From 88b007c37a9c7e6d3901e51c39d751dc7a495f59 Mon Sep 17 00:00:00 2001
From: Daniel Jensen <jensen@origamilogic.com>
Date: Thu, 25 Apr 2019 14:32:00 -0700
Subject: [PATCH] 1.21 terminated instances should not be included

---
 .../aws-cis-foundation-benchmark-checklist.py                    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/aws_cis_foundation_framework/aws-cis-foundation-benchmark-checklist.py b/aws_cis_foundation_framework/aws-cis-foundation-benchmark-checklist.py
index 4c28862..9cdafa5 100644
--- a/aws_cis_foundation_framework/aws-cis-foundation-benchmark-checklist.py
+++ b/aws_cis_foundation_framework/aws-cis-foundation-benchmark-checklist.py
@@ -691,6 +691,7 @@ def control_1_21_ensure_iam_instance_roles_used():
             if response['Reservations'][n]['Instances'][0]['IamInstanceProfile']:
                 pass
         except:
+            if response['Reservations'][n]['Instances'][0]['State']['Name'] != 'terminated':
                 result = False
                 offenders.append(str(response['Reservations'][n]['Instances'][0]['InstanceId']))
     return {'Result': result, 'failReason': failReason, 'Offenders': offenders, 'ScoredControl': scored, 'Description': description, 'ControlId': control}