From 036ae640e539afbb221fb7b1fb278fd91147a737 Mon Sep 17 00:00:00 2001 From: nalansitan Date: Tue, 14 Apr 2020 10:38:01 +0800 Subject: [PATCH] support arn:aws:s3::: on extra725 --- checks/check_extra725 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/check_extra725 b/checks/check_extra725 index 36dd68403662..88f43ce54de1 100644 --- a/checks/check_extra725 +++ b/checks/check_extra725 @@ -30,7 +30,7 @@ extra725(){ if [[ $LIST_OF_TRAILS ]]; then BUCKET_ENABLED_TRAILS=() for trail in $LIST_OF_TRAILS; do - BUCKET_ENABLED_IN_TRAIL=$($AWSCLI cloudtrail get-event-selectors $PROFILE_OPT --trail-name $trail --query "EventSelectors[*].DataResources[?Type == \`AWS::S3::Object\`].Values" --output text |xargs -n1| grep -E "^arn:aws:s3:::$bucketName/\S*$|^arn:aws:s3$") + BUCKET_ENABLED_IN_TRAIL=$($AWSCLI cloudtrail get-event-selectors $PROFILE_OPT --trail-name $trail --query "EventSelectors[*].DataResources[?Type == \`AWS::S3::Object\`].Values" --output text |xargs -n1| grep -E "^arn:aws:s3:::$bucketName/\S*$|^arn:aws:s3$|^arn:aws:s3:::$") if [[ $BUCKET_ENABLED_IN_TRAIL ]]; then BUCKET_ENABLED_TRAILS+=($trail) # textPass "$regx: S3 bucket $bucketName has Object-level logging enabled in trail $trail" "$regx"