Policy Packs
Enforce AWS VPC Default Security Groups Are Deleted

Policy Setting: AWS > VPC > Security Group > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_vpc_security_group_approved_custom" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupApprovedCustom"
template_input = <<-EOT
{
resource {
name: get(path: "GroupName")
}
}
EOT
template = <<-EOT
{%- if $.resource.name == "default" -%}
{% set data = {
"title": "Default Security Group",
"result": "Not approved",
"message": "Default security group is not allowed to exist"
} -%}
{%- elif $.resource.name != "default" -%}
{% set data = {
"title": "Default Security Group",
"result": "Approved",
"message": "Not a default security group"
} -%}
{%- else -%}
{% set data = {
"title": "Default Security Group",
"result": "Skip",
"message": "No data for security group yet"
} -%}
{%- endif -%}
{{ data | json }}
EOT
}