forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 2
/
ResourcePolicy.py
32 lines (27 loc) · 1.1 KB
/
ResourcePolicy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.rules.resources.iam.Policy import Policy
class ResourcePolicy(Policy):
"""Check IAM resource Policies"""
id = "E3512"
shortdesc = "Validate resource based IAM polices"
description = (
"IAM resources polices are embedded JSON in CloudFormation. "
"This rule validates those embedded policies."
)
source_url = "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html"
tags = ["resources", "iam"]
def __init__(self):
super().__init__(
[
"Resources/AWS::KMS::Key/Properties/KeyPolicy",
"Resources/AWS::OpenSearchService::Domain/Properties/AccessPolicies",
"Resources/AWS::S3::BucketPolicy/Properties/PolicyDocument",
"Resources/AWS::SNS::TopicPolicy/Properties/PolicyDocument",
"Resources/AWS::SQS::QueuePolicy/Properties/PolicyDocument",
],
"resource",
"policy_resource.json",
)