Skip to content

Commit 2539faf

Browse files
miguelpaismiguelpais
authoredFeb 6, 2025··
fix(vm-workload-scanning): Fixing CFT for Managament Account for Workload Scanning [SSPROD-52797] (#142)
* Fixing CFT for Managament Account for Workload Scanning * Unused condition * Unused condition * Unused condition * Is not organizational not used
·
v0.8.6v0.8.3
1 parent d4d3233 commit 2539faf

File tree

1 file changed

+4
-14
lines changed

1 file changed

+4
-14
lines changed
 

‎modules/vm_workload_scanning.cft.yaml

+4-14
Original file line numberDiff line numberDiff line change
@@ -61,23 +61,14 @@ Conditions:
6161
Fn::Equals:
6262
- Ref: IsOrganizational
6363
- 'true'
64-
IsNotOrganizational:
64+
IsLambdaEnabled:
6565
Fn::Equals:
66-
- Ref: IsOrganizational
67-
- 'false'
68-
IsNotOrganizationalAndLambdaEnabled:
69-
Fn::And:
70-
- Fn::Equals:
71-
- Ref: IsOrganizational
72-
- 'false'
73-
- Fn::Equals:
74-
- Ref: LambdaScanningEnabled
75-
- 'true'
66+
- Ref: LambdaScanningEnabled
67+
- 'true'
7668

7769
Resources:
7870
ScanningRole:
7971
Type: AWS::IAM::Role
80-
Condition: IsNotOrganizational
8172
Properties:
8273
RoleName: !Sub sysdig-vm-workload-scanning-${NameSuffix}
8374
AssumeRolePolicyDocument:
@@ -94,7 +85,6 @@ Resources:
9485
Ref: ExternalID
9586
ECRPolicy:
9687
Type: AWS::IAM::Policy
97-
Condition: IsNotOrganizational
9888
Properties:
9989
PolicyName: !Sub sysdig-vm-workload-scanning-${NameSuffix}-ecr
10090
Roles:
@@ -112,7 +102,7 @@ Resources:
112102
Resource: '*'
113103
LambdaPolicy:
114104
Type: AWS::IAM::Policy
115-
Condition: IsNotOrganizationalAndLambdaEnabled
105+
Condition: IsLambdaEnabled
116106
Properties:
117107
PolicyName: !Sub sysdig-vm-workload-scanning-${NameSuffix}-lambda
118108
Roles:

0 commit comments

Comments
 (0)
Please sign in to comment.