From 9c89bfda0338dbffe6310db6801d9ab64cb2ed1f Mon Sep 17 00:00:00 2001
From: Jamison Roberts <jtroberts83@users.noreply.github.com>
Date: Tue, 17 Nov 2020 11:32:35 -0600
Subject: [PATCH] Updating policy to include IPV6 filter as well

---
 .../security-group-restrict-admin-ingress.yml     | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/policies/security-group-restrict-admin-ingress.yml b/policies/security-group-restrict-admin-ingress.yml
index e5676d2..e063a30 100644
--- a/policies/security-group-restrict-admin-ingress.yml
+++ b/policies/security-group-restrict-admin-ingress.yml
@@ -5,12 +5,15 @@ policies:
   comment: "Remove rules allowing unrestricted ingress to ports [22, 3389]"
   filters:
     - "tag:c7n_security_group_restrict_admin_ingress_exempt": absent
-    - type: ingress
-      Ports: [22,3389]
-      Cidr:
-        value: 0.0.0.0/0
-        op: eq
-        value_type: cidr
+    - or:
+      - type: ingress
+        Ports: [22,3389]
+        Cidr:
+          value: 0.0.0.0/0
+      - type: ingress
+        Ports: [22,3389]
+        CidrV6:
+          value: "::/0"
   mode:
     type: cloudtrail
     execution-options: