You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This enhancement would be helpful for checking templates that often have multiple of the same resource type where the desire is to enforce a compliance rule only on a subset of those resources. Example; a rule that requires insecure ALB listeners (those with protocol == HTTP) to redirect to HTTPS, but ignores HTTP Listeners that with DefaultAction Type == fixed-response.
AWS::ElasticLoadBalancingV2::Listener WHEN Protocol == HTTP |AND| DefaultActions.*.Type == redirect
Customers may need to have explicit in-line "AND's" (as opposed to the implicit AND's that are already part of a ruleset) for clarity:
AWS::EC2::SecurityGroup SecurityGroupIngress.*.ToPort != 3306 |AND| SecurityGroupIngress.*.CidrIp != 0.0.0.0/0
The text was updated successfully, but these errors were encountered: