function evaluateChangeNotificationCompliance()

in scripts/config-enforcepermissionboundary.js [74:98]

• 18 lines of code
• 5 McCabe index (conditional complexity)

function evaluateChangeNotificationCompliance(configurationItem, ruleParameters) {
    checkDefined(configurationItem, 'configurationItem');
    checkDefined(configurationItem.configuration, 'configurationItem.configuration');
    checkDefined(ruleParameters, 'ruleParameters');

    //console.info(configurationItem);
    //console.info(configurationItem.configuration);

    if (configurationItem.resourceType !== 'AWS::IAM::Role' && configurationItem.resourceType !== 'AWS::IAM::User'){
        console.info('Resource NOT_APPLICABLE');
        return 'NOT_APPLICABLE';
    }

    if(configurationItem.configuration.permissionsBoundary === null) return "NON_COMPLIANT";

    if(ruleParameters.desiredBoundaryPolicyArn === configurationItem.configuration.permissionsBoundary.permissionsBoundaryArn)
    {
        console.info('Resource Compliant');
        return 'COMPLIANT';    
    }else{
        console.info('Resource Non Compliant');
        return 'NON_COMPLIANT';
    } 
    
}