search

pulumi / pulumi-policy-aws

A policy pack of rules to enforce AWS best practices for security, reliability, cost, and more!
https://www.pulumi.com
Apache License 2.0
33 stars 6 forks source link

acm certificate expiration fix by passing in the aws region #78

Closed tusharshahrs closed 3 years ago

tusharshahrs commented 3 years ago
  1. added region to acm certificate to fix acm-certificate-expiration policy doesn't correctly detect aws:region set in stack config issue # 77
  2. updated changelog for pulumi 3.0
tusharshahrs commented 3 years ago

Example to show that this works: pulumi new aws-ts-acm Update the index.ts to aws-ts-acm index.ts

mkdir awscertexpiration
cd awscertexpiration
pulumi policy new awsguard-typescript -y

Update the index.ts to the following

You will have to npm link the 1st line in the index.ts file to point to the current version of your cross guard policy.

Go back to where the pulumi.dev.yaml file is and run the preview.

pulumi preview --policy-pack awscertexpiration

Previewing update (dev)

View Live: https://app.pulumi.com/shaht/aws-ts-acm/dev/previews/0f6eac7e-f859-4f3b-ba50-ffff6b3910a8

     Type                 Name            Plan     
     pulumi:pulumi:Stack  aws-ts-acm-dev           

Policy Violations:
    [advisory]  pulumi-awsguard v0.2.0  acm-certificate-expiration (pulumi:pulumi:Stack: aws-ts-acm-dev)
    Checks whether an ACM certificate has expired. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.
    certificate expires in 0 (max allowed 10 days)