Skip to content

Commit

Permalink
adding an else condition to relate the flow log with vpc
Browse files Browse the repository at this point in the history
  • Loading branch information
@harkirat22
harkirat22 committed Jan 9, 2021
1 parent 5a19951 commit 39067c7
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/policies/opa/rego/aws/aws_vpc/vpcFlowLogsNotEnabled.rego
View file
Expand Up @@ -24,4 +24,8 @@ flowLogExist(vpc, vpc_input) = exists {
vpc_name := sprintf("aws_vpc.%s", [vpc.name])
flow_log_tags_set[vpc_name]
exists = true
} else = exists {
flow_log_vpcs_set := { vpc_id | input.aws_flow_log[i].type == "aws_flow_log"; vpc_id := split(input.aws_flow_log[i].config.vpc_id, ".")[1] }
flow_log_vpcs_set[vpc.name]
exists = true
}

0 comments on commit 39067c7

Please sign in to comment.