-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security group scan prefix list my account work, but other account can't #8054
Comments
Resource: security-group ---above can work to filter prefix list---
|
If your existing policy works for finding the prefix lists, you should be able to add an
Note that you do need While testing this locally, I did notice that the fanciness of the
That's unfortunately an uglier policy, but it does seem to more reliably capture your intent. |
Hi ajkerrigan@, Thanks for your supporting. I tried your policy and it's worked. If I need to filter the ingress all traffic, seems like value filter is the only option. Correct? |
Describe the bug
We had multi accounts. And I tried to enhanced our security group policy by aws prefix-list.
With the same custodian env, my account can return the expect result. Like Match SG who is using the prefix-list.
But other accounts can't return the expect result.
What did you expect to happen?
Policy-A and Policy-B just prefix id is different.
And I'm sure about those prefix id existed on corresponding account.
Policy-A:
Policy-B:
---custodian run---
Account-A returns as below:
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
Policy
Relevant log/traceback output
---metadata---
The text was updated successfully, but these errors were encountered: