From 58b0ad869a3eae3609dfd80f0073e30df35ed0c0 Mon Sep 17 00:00:00 2001
From: egibs <keybase@egibs.xyz>
Date: Wed, 13 Dec 2023 09:41:44 -0600
Subject: [PATCH] Check shared_account_ids against current Account ID

---
 rules/aws_cloudtrail_rules/aws_rds_snapshot_shared.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/rules/aws_cloudtrail_rules/aws_rds_snapshot_shared.py b/rules/aws_cloudtrail_rules/aws_rds_snapshot_shared.py
index 4f9d3fbf9..20d7d8866 100644
--- a/rules/aws_cloudtrail_rules/aws_rds_snapshot_shared.py
+++ b/rules/aws_cloudtrail_rules/aws_rds_snapshot_shared.py
@@ -1,8 +1,5 @@
 from panther_base_helpers import aws_rule_context
 
-# Account IDs exempted from this rule
-ALLOWED_ACCOUNTS = {}
-
 
 def rule(event):
     if all(
@@ -18,7 +15,7 @@ def rule(event):
             return any(
                 account_id
                 for account_id in shared_account_ids
-                if account_id not in ALLOWED_ACCOUNTS
+                if account_id != event.deep_get("userIdentity", "accountId", default="")
             )
         return False
     return False