "aws_iam_policy" "monitoring_permissions" {`
`100`	`105`	`"xray:GetSamplingRules",`
`101`	`106`	`"xray:GetSamplingTargets"`
`102`	`107`	`]`
`103`		`- Resource = "*"`
	`108`	`+ Resource = [`
	`109`	`+ "arn:aws:xray:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:trace/*"`
	`110`	`+ ]`
`104`	`111`	`},`
`105`	`112`	`{`
	`113`	`+ # WILDCARD JUSTIFICATION: CloudWatch PutMetricData requires Resource="*"`
	`114`	`+ # as per AWS documentation. Condition restricts to bedrock-agentcore namespace only.`
	`115`	`+ # Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html`
`106`	`116`	`Effect = "Allow"`
`107`	`117`	`Resource = "*"`
`108`	`118`	`Action = "cloudwatch:PutMetricData"`