chore(aws): add support for trusted aws accounts in cross account checks for s3, eventbridge bus, eventbridge schema and dynamodb

[mohd4adil]

Context

As of present, cross account checks for aws in s3, eventbridge bus, eventbridge schema and dynamodb do not support a trusted account list. A trusted account list would help to reduce the noise on findings that have policies that have principals from other trusted accounts have them pass instead of fail.

Description

The major change made is to the is_policy_public function (line 384 - 518) in prowler/providers/aws/services/iam/lib/policy.py. The following checks make use of the is_policy_public function while passing through the argument is_cross_account_allowed=False:

• s3_bucket_cross_account_access
• eventbridge_schema_registry_cross_account_access
• eventbridge_bus_cross_account_access
• dynamodb_table_cross_account_access

The change majorly involves a logic change in adding a trusted account list that is iterated over and decides to flag the resource as public or private based on the passed trusted account list from the config.yaml file.

Steps to review

• Review the changes in the is_policy_public function of prowler/providers/aws/services/iam/lib/policy.py
• Review the changes made to the four checks that are mentioned above
• Cross verify the changes with the added tests in tests/providers/aws/services/iam/lib/policy_test.py with functions test_cross_account_access_trusted_account_list and test_cross_account_access_with_principal_list_trusted_account_list lines (1656 - 1697)

Checklist

• Are there new checks included in this PR? Yes / No
  • No new checks, just modifications to existing checks
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.