comman with no condition

null check

docs/guardrails/scp-guardrails.md

@@ -455,8 +455,7 @@ layout: default
     ],
   "Resource": [
         "*" 
-    ],
-  "Condition": 
+    ]
 }
 ```
 
@@ -511,8 +510,7 @@ layout: default
     ],
   "Resource": [
         "arn:aws:glacier:*:*:vaults/*" 
-    ],
-  "Condition": 
+    ]
 }
 ```
 
@@ -988,13 +986,12 @@ layout: default
         "arn:aws:s3:::*/*" 
     ],
   "Condition": {
-        "Bool": {
-            "s3:x-amz-server-side-encryption": false
+        "Null": {
+            "s3:x-amz-server-side-encryption": "true"
         },
         "StringNotEquals": {
             "s3:x-amz-server-side-encryption": [
-                "aws:kms",
-                "AES256"
+                "aws:kms"
             ]
         }
     }
@@ -1075,8 +1072,7 @@ layout: default
   "Resource": [
         "arn:aws:s3:::[BUCKET_TO_PROTECT]", 
         "arn:aws:s3:::[BUCKET_TO_PROTECT]/*" 
-    ],
-  "Condition": 
+    ]
 }
 ```
 

guardrails/s3/SCP-S3-2.json

@@ -25,15 +25,14 @@
     "Resource": ["arn:aws:s3:::*/*"],
     "Condition": [
         {
-            "Bool": {
-                "s3:x-amz-server-side-encryption": false
+            "Null": {
+                "s3:x-amz-server-side-encryption": "true"
              },
              "StringNotEquals": {
                 "s3:x-amz-server-side-encryption": [
-                   "aws:kms",
-                   "AES256"
+                   "aws:kms"
                 ]
              }
         }
     ]
-}
+}

guardrails/scp-template.md

@@ -35,8 +35,8 @@
     {% for resource in scp["Resource"] -%}
     {% filter indent(width=4) %}    "{{resource}}"{% if not loop.last %},{% endif %} {% endfilter %}
     {% endfor -%}
-  ],
-  "Condition": {% filter indent(width=4) %}{{scp["conditions"]}}{% endfilter %}
+  ]{% if "conditions" in scp %},
+  "Condition": {% filter indent(width=4) %}{{scp["conditions"]}}{% endfilter %}{% endif %}
 }
 ```