Skip to content

Commit

Permalink
upd: update policy 118 to be supported by open source Cloud Custodian
Browse files Browse the repository at this point in the history
  • Loading branch information
@anna-shcherbak
anna-shcherbak committed Jan 28, 2025
1 parent 0fa2912 commit 371e35d
Show file tree
Hide file tree
Showing 27 changed files with 361 additions and 448 deletions.
107 changes: 0 additions & 107 deletions ...r_have_empty_roles_for_service_task_definitions/placebo-green/ecs.DescribeServices_1.json
View file

This file was deleted.

48 changes: 0 additions & 48 deletions ..._empty_roles_for_service_task_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
View file

This file was deleted.

9 changes: 0 additions & 9 deletions ...uster_have_empty_roles_for_service_task_definitions/placebo-green/ecs.ListClusters_1.json
View file

This file was deleted.

9 changes: 0 additions & 9 deletions ...uster_have_empty_roles_for_service_task_definitions/placebo-green/ecs.ListServices_1.json
View file

This file was deleted.

107 changes: 0 additions & 107 deletions ...ter_have_empty_roles_for_service_task_definitions/placebo-red/ecs.DescribeServices_1.json
View file

This file was deleted.

42 changes: 0 additions & 42 deletions ...ve_empty_roles_for_service_task_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
View file

This file was deleted.

9 changes: 0 additions & 9 deletions ...cluster_have_empty_roles_for_service_task_definitions/placebo-red/ecs.ListClusters_1.json
View file

This file was deleted.

9 changes: 0 additions & 9 deletions ...cluster_have_empty_roles_for_service_task_definitions/placebo-red/ecs.ListServices_1.json
View file

This file was deleted.

8 changes: 0 additions & 8 deletions .../ecc-aws-118-ecs_cluster_have_empty_roles_for_service_task_definitions/red_policy_test.py
View file

This file was deleted.

8 changes: 5 additions & 3 deletions ...ty_roles_for_service_task_definitions.yml → ...ty_roles_for_service_task_definitions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ policies:
- name: ecc-aws-118-ecs_cluster_have_empty_roles_for_service_task_definitions
comment: '010033082000'
description: |
Container is using IAM roles for an instance
resource: ecs-service
ECS task definition without attached task IAM role for AWS resource access
resource: aws.ecs-task-definition
filters:
- type: ecs-task-definition-filter
- type: value
key: taskRoleArn
value: empty
2 changes: 1 addition & 1 deletion terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ resource "aws_iam_policy" "this" {
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Resource": "${aws_cloudwatch_log_group.this.arn}/*"
"Resource": "${aws_cloudwatch_log_group.this.arn}:*"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ resource "aws_iam_policy" "this" {
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Resource": "${aws_cloudwatch_log_group.this.arn}/*"
"Resource": "${aws_cloudwatch_log_group.this.arn}:*"
}
]
}
Expand Down
Loading

0 comments on commit 371e35d

Please sign in to comment.