feat: improve user experience by adding description.

jeremychauvet · Mar 28, 2024 · b6170ce · b6170ce
1 parent 3d41680
commit b6170ce
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/docs/policies/deny-snapshot-infinite-retention.md b/docs/policies/deny-snapshot-infinite-retention.md
@@ -1,4 +1,4 @@
-# Deny backup plans to keep snapshots forever
+# Deny backup plans configured to keep snapshots forever
 
 If a Backup Vault is locked in "compliance mode" and lifecycle not set to not expire snapshots (setting `delete_after`), the only option to delete it is to close the AWS account.
 

diff --git a/policy/deny-snapshot-infinite-retention/deny-snapshot-infinite-retention.sentinel b/policy/deny-snapshot-infinite-retention/deny-snapshot-infinite-retention.sentinel
@@ -6,6 +6,7 @@ backup_plans = filter tfplan.resource_changes as _, resource {
 		(resource.change.actions contains "create" or resource.change.actions == ["update"])
 }
 
+// Deny backup plans configured to keep snapshots forever.
 main = rule {
 	all backup_plans as _, backup_plan {
 	    all backup_plan.change.after.rule[0].lifecycle as _, lifecycle_settings {