updated inline policy criteria

[Jiaming1826]

Signed-off-by: Jiaming Wang jiaming.wang@sap.com

Description

Updated has_statement? function of aws_iam_inline_policy.rb. For Action and NotAction, if they are arrays (see screenshot below), will use include? to check if there's any match to criteria[:Action]/criteria[:NotAction]. If they are not arrays, will use eql? to check if the statement and criteria match exactly.

Issues Resolved

The current resource pack would generate false alert because of the criteria check logics. For example, if the criteria is set as {Resource: '*', Action: '*', Effect: 'Allow'} to check if the inline policy authorizes any actions to any resources. However, an inline policy with any action includes * will also fail the check, such as the one in the above screenshot.

Check List

Please fill box or appropriate ([x]) or mark N/A.

• [ ] New functionality includes integration tests/controls
• [ ] New Terraform resources
• [ ] Documentation provided or updated for resources
• [ ] All Integration Tests pass
• [ ] All Unit Tests pass
• [ ] rake lint passes
• [ ] All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco

[netlify[bot]]

✅ Deploy Preview for inspec-aws canceled.

Name	Link
🔨 Latest commit	efca9000b5d655bf0f355ef98a05ab521aea7c69
🔍 Latest deploy log	https://app.netlify.com/sites/inspec-aws/deploys/63205098d037a600085f4aa3