Skip to content

Commit

Permalink
add rules for aws_iam_role
Browse files Browse the repository at this point in the history
  • Loading branch information
lhitchon committed Nov 4, 2018
1 parent 922dc0e commit 6c3f6d2
Showing 1 changed file with 46 additions and 0 deletions.
46 changes: 46 additions & 0 deletions cli/assets/terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,52 @@ rules:
tags:
- cloudfront

- id: IAM_ROLE_NOT_ACTION
message: Should not use NotAction in assume policy document
resource: aws_iam_role
severity: WARNING
assertions:
- none:
key: assume_role_policy.Statement[]
expressions:
- key: NotAction
op: present
tags:
- iam
- role

- id: IAM_ROLE_NOT_PRINCIPAL
message: Should not use NotPrincipal in role assume policy document
resource: aws_iam_role
severity: FAILURE
assertions:
- none:
key: assume_role_policy.Statement[]
expressions:
- key: NotPrincipal
op: present
tags:
- iam
- role

- id: IAM_ROLE_WILDCARD_ACTION
message: Should not use wildcard action in role assume policy document
resource: aws_iam_role
severity: FAILURE
assertions:
- none:
key: assume_role_policy.Statement[]
expressions:
- key: Effect
op: eq
value: Allow
- key: Action
op: contains
value: "*"
tags:
- iam
- role

- id: IAM_ROLE_POLICY_NOT_ACTION
message: Should not use NotAction in IAM policy
resource: aws_iam_role_policy
Expand Down

0 comments on commit 6c3f6d2

Please sign in to comment.