-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
37 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -43,45 +43,45 @@ jobs: | |
| role-to-assume: ${{ env.AWS_ROLE }} | ||
| aws-region: ${{ env.REGION }} | ||
| # Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator | ||
| # - name: Run AWS AccessAnalyzer ValidatePolicy check | ||
| # id: run-aws-validate-policy | ||
| # uses: aws-actions/[email protected] | ||
| # with: | ||
| # policy-check-type: "VALIDATE_POLICY" | ||
| # template-path: ${{ env.TEMPLATE_PATH}} | ||
| # region: ${{ env.REGION }} | ||
| # # Print result from VALIDATE_POLICY check | ||
| # - name: Print the result for ValidatePolicy check | ||
| # if: success() || failure() | ||
| # run: echo "${{ steps.run-aws-validate-policy.outputs.result }}" | ||
| # # Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator | ||
| # - name: Run AWS AccessAnalyzer CheckAccessNotGranted check | ||
| # id: run-aws-check-access-not-granted | ||
| # uses: aws-actions/[email protected] | ||
| # with: | ||
| # policy-check-type: "CHECK_ACCESS_NOT_GRANTED" | ||
| # template-path: ${{ env.TEMPLATE_PATH}} | ||
| # actions: ${{ env.ACTIONS }} | ||
| # region: ${{ env.REGION }} | ||
| # # Print result from CHECK_ACCESS_NOT_GRANTED check | ||
| # - name: Print the result for CheckAccessNotGranted check | ||
| # if: success() || failure() | ||
| # run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}" | ||
| - name: Run AWS AccessAnalyzer ValidatePolicy check | ||
| id: run-aws-validate-policy | ||
| uses: aws-actions/[email protected] | ||
| with: | ||
| policy-check-type: "VALIDATE_POLICY" | ||
| template-path: ${{ env.TEMPLATE_PATH}} | ||
| region: ${{ env.REGION }} | ||
| # Print result from VALIDATE_POLICY check | ||
| - name: Print the result for ValidatePolicy check | ||
| if: success() || failure() | ||
| run: echo "${{ steps.run-aws-validate-policy.outputs.result }}" | ||
| # Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator | ||
| - name: Run AWS AccessAnalyzer CheckAccessNotGranted check | ||
| id: run-aws-check-access-not-granted | ||
| uses: aws-actions/[email protected] | ||
| with: | ||
| policy-check-type: "CHECK_ACCESS_NOT_GRANTED" | ||
| template-path: ${{ env.TEMPLATE_PATH}} | ||
| actions: ${{ env.ACTIONS }} | ||
| region: ${{ env.REGION }} | ||
| # Print result from CHECK_ACCESS_NOT_GRANTED check | ||
| - name: Print the result for CheckAccessNotGranted check | ||
| if: success() || failure() | ||
| run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}" | ||
| # Run the CHECK_NO_NEW_ACCESS check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator | ||
| # reference-policy is stored in GitHub secrets | ||
| # - name: Run AWS AccessAnalyzer CheckNoNewAccess check | ||
| # id: run-aws-check-no-new-access | ||
| # uses: aws-actions/[email protected] | ||
| # with: | ||
| # policy-check-type: "CHECK_NO_NEW_ACCESS" | ||
| # template-path: 'test/check-no-new-access/cfn/sample-role.yaml' | ||
| # reference-policy: 'test/check-no-new-access/cfn/reference-resource-policy.json' | ||
| # reference-policy-type: 'RESOURCE' | ||
| # region: ${{env.REGION }} | ||
| # # Print result from CHECK_NO_NEW_ACCESS check | ||
| # - name: Print the result for CheckNoNewAccess check | ||
| # if: success() || failure() | ||
| # run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}" | ||
| - name: Run AWS AccessAnalyzer CheckNoNewAccess check | ||
| id: run-aws-check-no-new-access | ||
| uses: aws-actions/[email protected] | ||
| with: | ||
| policy-check-type: "CHECK_NO_NEW_ACCESS" | ||
| template-path: 'test/check-no-new-access/cfn/sample-role.yaml' | ||
| reference-policy: 'test/check-no-new-access/cfn/reference-resource-policy.json' | ||
| reference-policy-type: 'RESOURCE' | ||
| region: ${{env.REGION }} | ||
| # Print result from CHECK_NO_NEW_ACCESS check | ||
| - name: Print the result for CheckNoNewAccess check | ||
| if: success() || failure() | ||
| run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}" | ||
| - name: Run AWS AccessAnalyzer CheckNoPublicAccess check | ||
| id: run-aws-check-no-public-access | ||
| uses: aws-actions/[email protected] | ||
|
|
||