| AWS Version | Supported |
|---|---|
| 1.x | ✅ |
| 2.x | ✅ |
We take security seriously and appreciate your efforts to responsibly disclose your findings.
Do NOT open a public issue for security vulnerabilities. Instead, please report security issues through one of these channels:
- GitHub Security Advisories (Preferred): Report via GitHub
- Email: Send details to security@lanik.us
- Security Discussions: Open a discussion in our GitHub Discussions
- Security Issues: Create a Security Advisory on GitHub
When reporting a vulnerability, please include:
- Description: Clear explanation of the security issue
- Steps to Reproduce: Detailed steps to reproduce the vulnerability
- Impact Assessment: Potential impact and affected components
- Proof of Concept: If applicable, a minimal reproduction case
- Suggested Fix: If you have ideas for a fix (optional)
We are committed to responding to security reports in a timely manner:
- Initial Response: Within 48 hours of receiving the report
- Status Update: Within 5 business days with assessment
- Resolution: We will work diligently to fix critical vulnerabilities as quickly as possible
We ask that you:
- Give us reasonable time to investigate and fix the issue before public disclosure
- Do not access, modify, or delete user data
- Do not perform attacks that could harm the availability of our services
- Do not publicly disclose the vulnerability until we have had a chance to address it
This project provides AWS CLI aliases. Security considerations include:
- Command Injection: All aliases are validated to prevent command injection
- AWS Permissions: Aliases do not elevate AWS permissions beyond what's configured
- Shell Safety: Aliases are designed to be safe for use in shell environments
- Review Aliases: Review all aliases before using them in production
- Limit Permissions: Use least-privilege AWS permissions
- Audit Usage: Regularly audit AWS CLI usage
When contributing to the project:
- Validate Commands: Ensure all commands are safe and validated
- Test Thoroughly: Test aliases in various environments
- Security Review: Have security reviews for new aliases
For general security questions or concerns, you can:
- Open a discussion in our GitHub Discussions
- Contact the maintainers through the security email above for sensitive matters
Thank you for helping keep AWS CLI Aliases secure!