Update run_cfn_guard script with better rule removal

Author: kris-szlapa

scripts/run_cfn_guard.sh

@@ -16,15 +16,28 @@ declare -a rulesets=("ncsc" "ncsc-cafv3" "wa-Reliability-Pillar" "wa-Security-Pi
 # Create a custom NCSC ruleset that excludes the problematic rule
 cp "/tmp/ruleset/output/ncsc.guard" "/tmp/ruleset/output/ncsc-custom.guard"
 
+# Debug: Check if the rule exists before removal
+echo "Checking for LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED rule..."
+grep -n "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED" "/tmp/ruleset/output/ncsc-custom.guard" || echo "Rule not found with exact name"
+
 # Remove the problematic Lambda function public access rule
-# This rule is incompatible with standard AWS service integrations
+# Try multiple patterns to ensure we catch the rule
+sed -i '/LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED/,/^rule /d' "/tmp/ruleset/output/ncsc-custom.guard"
 sed -i '/LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED/,/^$/d' "/tmp/ruleset/output/ncsc-custom.guard"
 
+# Also try removing any remaining references
+grep -v "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED" "/tmp/ruleset/output/ncsc-custom.guard" > "/tmp/ncsc-temp.guard" || true
+mv "/tmp/ncsc-temp.guard" "/tmp/ruleset/output/ncsc-custom.guard" || true
+
+echo "After removal, checking for remaining references..."
+grep -n "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED" "/tmp/ruleset/output/ncsc-custom.guard" || echo "✅ Rule successfully removed"
+
 for ruleset in "${rulesets[@]}"
 do
     # Use custom NCSC ruleset that excludes the problematic rule
     if [ "$ruleset" = "ncsc" ]; then
         ruleset_file="/tmp/ruleset/output/ncsc-custom.guard"
+        echo "Using custom NCSC ruleset: $ruleset_file"
     else
         ruleset_file="/tmp/ruleset/output/$ruleset.guard"
     fi