Skip to main content

Modify a Policy

Now, imagine you decide to improve your security posture by adding a new Terraform rule for public cloud configuration.

In the Styra DAS, navigate back to the same policy file as earlier: your system name >> policy >> aws >> ec2 >> rules.rego.

Using the Add rule button, search for the AWS: IAM: Prohibit Policies containing an Asterisk rule and click to add it. Change the rule from Monitor to Enforce.

This will add the selected rule from the Styra DAS Terraform policy library by adding the following Rego code to your policy to prohibit overly-permissive IAM settings on AWS.

enforce[decision] {
data.global.systemtypes["terraform:2.0"].library.provider.aws.iam.restricted_policy.v1.restricted_iam_policy[violation]
decision := {
"allowed": false,
"message": violation.message,
"metadata": violation.metadata
}
}