CodeBuild GitHub or Bitbucket Source Repository URLs Should Use OAuth Rule
This rule ensures that CodeBuild GitHub or Bitbucket source repository URLs use OAuth for secure access.
| Rule | CodeBuild GitHub or Bitbucket source repository URLs should use OAuth |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Critical |
Rule Description:
The rule requires that CodeBuild source repository URLs for GitHub or Bitbucket must use OAuth authentication instead of other authentication methods for FedRAMP Low Revision 4 compliance.
Troubleshooting Steps:
- 1.
Verify OAuth Configuration: Ensure that the OAuth configuration for GitHub or Bitbucket is properly set up.
- 2.
Check Repository URL: Double-check the repository URL to ensure it meets the required format for OAuth authentication.
- 3.
Review OAuth Access Tokens: Validate that the OAuth access tokens are correct and have the necessary permissions to access the repository.
- 4.
Test OAuth Authentication: Perform a test build using the OAuth-authenticated repository URL to verify successful authentication.
Necessary Code:
No specific code is necessary for this rule. However, the following code snippet shows an example of setting up an OAuth connection for a GitHub source repository in a CodeBuild project:
source: type: GITHUB location: <repository-url> auth: type: OAUTH resource: <OAuth-resource> secret: <OAuth-secret>
Replace
<repository-url><OAuth-resource><OAuth-secret>For Bitbucket, a similar configuration can be done with the appropriate values for Bitbucket OAuth.
Step-by-Step Guide for Remediation:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the CodeBuild service.
- 3.
Select the desired project that needs to be updated.
- 4.
Click on "Edit" to modify the project settings.
- 5.
Under the "Source" section, locate the repository URL for GitHub or Bitbucket.
- 6.
Replace the existing URL authentication method (if any) with OAuth authentication.
- 7.
Configure the OAuth settings by providing the OAuth resource and secret credentials.
- 8.
Save the changes and exit the configuration mode.
- 9.
Trigger a new build to validate that the OAuth authentication is functioning correctly.
By following these steps, the CodeBuild project will use OAuth for authentication with GitHub or Bitbucket repositories, ensuring compliance with the specified FedRAMP Low Revision 4 requirement.