From 54639c71a1a47720ca1f54e1ffceaed933f049fa Mon Sep 17 00:00:00 2001
From: Ankit Bhardwaj Bhardwaj <ankit.bhardwaj@navi.com>
Date: Wed, 20 Nov 2024 15:39:46 +0530
Subject: [PATCH] INFRA-4009 | Ankit Bhardwaj | add validation for restrictive
 policy (#723)

---
 src/models/s3BucketsValidationSchema.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/models/s3BucketsValidationSchema.ts b/src/models/s3BucketsValidationSchema.ts
index 5cab72e..a1872bc 100644
--- a/src/models/s3BucketsValidationSchema.ts
+++ b/src/models/s3BucketsValidationSchema.ts
@@ -30,12 +30,15 @@ function isS3WildcardAction(action: string | string[]): boolean {
 function createContextError(context: any, message: string): boolean {
   return context.createError({ message });
 }
+function isPrincipalRestrictive(principal: any): boolean {
+  return principal === '*' || principal?.AWS === '*' || principal?.AWS?.includes('*');
+}
 
 function isStatementTooRestrictive(statements: any): boolean {
   return statements.some(
     (statement: any) =>
-      statement.Principal === '*' &&
       statement.Effect === 'Deny' &&
+      isPrincipalRestrictive(statement.Principal) &&
       isS3WildcardAction(statement.Action),
   );
 }