This repository has been archived by the owner on Jul 22, 2021. It is now read-only.

ConfigRuleForEvaluatePolicyPermissions does no cover inline policies attached to roles/groups #59

Open

visit1985 opened this issue Oct 10, 2017 · 1 comment

visit1985 commented Oct 10, 2017

I wanted to make you aware of that. Maybe it makes sense to extend the Lambda for this purpose.

Author

visit1985 commented Oct 10, 2017 •

edited

Loading

And maybe you should jsonify the policy document before checking it with jmespath.search(). Otherwise it fails with TypeError, sometimes.

if jmespath.search('Statement[?Effect == \'Allow\' && contains(Resource, \'*\') && contains (Action, \'*\')]', json.dumps(policy_version['PolicyVersion']['Document'])):
        return_value = 'NON_COMPLIANT'

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.