forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 2
/
IdentityPolicy.py
33 lines (28 loc) · 1.19 KB
/
IdentityPolicy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.rules.resources.iam.Policy import Policy
class IdentityPolicy(Policy):
"""Check IAM identity Policies"""
id = "E3510"
shortdesc = "Validate identity based IAM polices"
description = (
"IAM identity polices are embedded JSON in CloudFormation. "
"This rule validates those embedded policies."
)
source_url = "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html"
tags = ["resources", "iam"]
def __init__(self):
super().__init__(
[
"Resources/AWS::IAM::Group/Properties/Policies/*/PolicyDocument",
"Resources/AWS::IAM::ManagedPolicy/Properties/PolicyDocument",
"Resources/AWS::IAM::Policy/Properties/PolicyDocument",
"Resources/AWS::IAM::Role/Properties/Policies/*/PolicyDocument",
"Resources/AWS::IAM::User/Properties/Policies/*/PolicyDocument",
"Resources/AWS::SSO::PermissionSet/Properties/InlinePolicy",
],
"identity",
"policy_identity.json",
)