From 052a36207cb3455c3e98115babe268f8c3274d5a Mon Sep 17 00:00:00 2001
From: Shubham Shah <82979155+ShubhamShah11@users.noreply.github.com>
Date: Mon, 20 Sep 2021 20:06:48 -0400
Subject: [PATCH] Update check_extra7154

---
 checks/check_extra7154 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/checks/check_extra7154 b/checks/check_extra7154
index c44787c1..4c2ff3aa 100644
--- a/checks/check_extra7154
+++ b/checks/check_extra7154
@@ -40,7 +40,10 @@ extra7154() {
       for stack in $LIST_OF_CFN_STACKS; do
         CFN_STACK_DETAILS=$($AWSCLI cloudformation describe-stacks $PROFILE_OPT --region $regx --stack-name $stack --output json)
         TERMINATION_ENABLED=$(echo $CFN_STACK_DETAILS | jq -r '.Stacks[].EnableTerminationProtection')
-        if [[ $TERMINATION_ENABLED == "true" ]]; then
+        ROOT_ID=$(echo $CFN_STACK_DETAILS | jq -r '.Stacks[].RootId')
+        if [[ $ROOT_ID != null && $TERMINATION_ENABLED == "false" ]]; then
+          textFail "$regx: $stack is a nested stack, enable termination protection on the root stack $ROOT_ID" "$regx" "$stack" "$ROOT_ID"
+        elif [[ $TERMINATION_ENABLED == "true" ]]; then
           textPass "$regx: Cloudformation stack $stack has termination protection enabled" "$regx" "$stack"
         else
           textFail "$regx: Cloudformation stack $stack has termination protection disabled" "$regx" "$stack"