RubygemsResearch

Sha256: 01c1f4d884858e752ef38957677278c214bf83e1ff4b2ee1dc8a5ac0b30eff81

Contents?: true

Size: 1.37 KB

Versions: 1

Compression:

Stored size: 1.37 KB

# frozen_string_literal: true

require 'terracop/cop/base'

module Terracop
  module Cop
    module Aws
      # This cop warns against the use of inline group/role/user policies.
      # Inline policies tend to be copy/pasted, sometimes with minor changes
      # and are not shown in the "Policies" tab of AWS IAM.
      #
      # @example
      #   # bad
      #   resource "aws_role" "role" { }
      #
      #   resource "aws_iam_role_policy" "policy" {
      #     role = aws_role.role.id
      #     name = "policy"
      #
      #     policy = <some policy>
      #   }
      #
      #   # good
      #   resource "aws_role" "role" { }
      #
      #   resource "aws_iam_policy" "policy" {
      #     name        = "test-policy"
      #
      #     policy = <some policy>
      #   }
      #
      #   resource "aws_iam_role_policy_attachment" "attach" {
      #     role       = aws_iam_role.role.name
      #     policy_arn = aws_iam_policy.policy.arn
      #   }
      class IamInlinePolicy < Base
        register
        applies_to :aws_iam_group_policy, :aws_iam_role_policy,
                   :aws_iam_user_policy

        def check
          entity = type.scan(/aws_iam_(.+)_policy/).first.first
          offense("Use aws_iam_#{entity}_policy_attachment instead of " \
                  "attaching inline policies with aws_iam_#{entity}_policy.")
        end
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
terracop-0.2.0	lib/terracop/cop/aws/iam_inline_policy.rb