Skip to content
This repository has been archived by the owner on Jul 22, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #56 from jimrazmus/fix-false-positives
Fix false positives
  • Loading branch information
barnesrobert committed Apr 6, 2018
2 parents 1be459b + 23001c2 commit 097ddf7
Showing 1 changed file with 15 additions and 14 deletions.
29 changes: 15 additions & 14 deletions architecture/create-benchmark-rules.yaml
Expand Up @@ -265,7 +265,7 @@
# Determine whether the root account uses hardware-based MFA.
mfa_devices = client.list_virtual_mfa_devices()['VirtualMFADevices']
for mfa_device in mfa_devices:
if not 'SerialNumber' in mfa_device:
if 'SerialNumber' in mfa_device:
is_compliant = is_compliant and True
else:
is_compliant = is_compliant and False
Expand All @@ -288,19 +288,20 @@
annotation = annotation + ' The root account has active access keys associated with it.'
break
config = boto3.client('config')
config.put_evaluations(
Evaluations=[
{
'ComplianceResourceType': 'AWS::::Account',
'ComplianceResourceId': 'Root',
'ComplianceType': 'COMPLIANT' if is_compliant else 'NON_COMPLIANT',
'Annotation': annotation,
'OrderingTimestamp': datetime.datetime.now(),
},
],
ResultToken=result_token
)
evaluations = [
{
'ComplianceResourceType': 'AWS::::Account',
'ComplianceResourceId': 'Root',
'ComplianceType': 'COMPLIANT' if is_compliant else 'NON_COMPLIANT',
'OrderingTimestamp': datetime.datetime.now(),
}
]
if annotation: evaluations[0]['Annotation'] = annotation
response = boto3.client('config').put_evaluations(
Evaluations = evaluations,
ResultToken = result_token)
Description: Evaluates the security properties of the root account
Handler: index.lambda_handler
Expand Down

0 comments on commit 097ddf7

Please sign in to comment.