add check no public access check

aws-actions · Aug 9, 2024 · 6c9aca6 · 6c9aca6
1 parent bd6e05a
commit 6c9aca6
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/.github/workflows/policy-validator-cfn.yaml b/.github/workflows/policy-validator-cfn.yaml
@@ -87,7 +87,7 @@ jobs:
         uses: aws-actions/[email protected]
         with:
           policy-check-type: "CHECK_NO_PUBLIC_ACCESS"
-          template-path: 'test/check-no-new-access/cfn/sample-role.yaml'
+          template-path: 'test/check-no-new-access/cfn/iam_users_groups_policies.yaml'
           region: ${{env.REGION }}
       # Print result from CHECK_NO_NEW_ACCESS check
       - name: Print the result for CheckNoPublicAccess check

diff --git a/test/check-no-new-access/cfn/sample-role.yaml b/test/check-no-new-access/cfn/sample-role.yaml
@@ -11,11 +11,11 @@ Resources:
       AssumeRolePolicyDocument:
         Version: '2012-10-17'
         Statement:
-        - Effect: Allow
-          Sid: 'some new stuff'
-          Principal:
-            AWS: 'arn:aws:iam::333333333333:role/NotMyRole'
-          Action: 'sts:AssumeRole'
+          - Effect: Allow
+            Sid: some new stuff
+            Principal:
+              AWS: arn:aws:iam::333333333333:role/NotMyRole
+            Action: sts:AssumeRole
       ManagedPolicyArns:
-      - arn:aws:iam::aws:policy/AmazonEC2FullAccess
-      - arn:aws:iam::aws:policy/AmazonS3FullAccess
+        - arn:aws:iam::aws:policy/AmazonEC2FullAccess
+        - arn:aws:iam::aws:policy/AmazonS3FullAccess