Merge pull request #449 from awslabs/refactor-allresource-condition

Refactor condition for All Resources
awslabs · Aug 23, 2023 · 5130407 · 5130407
2 parents 70d57fd + 31750dd
commit 5130407
Show file tree

Hide file tree

Showing 5 changed files with 458 additions and 104 deletions.
diff --git a/rdk/template/configManagedRule.json b/rdk/template/configManagedRule.json
@@ -39,10 +39,14 @@
     }
   },
   "Conditions": {
-    "AllResources": {
+    "RemoveEventScope": {
       "Fn::Or": [
         {
-          "Condition": "EventTriggered"
+          "Fn::Not": [
+            {
+              "Condition": "EventTriggered"
+            }
+          ]
         },
         {
           "Fn::Equals": [
@@ -101,14 +105,14 @@
         },
         "Scope": {
           "Fn::If": [
-            "AllResources",
+            "RemoveEventScope",
+            {
+              "Ref": "AWS::NoValue"
+            },
             {
               "ComplianceResourceTypes": {
                 "Ref": "SourceEvents"
               }
-            },
-            {
-              "Ref": "AWS::NoValue"
             }
           ]
         },

diff --git a/rdk/template/configManagedRuleOrganization.json b/rdk/template/configManagedRuleOrganization.json
@@ -44,10 +44,14 @@
     }
   },
   "Conditions": {
-    "AllResources": {
+    "RemoveEventScope": {
       "Fn::Or": [
         {
-          "Condition": "EventTriggered"
+          "Fn::Not": [
+            {
+              "Condition": "EventTriggered"
+            }
+          ]
         },
         {
           "Fn::Equals": [
@@ -68,7 +72,14 @@
       "Fn::Not": [
         {
           "Fn::Equals": [
-            { "Fn::Join": [",", { "Ref": "SourceEvents" }] },
+            {
+              "Fn::Join": [
+                ",",
+                {
+                  "Ref": "SourceEvents"
+                }
+              ]
+            },
             "NONE"
           ]
         }
@@ -90,7 +101,14 @@
       "Fn::Not": [
         {
           "Fn::Equals": [
-            { "Fn::Join": [",", { "Ref": "ExcludedAccounts" }] },
+            {
+              "Fn::Join": [
+                ",",
+                {
+                  "Ref": "ExcludedAccounts"
+                }
+              ]
+            },
             ""
           ]
         }
@@ -116,12 +134,12 @@
           },
           "ResourceTypesScope": {
             "Fn::If": [
-              "AllResources",
+              "RemoveEventScope",
               {
-                "Ref": "SourceEvents"
+                "Ref": "AWS::NoValue"
               },
               {
-                "Ref": "AWS::NoValue"
+                "Ref": "SourceEvents"
               }
             ]
           },

diff --git a/rdk/template/configManagedRuleWithRemediation.json b/rdk/template/configManagedRuleWithRemediation.json
@@ -39,12 +39,25 @@
     }
   },
   "Conditions": {
-    "AllResources": {
+    "RemoveEventScope": {
       "Fn::Or": [
-        { "Condition": "EventTriggered" },
+        {
+          "Fn::Not": [
+            {
+              "Condition": "EventTriggered"
+            }
+          ]
+        },
         {
           "Fn::Equals": [
-            { "Fn::Join": [",", { "Ref": "SourceEvents" }] },
+            {
+              "Fn::Join": [
+                ",",
+                {
+                  "Ref": "SourceEvents"
+                }
+              ]
+            },
             "ALL"
           ]
         }
@@ -92,9 +105,15 @@
         },
         "Scope": {
           "Fn::If": [
-            "AllResources",
-            { "ComplianceResourceTypes": { "Ref": "SourceEvents" } },
-            { "Ref": "AWS::NoValue" }
+            "RemoveEventScope",
+            {
+              "Ref": "AWS::NoValue"
+            },
+            {
+              "ComplianceResourceTypes": {
+                "Ref": "SourceEvents"
+              }
+            }
           ]
         },
         "MaximumExecutionFrequency": {