cloudformation-guard icon indicating copy to clipboard operation
cloudformation-guard copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

Add inline "AND" form

Open nathanataws opened this issue 4 years ago • 1 comments

Customers may need to have explicit in-line "AND's" (as opposed to the implicit AND's that are already part of a ruleset) for clarity:

AWS::EC2::SecurityGroup SecurityGroupIngress.*.ToPort != 3306 |AND| SecurityGroupIngress.*.CidrIp != 0.0.0.0/0

nathanataws avatar Jun 15 '20 21:06 nathanataws

This enhancement would be helpful for checking templates that often have multiple of the same resource type where the desire is to enforce a compliance rule only on a subset of those resources. Example; a rule that requires insecure ALB listeners (those with protocol == HTTP) to redirect to HTTPS, but ignores HTTP Listeners that with DefaultAction Type == fixed-response.

AWS::ElasticLoadBalancingV2::Listener WHEN Protocol == HTTP |AND| DefaultActions.*.Type == redirect

jeffmarcinko avatar Nov 05 '20 20:11 jeffmarcinko