Add overly matching detection and MozDef alerting to AWS-Federated-AMR.js

We should extend the Auth0 rule which creates the `amr` claim to detect overly matching policy group names (e.g. `e`) which effectively permit a ton of people and undermine the benefits of the group filtering feature

https://github.com/mozilla-iam/auth0-deploy/blob/master/rules/AWS-Federated-AMR.js

When cases like this are detected we could

* Alert to MozDef that a overly matching policy was authored
* Ignore the overly matching group name when filtering
* Maybe have a whitelist of group names which both match our "is this overly matching" logic but also should indeed be allowed

Original Jira issue [IAM-139](https://jira.mozilla.com/browse/IAM-139)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add overly matching detection and MozDef alerting to AWS-Federated-AMR.js #336

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add overly matching detection and MozDef alerting to AWS-Federated-AMR.js #336

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions