remove unrelated change
GitHub Actions / Security Guardian Results with resolved templates
failed
Feb 9, 2026 in 0s
144 tests run, 140 passed, 0 skipped, 4 failed.
Annotations
github-actions / Security Guardian Results with resolved templates
iam-no-overly-permissive-passrole.guard
IAM_NO_OVERLY_PERMISSIVE_PASSROLE for Type: Resolved
Raw output
Check was not compliant as property value [Path=/Resources/CodePipelineDeployingEcsApplicationDeployCFNDeployRoleDefaultPolicy859D7B9F/Properties/PolicyDocument/Statement/1/Resource[L:842,C:26] Value="*"] equal to value [Path=[L:0,C:0] Value="*"].
github-actions / Security Guardian Results with resolved templates
iam-no-wildcard-actions.guard
IAM_NO_WILDCARD_ACTIONS for Type: Resolved
Raw output
Check was not compliant as property value [Path=/Resources/CodePipelineDeployingEcsApplicationDeployCFNDeployRoleDefaultPolicy859D7B9F/Properties/PolicyDocument/Statement/1/Action[L:840,C:24] Value="*"] equal to value [Path=[L:0,C:0] Value="*"].
github-actions / Security Guardian Results with resolved templates
iam-role-root-principal-needs-conditions.guard
IAM_ROLE_ROOT_PRINCIPAL_NEEDS_CONDITIONS for Type: Resolved
Raw output
Root principal requires a strict condition (ArnEquals or StringEquals) to scope down who can assume this role. ArnLike/StringLike are not accepted as they allow wildcards.
Check was not compliant as property [Condition] is missing. Value traversed to [Path=/Resources/PipelineSourceCodePipelineActionRoleC6F9E7F5/Properties/AssumeRolePolicyDocument/Statement/0[L:442,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.ArnEquals] is missing. Value traversed to [Path=/Resources/PipelineSourceCodePipelineActionRoleC6F9E7F5/Properties/AssumeRolePolicyDocument/Statement/0[L:442,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.StringEquals] is missing. Value traversed to [Path=/Resources/PipelineSourceCodePipelineActionRoleC6F9E7F5/Properties/AssumeRolePolicyDocument/Statement/0[L:442,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].Root principal requires a strict condition (ArnEquals or StringEquals) to scope down who can assume this role. ArnLike/StringLike are not accepted as they allow wildcards.
Check was not compliant as property [Condition] is missing. Value traversed to [Path=/Resources/PipelineDeployCodePipelineActionRole8B83082E/Properties/AssumeRolePolicyDocument/Statement/0[L:501,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.ArnEquals] is missing. Value traversed to [Path=/Resources/PipelineDeployCodePipelineActionRole8B83082E/Properties/AssumeRolePolicyDocument/Statement/0[L:501,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.StringEquals] is missing. Value traversed to [Path=/Resources/PipelineDeployCodePipelineActionRole8B83082E/Properties/AssumeRolePolicyDocument/Statement/0[L:501,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
github-actions / Security Guardian Results with resolved templates
iam-role-root-principal-needs-conditions.guard
IAM_ROLE_ROOT_PRINCIPAL_NEEDS_CONDITIONS for Type: Resolved
Raw output
Root principal requires a strict condition (ArnEquals or StringEquals) to scope down who can assume this role. ArnLike/StringLike are not accepted as they allow wildcards.
Check was not compliant as property [Condition] is missing. Value traversed to [Path=/Resources/PipelineSourceCodePipelineActionRoleC6F9E7F5/Properties/AssumeRolePolicyDocument/Statement/0[L:287,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.ArnEquals] is missing. Value traversed to [Path=/Resources/PipelineSourceCodePipelineActionRoleC6F9E7F5/Properties/AssumeRolePolicyDocument/Statement/0[L:287,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.StringEquals] is missing. Value traversed to [Path=/Resources/PipelineSourceCodePipelineActionRoleC6F9E7F5/Properties/AssumeRolePolicyDocument/Statement/0[L:287,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].Root principal requires a strict condition (ArnEquals or StringEquals) to scope down who can assume this role. ArnLike/StringLike are not accepted as they allow wildcards.
Check was not compliant as property [Condition] is missing. Value traversed to [Path=/Resources/PipelineLambdaCodePipelineActionRoleC6032822/Properties/AssumeRolePolicyDocument/Statement/0[L:392,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.ArnEquals] is missing. Value traversed to [Path=/Resources/PipelineLambdaCodePipelineActionRoleC6032822/Properties/AssumeRolePolicyDocument/Statement/0[L:392,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Check was not compliant as property [Condition.StringEquals] is missing. Value traversed to [Path=/Resources/PipelineLambdaCodePipelineActionRoleC6032822/Properties/AssumeRolePolicyDocument/Statement/0[L:392,C:12] Value={"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}].
Loading