refactor some iam rules

stelligent · Oct 20, 2018 · 85367c8 · 85367c8
1 parent a68aa20
commit 85367c8
Showing 1 changed file with 38 additions and 20 deletions.
diff --git a/cli/assets/terraform.yml b/cli/assets/terraform.yml
@@ -163,8 +163,11 @@ rules:
     resource: aws_iam_role_policy
     severity: WARNING
     assertions:
-      - key: policy.Statement[].NotAction
-        op: absent
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: NotAction
+              op: present
     tags:
       - iam
       - role
@@ -175,8 +178,11 @@ rules:
     resource: aws_iam_role_policy
     severity: WARNING
     assertions:
-      - key: policy.Statement[].NotResource
-        op: absent
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: NotResource
+              op: present
     tags:
       - iam
       - role
@@ -187,10 +193,12 @@ rules:
     resource: aws_iam_role_policy
     severity: FAILURE
     assertions:
-      - not:
-        - key: policy.Statement[].Action
-          op: contains
-          value: "*"
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: Action
+              op: contains
+              value: "*"
     tags:
       - iam
       - role
@@ -201,10 +209,12 @@ rules:
     resource: aws_iam_role_policy
     severity: WARNING
     assertions:
-      - not:
-        - key: policy.Statement[].Resource
-          op: contains
-          value: "*"
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: Resource
+              op: contains
+              value: "*"
     tags:
       - iam
       - role
@@ -215,8 +225,11 @@ rules:
     resource: aws_iam_policy
     severity: WARNING
     assertions:
-      - key: policy.Statement[].NotAction
-        op: absent
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: NotAction
+              op: present
     tags:
       - iam
       - policy
@@ -226,8 +239,11 @@ rules:
     resource: aws_iam_policy
     severity: WARNING
     assertions:
-      - key: policy.Statement[].NotResource
-        op: absent
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: NotResource
+              op: present
     tags:
       - iam
       - policy
@@ -237,10 +253,12 @@ rules:
     resource: aws_iam_policy
     severity: FAILURE
     assertions:
-      - not:
-        - key: policy.Statement[].Action
-          op: contains
-          value: "*"
+      - none:
+          key: policy.Statement[]
+          expressions:
+            - key: Action
+              op: contains
+              value: "*"
     tags:
       - iam
       - policy