From 30e2360acc214534125a566ea7da5aca615cae22 Mon Sep 17 00:00:00 2001
From: Richard Nienaber <rjnienaber@gmail.com>
Date: Thu, 15 Aug 2019 12:22:07 +0100
Subject: [PATCH] remove filter by roles so that groups are included as well

---
 checks/check120 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/checks/check120 b/checks/check120
index c8f129c8..2983642f 100644
--- a/checks/check120
+++ b/checks/check120
@@ -19,10 +19,10 @@ check120(){
   SUPPORTPOLICYARN=$($AWSCLI iam list-policies --query "Policies[?PolicyName == 'AWSSupportAccess'].Arn" $PROFILE_OPT --region $REGION --output text)
   if [[ $SUPPORTPOLICYARN ]];then
     for policyarn in $SUPPORTPOLICYARN;do
-      POLICYROLES=$($AWSCLI iam list-entities-for-policy --policy-arn $SUPPORTPOLICYARN $PROFILE_OPT --region $REGION --query PolicyRoles[*] --output text)
+      POLICYROLES=$($AWSCLI iam list-entities-for-policy --policy-arn $SUPPORTPOLICYARN $PROFILE_OPT --region $REGION --output text | awk -F$'\t' '{ print $3 }')
       if [[ $POLICYROLES ]];then
-        for role in $POLICYROLES; do
-          textPass "Support Policy attached to $role role"
+        for name in $POLICYROLES; do
+          textPass "Support Policy attached to $name"
         done
         # for user in $(echo "$POLICYUSERS" | grep UserName | cut -d'"' -f4) ; do
         #   textInfo "User $user has support access via $policyarn"