From 1012bde8bd608ee04047aeaa36fdf3f4d8a2e87e Mon Sep 17 00:00:00 2001
From: Mounika AWS <mponnuru@amazon.com>
Date: Fri, 9 Aug 2024 12:56:22 +0000
Subject: [PATCH] add check no public access check

---
 .github/workflows/policy-validator-cfn.yaml | 74 ++++++++++-----------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/policy-validator-cfn.yaml b/.github/workflows/policy-validator-cfn.yaml
index 0e7de2d..b304b80 100644
--- a/.github/workflows/policy-validator-cfn.yaml
+++ b/.github/workflows/policy-validator-cfn.yaml
@@ -43,45 +43,45 @@ jobs:
           role-to-assume: ${{ env.AWS_ROLE }}
           aws-region: ${{ env.REGION }}
       # Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
-      # - name: Run AWS AccessAnalyzer ValidatePolicy check
-      #   id: run-aws-validate-policy
-      #   uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3
-      #   with:
-      #     policy-check-type: "VALIDATE_POLICY"
-      #     template-path: ${{ env.TEMPLATE_PATH}}
-      #     region: ${{ env.REGION }}
-      # # Print result from VALIDATE_POLICY check
-      # - name: Print the result for ValidatePolicy check
-      #   if: success() || failure()
-      #   run: echo "${{ steps.run-aws-validate-policy.outputs.result }}"
-      # # Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
-      # - name: Run AWS AccessAnalyzer CheckAccessNotGranted check
-      #   id: run-aws-check-access-not-granted
-      #   uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3
-      #   with:
-      #     policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
-      #     template-path: ${{ env.TEMPLATE_PATH}}
-      #     actions: ${{ env.ACTIONS }}
-      #     region: ${{ env.REGION }}
-      # # Print result from CHECK_ACCESS_NOT_GRANTED check
-      # - name: Print the result for CheckAccessNotGranted check
-      #   if: success() || failure()
-      #   run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}"
+      - name: Run AWS AccessAnalyzer ValidatePolicy check
+        id: run-aws-validate-policy
+        uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3
+        with:
+          policy-check-type: "VALIDATE_POLICY"
+          template-path: ${{ env.TEMPLATE_PATH}}
+          region: ${{ env.REGION }}
+      # Print result from VALIDATE_POLICY check
+      - name: Print the result for ValidatePolicy check
+        if: success() || failure()
+        run: echo "${{ steps.run-aws-validate-policy.outputs.result }}"
+      # Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
+      - name: Run AWS AccessAnalyzer CheckAccessNotGranted check
+        id: run-aws-check-access-not-granted
+        uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3
+        with:
+          policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
+          template-path: ${{ env.TEMPLATE_PATH}}
+          actions: ${{ env.ACTIONS }}
+          region: ${{ env.REGION }}
+      # Print result from CHECK_ACCESS_NOT_GRANTED check
+      - name: Print the result for CheckAccessNotGranted check
+        if: success() || failure()
+        run: echo "${{ steps.run-aws-check-access-not-granted.outputs.result }}"
       # Run the CHECK_NO_NEW_ACCESS check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
       # reference-policy is stored in GitHub secrets
-      # - name: Run AWS AccessAnalyzer CheckNoNewAccess check
-      #   id: run-aws-check-no-new-access
-      #   uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3
-      #   with:
-      #     policy-check-type: "CHECK_NO_NEW_ACCESS"
-      #     template-path: 'test/check-no-new-access/cfn/sample-role.yaml'
-      #     reference-policy: 'test/check-no-new-access/cfn/reference-resource-policy.json'
-      #     reference-policy-type: 'RESOURCE'
-      #     region: ${{env.REGION }}
-      # # Print result from CHECK_NO_NEW_ACCESS check
-      # - name: Print the result for CheckNoNewAccess check
-      #   if: success() || failure()
-      #   run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
+      - name: Run AWS AccessAnalyzer CheckNoNewAccess check
+        id: run-aws-check-no-new-access
+        uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3
+        with:
+          policy-check-type: "CHECK_NO_NEW_ACCESS"
+          template-path: 'test/check-no-new-access/cfn/sample-role.yaml'
+          reference-policy: 'test/check-no-new-access/cfn/reference-resource-policy.json'
+          reference-policy-type: 'RESOURCE'
+          region: ${{env.REGION }}
+      # Print result from CHECK_NO_NEW_ACCESS check
+      - name: Print the result for CheckNoNewAccess check
+        if: success() || failure()
+        run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
       - name: Run AWS AccessAnalyzer CheckNoPublicAccess check
         id: run-aws-check-no-public-access
         uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3