Description of changes:
It's a rule to detect trusted entities which trusts whole of another AWS Account. It retrieves IAM Role list in the account and checks trusted entity in each roles.
If a role has policy which trusts whole of another AWS Account (like a arn:aws:iam::123456789012:root), the role is evaluated as NON_COMPLIANT.
I confirm these files are made available under CC0 1.0 Universal (https://creativecommons.org/publicdomain/zero/1.0/legalcode)
Issue #, if available:
Description of changes: It's a rule to detect trusted entities which trusts whole of another AWS Account. It retrieves IAM Role list in the account and checks trusted entity in each roles. If a role has policy which trusts whole of another AWS Account (like a
arn:aws:iam::123456789012:root
), the role is evaluated as NON_COMPLIANT.