Skip to content
This repository has been archived by the owner on Jul 22, 2021. It is now read-only.

ConfigRuleForEvaluatePolicyPermissions does no cover inline policies attached to roles/groups #59

Open
visit1985 opened this issue Oct 10, 2017 · 1 comment

Comments

@visit1985
Copy link

I wanted to make you aware of that. Maybe it makes sense to extend the Lambda for this purpose.

@visit1985
Copy link
Author

visit1985 commented Oct 10, 2017

And maybe you should jsonify the policy document before checking it with jmespath.search(). Otherwise it fails with TypeError, sometimes.

if jmespath.search('Statement[?Effect == \'Allow\' && contains(Resource, \'*\') && contains (Action, \'*\')]', json.dumps(policy_version['PolicyVersion']['Document'])):
        return_value = 'NON_COMPLIANT'

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant