From 6c9aca66839e5e7d33e85402b30e9beb876d9af8 Mon Sep 17 00:00:00 2001 From: Mounika AWS Date: Fri, 9 Aug 2024 12:51:23 +0000 Subject: [PATCH] add check no public access check --- .github/workflows/policy-validator-cfn.yaml | 2 +- test/check-no-new-access/cfn/sample-role.yaml | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/policy-validator-cfn.yaml b/.github/workflows/policy-validator-cfn.yaml index f3624f2..0e7de2d 100644 --- a/.github/workflows/policy-validator-cfn.yaml +++ b/.github/workflows/policy-validator-cfn.yaml @@ -87,7 +87,7 @@ jobs: uses: aws-actions/cloudformation-aws-iam-policy-validator@v1.0.3 with: policy-check-type: "CHECK_NO_PUBLIC_ACCESS" - template-path: 'test/check-no-new-access/cfn/sample-role.yaml' + template-path: 'test/check-no-new-access/cfn/iam_users_groups_policies.yaml' region: ${{env.REGION }} # Print result from CHECK_NO_NEW_ACCESS check - name: Print the result for CheckNoPublicAccess check diff --git a/test/check-no-new-access/cfn/sample-role.yaml b/test/check-no-new-access/cfn/sample-role.yaml index 25b7a10..f2a0670 100644 --- a/test/check-no-new-access/cfn/sample-role.yaml +++ b/test/check-no-new-access/cfn/sample-role.yaml @@ -11,11 +11,11 @@ Resources: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - - Effect: Allow - Sid: 'some new stuff' - Principal: - AWS: 'arn:aws:iam::333333333333:role/NotMyRole' - Action: 'sts:AssumeRole' + - Effect: Allow + Sid: some new stuff + Principal: + AWS: arn:aws:iam::333333333333:role/NotMyRole + Action: sts:AssumeRole ManagedPolicyArns: - - arn:aws:iam::aws:policy/AmazonEC2FullAccess - - arn:aws:iam::aws:policy/AmazonS3FullAccess \ No newline at end of file + - arn:aws:iam::aws:policy/AmazonEC2FullAccess + - arn:aws:iam::aws:policy/AmazonS3FullAccess \ No newline at end of file