Fix InvalidInput error in iam_check/doc/example_report_3.md (#23)

kakakakakku · web-flow · commit 823b69d06436 · 2024-07-18T13:37:26.000-07:00
diff --git a/iam_check/doc/example_report_3.md b/iam_check/doc/example_report_3.md
@@ -7,13 +7,16 @@ terraform {
 data "aws_iam_policy_document" "demo_bucket_policy" {
   statement {
     sid = "ListBucket"
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
     effect = "Allow"
     actions = [
       "s3:ListBuckets"
     ]
     resources = ["*"]
   }
-
 }
 
 resource "aws_s3_bucket_policy" "demo_bucket_policy" {
@@ -25,12 +28,12 @@ resource "aws_s3_bucket_policy" "demo_bucket_policy" {
 ***commands***
 ```bash
 $ terraform init
-$ terraform plan -out tf.plan 
+$ terraform plan -out tf.plan
 $ terraform show -json -no-color tf.plan > tf.json
 
 $ python3 -m pip install pipenv
-$ pipenv install 
-$ pipenv run python iam_check/iam_check.py --config iam_check/config/default.yaml --template-path tf.json --region us-east-1 
+$ pipenv install
+$ pipenv run python iam_check/iam_check.py --config iam_check/config/default.yaml --template-path tf.json --region us-east-1
 ```
 
 ***report***
@@ -59,15 +62,52 @@ $ pipenv run python iam_check/iam_check.py --config iam_check/config/default.yam
                             }
                         ],
                         "span": {
+                            "start": {
+                                "line": 9,
+                                "column": 18,
+                                "offset": 181
+                            },
                             "end": {
+                                "line": 9,
                                 "column": 34,
-                                "line": 6,
-                                "offset": 140
+                                "offset": 197
+                            }
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            "findingType": "ERROR",
+            "code": "UNSUPPORTED_RESOURCE_ARN_IN_POLICY",
+            "message": "The resource ARN is not supported for the resource-based policy attached to resource type S3 Bucket.",
+            "resourceName": "demo-bucket",
+            "policyName": "aws_s3_bucket_policy.demo_bucket_policy",
+            "details": {
+                "findingDetails": "The resource ARN is not supported for the resource-based policy attached to resource type S3 Bucket.",
+                "findingType": "ERROR",
+                "issueCode": "UNSUPPORTED_RESOURCE_ARN_IN_POLICY",
+                "learnMoreLink": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-policy-checks.html#access-analyzer-reference-policy-checks-error-unsupported-resource-arn-in-policy",
+                "locations": [
+                    {
+                        "path": [
+                            {
+                                "value": "Statement"
                             },
+                            {
+                                "value": "Resource"
+                            }
+                        ],
+                        "span": {
                             "start": {
-                                "column": 18,
-                                "line": 6,
-                                "offset": 124
+                                "line": 10,
+                                "column": 20,
+                                "offset": 219
+                            },
+                            "end": {
+                                "line": 10,
+                                "column": 23,
+                                "offset": 222
                             }
                         }
                     }
@@ -77,4 +117,4 @@ $ pipenv run python iam_check/iam_check.py --config iam_check/config/default.yam
     ],
     "NonBlockingFindings": []
 }
-```
+```
