cfn-guardian 0.1.0 → 0.3.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/.dockerignore +1 -0
  3. data/Dockerfile +19 -0
  4. data/Gemfile.lock +31 -13
  5. data/README.md +441 -42
  6. data/cfn-guardian.gemspec +6 -2
  7. data/lib/cfnguardian.rb +301 -27
  8. data/lib/cfnguardian/cloudwatch.rb +121 -0
  9. data/lib/cfnguardian/codecommit.rb +54 -0
  10. data/lib/cfnguardian/codepipeline.rb +138 -0
  11. data/lib/cfnguardian/compile.rb +58 -17
  12. data/lib/cfnguardian/config/defaults.yaml +94 -0
  13. data/lib/cfnguardian/display_formatter.rb +164 -0
  14. data/lib/cfnguardian/drift.rb +79 -0
  15. data/lib/cfnguardian/log.rb +0 -1
  16. data/lib/cfnguardian/models/alarm.rb +98 -36
  17. data/lib/cfnguardian/models/check.rb +103 -26
  18. data/lib/cfnguardian/models/composite.rb +21 -0
  19. data/lib/cfnguardian/models/event.rb +164 -40
  20. data/lib/cfnguardian/models/metric_filter.rb +28 -0
  21. data/lib/cfnguardian/resources/application_targetgroup.rb +2 -0
  22. data/lib/cfnguardian/resources/base.rb +38 -16
  23. data/lib/cfnguardian/resources/ecs_service.rb +2 -2
  24. data/lib/cfnguardian/resources/http.rb +16 -1
  25. data/lib/cfnguardian/resources/internal_http.rb +74 -0
  26. data/lib/cfnguardian/resources/internal_port.rb +33 -0
  27. data/lib/cfnguardian/resources/internal_sftp.rb +58 -0
  28. data/lib/cfnguardian/resources/log_group.rb +26 -0
  29. data/lib/cfnguardian/resources/network_targetgroup.rb +1 -0
  30. data/lib/cfnguardian/resources/port.rb +25 -0
  31. data/lib/cfnguardian/resources/rds_instance.rb +2 -0
  32. data/lib/cfnguardian/resources/sftp.rb +50 -0
  33. data/lib/cfnguardian/resources/sql.rb +1 -1
  34. data/lib/cfnguardian/resources/tls.rb +66 -0
  35. data/lib/cfnguardian/s3.rb +3 -2
  36. data/lib/cfnguardian/stacks/main.rb +86 -65
  37. data/lib/cfnguardian/stacks/resources.rb +81 -42
  38. data/lib/cfnguardian/string.rb +12 -0
  39. data/lib/cfnguardian/version.rb +1 -1
  40. metadata +102 -5
data/lib/cfnguardian/drift.rb ADDED
@@ -0,0 +1,79 @@
1
+ require 'aws-sdk-cloudformation'
2
+
3
+ module CfnGuardian
4
+ class Drift
5
+
6
+ def initialize(stack)
7
+ @stack = stack
8
+ @client = Aws::CloudFormation::Client.new()
9
+ end
10
+
11
+ def find_nested_stacks
12
+ stacks = []
13
+ resp = @client.describe_stack_resources({
14
+ stack_name: @stack
15
+ })
16
+ resp.stack_resources.each do |r|
17
+ if r.resource_type == 'AWS::CloudFormation::Stack'
18
+ stacks << r.physical_resource_id
19
+ end
20
+ end
21
+ return stacks
22
+ end
23
+
24
+ def detect_drift(stack)
25
+ resp = @client.detect_stack_drift({
26
+ stack_name: stack
27
+ })
28
+ wait_for_dirft_detection(resp.stack_drift_detection_id)
29
+ end
30
+
31
+ def wait_for_dirft_detection(id,count=0)
32
+ resp = @client.describe_stack_drift_detection_status({
33
+ stack_drift_detection_id: id
34
+ })
35
+ if resp.detection_status == 'DETECTION_IN_PROGRESS' && count < 10
36
+ sleep(2)
37
+ count += 1
38
+ wait_for_dirft_detection(id,count)
39
+ end
40
+ end
41
+
42
+ def get_drift(stack)
43
+ rows = []
44
+ resp = @client.describe_stack_resource_drifts({
45
+ stack_name: stack,
46
+ stack_resource_drift_status_filters: ["MODIFIED", "DELETED"]
47
+ })
48
+
49
+ if resp.stack_resource_drifts.any?
50
+ resp.stack_resource_drifts.each do |drift|
51
+ next if drift.resource_type != 'AWS::CloudWatch::Alarm'
52
+
53
+ if drift.stack_resource_drift_status == 'MODIFIED'
54
+ drift.property_differences.each do |diff|
55
+ rows << [
56
+ drift.physical_resource_id,
57
+ diff.property_path,
58
+ diff.expected_value,
59
+ diff.actual_value,
60
+ diff.difference_type
61
+ ]
62
+ end
63
+ elsif drift.stack_resource_drift_status == 'DELETED'
64
+ rows << [
65
+ drift.physical_resource_id.red,
66
+ "",
67
+ "",
68
+ "",
69
+ drift.stack_resource_drift_status.red
70
+ ]
71
+ end
72
+ end
73
+ end
74
+
75
+ return rows
76
+ end
77
+
78
+ end
79
+ end
data/lib/cfnguardian/log.rb CHANGED
@@ -13,7 +13,6 @@ module Logging
13
13
 
14
14
  def logger
15
15
  @logger ||= Logger.new($stdout)
16
- @logger.level = Logger::DEBUG
17
16
  @logger.formatter = proc do |severity, datetime, progname, msg|
18
17
  "\e[#{colors[severity.to_sym]}m#{severity}: #{msg}\e[0m\n"
19
18
  end
data/lib/cfnguardian/models/alarm.rb CHANGED
@@ -1,11 +1,14 @@
1
1
  require 'cfnguardian/string'
2
+ require 'digest/md5'
2
3
 
3
4
  module CfnGuardian
4
5
  module Models
5
6
  class Alarm
6
7
 
7
- attr_reader :type
8
- attr_accessor :class,
8
+ attr_reader :type,
9
+ :resource_hash
10
+
11
+ attr_accessor :group,
9
12
  :name,
10
13
  :metric_name,
11
14
  :namespace,
@@ -17,21 +20,23 @@ module CfnGuardian
17
20
  :statistic,
18
21
  :actions_enabled,
19
22
  :enabled,
20
- :resource,
23
+ :resource_id,
24
+ :resource_name,
21
25
  :alarm_action,
22
26
  :treat_missing_data,
23
27
  :datapoints_to_alarm,
24
28
  :extended_statistic,
25
29
  :evaluate_low_sample_count_percentile,
26
- :unit
30
+ :unit,
31
+ :maintenance_groups
27
32
 
28
33
  def initialize(resource)
29
34
  @type = 'Alarm'
30
- @class = nil
35
+ @group = nil
31
36
  @name = ''
32
37
  @metric_name = nil
33
38
  @namespace = nil
34
- @dimensions = {}
39
+ @dimensions = nil
35
40
  @threshold = 0
36
41
  @period = 60
37
42
  @evaluation_periods = 1
@@ -43,28 +48,25 @@ module CfnGuardian
43
48
  @evaluate_low_sample_count_percentile = nil
44
49
  @unit = nil
45
50
  @enabled = true
46
- @resource_name = Digest::MD5.hexdigest resource['Id']
47
- @resource = resource['Id']
51
+ @resource_hash = Digest::MD5.hexdigest resource['Id']
52
+ @resource_id = resource['Id']
53
+ @resource_name = resource.fetch('Name', nil)
48
54
  @alarm_action = 'Critical'
49
55
  @treat_missing_data = nil
56
+ @maintenance_groups = []
50
57
  end
51
58
 
52
59
  def metric_name=(metric_name)
53
60
  raise ArgumentError.new("metric_name '#{metric_name}' must be of type String, provided type '#{metric_name.class}'") unless metric_name.is_a?(String)
54
61
  @metric_name=metric_name
55
- end
56
-
57
- def to_h
58
- Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
59
- end
60
-
62
+ end
61
63
  end
62
64
 
63
65
 
64
66
  class ApiGatewayAlarm < Alarm
65
67
  def initialize(resource)
66
68
  super(resource)
67
- @class = 'ApiGateway'
69
+ @group = 'ApiGateway'
68
70
  @namespace = 'AWS/ApiGateway'
69
71
  @dimensions = { ApiName: resource['Id'] }
70
72
  end
@@ -73,7 +75,7 @@ module CfnGuardian
73
75
  class ApplicationTargetGroupAlarm < Alarm
74
76
  def initialize(resource)
75
77
  super(resource)
76
- @class = 'ApplicationTargetGroup'
78
+ @group = 'ApplicationTargetGroup'
77
79
  @namespace = 'AWS/ApplicationELB'
78
80
  @dimensions = {
79
81
  TargetGroup: resource['Id'],
@@ -85,7 +87,7 @@ module CfnGuardian
85
87
  class AmazonMQBrokerAlarm < Alarm
86
88
  def initialize(resource)
87
89
  super(resource)
88
- @class = 'AmazonMQBroker'
90
+ @group = 'AmazonMQBroker'
89
91
  @namespace = 'AWS/AmazonMQ'
90
92
  @dimensions = { Broker: resource['Id'] }
91
93
  end
@@ -94,7 +96,7 @@ module CfnGuardian
94
96
  class CloudFrontDistributionAlarm < Alarm
95
97
  def initialize(resource)
96
98
  super(resource)
97
- @class = 'CloudFrontDistribution'
99
+ @group = 'CloudFrontDistribution'
98
100
  @namespace = 'AWS/CloudFront'
99
101
  @dimensions = {
100
102
  DistributionId: resource['Id'],
@@ -108,7 +110,7 @@ module CfnGuardian
108
110
  class AutoScalingGroupAlarm < Alarm
109
111
  def initialize(resource)
110
112
  super(resource)
111
- @class = 'AutoScalingGroup'
113
+ @group = 'AutoScalingGroup'
112
114
  @namespace = 'AWS/EC2'
113
115
  @dimensions = { AutoScalingGroupName: resource['Id'] }
114
116
  end
@@ -117,7 +119,7 @@ module CfnGuardian
117
119
  class DomainExpiryAlarm < Alarm
118
120
  def initialize(resource)
119
121
  super(resource)
120
- @class = 'DomainExpiry'
122
+ @group = 'DomainExpiry'
121
123
  @namespace = 'DNS'
122
124
  @dimensions = { Domain: resource['Id'] }
123
125
  @comparison_operator = 'LessThanThreshold'
@@ -127,7 +129,7 @@ module CfnGuardian
127
129
  class DynamoDBTableAlarm < Alarm
128
130
  def initialize(resource)
129
131
  super(resource)
130
- @class = 'DynamoDBTable'
132
+ @group = 'DynamoDBTable'
131
133
  @namespace = 'AWS/DynamoDB'
132
134
  @dimensions = { TableName: resource['Id'] }
133
135
  end
@@ -136,7 +138,7 @@ module CfnGuardian
136
138
  class Ec2InstanceAlarm < Alarm
137
139
  def initialize(resource)
138
140
  super(resource)
139
- @class = 'Ec2Instance'
141
+ @group = 'Ec2Instance'
140
142
  @namespace = 'AWS/EC2'
141
143
  @dimensions = { InstanceId: resource['Id'] }
142
144
  end
@@ -145,7 +147,7 @@ module CfnGuardian
145
147
  class ECSClusterAlarm < Alarm
146
148
  def initialize(resource)
147
149
  super(resource)
148
- @class = 'ECSCluster'
150
+ @group = 'ECSCluster'
149
151
  @namespace = 'AWS/ECS'
150
152
  @dimensions = { ClusterName: resource['Id'] }
151
153
  @threshold = 75
@@ -157,7 +159,7 @@ module CfnGuardian
157
159
  class ECSServiceAlarm < Alarm
158
160
  def initialize(resource)
159
161
  super(resource)
160
- @class = 'ECSService'
162
+ @group = 'ECSService'
161
163
  @namespace = 'AWS/ECS'
162
164
  @dimensions = {
163
165
  ServiceName: resource['Id'],
@@ -169,7 +171,7 @@ module CfnGuardian
169
171
  class ElastiCacheReplicationGroupAlarm < Alarm
170
172
  def initialize(resource)
171
173
  super(resource)
172
- @class = 'ElastiCacheReplicationGroup'
174
+ @group = 'ElastiCacheReplicationGroup'
173
175
  @namespace = 'AWS/ElastiCache'
174
176
  @dimensions = { CacheClusterId: resource['Id'] }
175
177
  end
@@ -178,7 +180,7 @@ module CfnGuardian
178
180
  class ElasticLoadBalancerAlarm < Alarm
179
181
  def initialize(resource)
180
182
  super(resource)
181
- @class = 'ElasticLoadBalancer'
183
+ @group = 'ElasticLoadBalancer'
182
184
  @namespace = 'AWS/ELB'
183
185
  @dimensions = { LoadBalancerName: resource['Id'] }
184
186
  end
@@ -187,7 +189,7 @@ module CfnGuardian
187
189
  class ElasticFileSystemAlarm < Alarm
188
190
  def initialize(resource)
189
191
  super(resource)
190
- @class = 'ElasticFileSystem'
192
+ @group = 'ElasticFileSystem'
191
193
  @namespace = 'AWS/EFS'
192
194
  @dimensions = { FileSystemId: resource['Id'] }
193
195
  end
@@ -196,7 +198,7 @@ module CfnGuardian
196
198
  class HttpAlarm < Alarm
197
199
  def initialize(resource)
198
200
  super(resource)
199
- @class = 'Http'
201
+ @group = 'Http'
200
202
  @namespace = 'HttpCheck'
201
203
  @dimensions = { Endpoint: resource['Id'] }
202
204
  @comparison_operator = 'LessThanThreshold'
@@ -204,11 +206,33 @@ module CfnGuardian
204
206
  @evaluation_periods = 2
205
207
  end
206
208
  end
209
+
210
+ class PortAlarm < Alarm
211
+ def initialize(resource)
212
+ super(resource)
213
+ @group = 'Port'
214
+ @namespace = 'TcpPortCheck'
215
+ @dimensions = { Endpoint: "#{resource['Id']}:#{resource['Port']}" }
216
+ @comparison_operator = 'LessThanThreshold'
217
+ @threshold = 1
218
+ @evaluation_periods = 2
219
+ end
220
+ end
221
+
222
+ class SslAlarm < Alarm
223
+ def initialize(resource)
224
+ super(resource)
225
+ @group = 'Ssl'
226
+ @namespace = 'SSL'
227
+ @dimensions = { URL: resource['Id'] }
228
+ @comparison_operator = 'LessThanThreshold'
229
+ end
230
+ end
207
231
 
208
232
  class NrpeAlarm < Alarm
209
233
  def initialize(resource,environment)
210
234
  super(resource)
211
- @class = 'Nrpe'
235
+ @group = 'Nrpe'
212
236
  @namespace = 'NRPE'
213
237
  @dimensions = { Host: "#{environment}-#{resource['Id']}" }
214
238
  @treat_missing_data = 'breaching'
@@ -219,7 +243,7 @@ module CfnGuardian
219
243
  class LambdaAlarm < Alarm
220
244
  def initialize(resource)
221
245
  super(resource)
222
- @class = 'Lambda'
246
+ @group = 'Lambda'
223
247
  @namespace = 'AWS/Lambda'
224
248
  @dimensions = { FunctionName: resource['Id'] }
225
249
  @statistic = 'Average'
@@ -230,7 +254,7 @@ module CfnGuardian
230
254
  class NetworkTargetGroupAlarm < Alarm
231
255
  def initialize(resource)
232
256
  super(resource)
233
- @class = 'NetworkTargetGroup'
257
+ @group = 'NetworkTargetGroup'
234
258
  @namespace = 'AWS/NetworkELB'
235
259
  @dimensions = {
236
260
  TargetGroup: resource['Id'],
@@ -242,7 +266,7 @@ module CfnGuardian
242
266
  class RedshiftClusterAlarm < Alarm
243
267
  def initialize(resource)
244
268
  super(resource)
245
- @class = 'RedshiftCluster'
269
+ @group = 'RedshiftCluster'
246
270
  @namespace = 'AWS/Redshift'
247
271
  @dimensions = { ClusterIdentifier: resource['Id'] }
248
272
  end
@@ -251,7 +275,7 @@ module CfnGuardian
251
275
  class RDSClusterInstanceAlarm < Alarm
252
276
  def initialize(resource)
253
277
  super(resource)
254
- @class = 'RDSClusterInstance'
278
+ @group = 'RDSClusterInstance'
255
279
  @namespace = 'AWS/RDS'
256
280
  @dimensions = { DBInstanceIdentifier: resource['Id'] }
257
281
  end
@@ -260,7 +284,7 @@ module CfnGuardian
260
284
  class RDSInstanceAlarm < Alarm
261
285
  def initialize(resource)
262
286
  super(resource)
263
- @class = 'RDSInstance'
287
+ @group = 'RDSInstance'
264
288
  @namespace = 'AWS/RDS'
265
289
  @dimensions = { DBInstanceIdentifier: resource['Id'] }
266
290
  end
@@ -269,7 +293,7 @@ module CfnGuardian
269
293
  class SqlAlarm < Alarm
270
294
  def initialize(resource)
271
295
  super(resource)
272
- @class = 'Sql'
296
+ @group = 'Sql'
273
297
  @namespace = 'SQL'
274
298
  @dimensions = { Host: resource['Id'] }
275
299
  @treat_missing_data = 'breaching'
@@ -280,7 +304,7 @@ module CfnGuardian
280
304
  class SQSQueueAlarm < Alarm
281
305
  def initialize(resource)
282
306
  super(resource)
283
- @class = 'SQSQueue'
307
+ @group = 'SQSQueue'
284
308
  @namespace = 'AWS/SQS'
285
309
  @dimensions = { QueueName: resource['Id'] }
286
310
  @statistic = 'Average'
@@ -288,5 +312,43 @@ module CfnGuardian
288
312
  end
289
313
  end
290
314
 
315
+ class LogGroupAlarm < Alarm
316
+ def initialize(resource)
317
+ super(resource)
318
+ @group = 'LogGroup'
319
+ @namespace = "MetricFilters"
320
+ @statistic = 'Sum'
321
+ @threshold = 1
322
+ @period = 300
323
+ @alarm_action = 'Informational'
324
+ end
325
+ end
326
+
327
+ class SFTPAlarm < Alarm
328
+ def initialize(resource)
329
+ super(resource)
330
+ @group = 'SFTP'
331
+ @namespace = 'SftpCheck'
332
+ @period = 300
333
+ @comparison_operator = 'LessThanThreshold'
334
+ @threshold = 1
335
+ @dimensions = { Host: resource['Id'], User: resource['User'] }
336
+ end
337
+ end
338
+
339
+ class TLSAlarm < Alarm
340
+ def initialize(resource)
341
+ super(resource)
342
+ @group = 'TLS'
343
+ @namespace = 'TLSVersionCheck'
344
+ @period = 300
345
+ @port = resource.fetch('Port', 443)
346
+ @dimensions = { Endpoint: "#{resource['Id']}:#{@port}" }
347
+ @comparison_operator = 'LessThanThreshold'
348
+ @threshold = 1
349
+ @evaluation_periods = 1
350
+ end
351
+ end
352
+
291
353
  end
292
354
  end
data/lib/cfnguardian/models/check.rb CHANGED
@@ -5,51 +5,84 @@ module CfnGuardian
5
5
  class Check
6
6
 
7
7
  attr_reader :type
8
- attr_accessor :class,
8
+ attr_accessor :group,
9
9
  :name,
10
+ :package,
10
11
  :handler,
11
12
  :version,
12
13
  :runtime,
13
- :environment
14
+ :environment,
15
+ :subnets,
16
+ :vpc
14
17
 
15
18
  def initialize(resource)
16
19
  @type = 'Check'
17
- @class = nil
20
+ @group = nil
18
21
  @name = nil
19
22
  @package = nil
20
23
  @handler = nil
21
24
  @version = nil
22
25
  @runtime = nil
23
26
  @environment = ''
24
- end
25
-
26
- def to_h
27
- Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
27
+ @subnets = nil
28
+ @vpc = nil
28
29
  end
29
30
  end
30
31
 
31
32
  class HttpCheck < Check
32
33
  def initialize(resource)
33
34
  super(resource)
34
- @class = 'Http'
35
+ @group = 'Http'
35
36
  @name = 'HttpCheck'
36
- @package = 'aws-lambda-http-check'
37
- @handler = 'handler.main'
38
- @version = '0.1'
37
+ @package = 'http-check'
38
+ @handler = 'handler.http_check'
39
+ @version = '0bc33e51abb1f27729ecb170611bf6b440e71a0e'
40
+ @runtime = 'python3.7'
41
+ end
42
+ end
43
+
44
+ class InternalHttpCheck < HttpCheck
45
+ def initialize(resource)
46
+ super(resource)
47
+ @group = 'InternalHttp'
48
+ @name = 'InternalHttpCheck'
49
+ @subnets = resource['Subnets']
50
+ @vpc = resource['VpcId']
51
+ @environment = resource['Environment']
52
+ end
53
+ end
54
+
55
+ class PortCheck < Check
56
+ def initialize(resource)
57
+ super(resource)
58
+ @group = 'Port'
59
+ @name = 'PortCheck'
60
+ @package = 'port-check'
61
+ @handler = 'handler.port_check'
62
+ @version = '356203b2a720ba0730622f978e677b88f8d0c328'
39
63
  @runtime = 'python3.6'
40
64
  end
41
65
  end
42
66
 
67
+ class InternalPortCheck < PortCheck
68
+ def initialize(resource)
69
+ super(resource)
70
+ @group = 'InternalPort'
71
+ @name = 'InternalPortCheck'
72
+ @subnets = resource['Subnets']
73
+ @vpc = resource['VpcId']
74
+ @environment = resource['Environment']
75
+ end
76
+ end
77
+
43
78
  class NrpeCheck < Check
44
- attr_accessor :subnets, :vpc
45
-
46
79
  def initialize(resource)
47
80
  super(resource)
48
- @class = 'Nrpe'
81
+ @group = 'Nrpe'
49
82
  @name = 'NrpeCheck'
50
83
  @package = 'aws-lambda-nrpe-check'
51
84
  @handler = 'main'
52
- @version = '0.2'
85
+ @version = 'aa51a0ad497a6c012a3639da0eb3446e4c0f9540'
53
86
  @runtime = 'go1.x'
54
87
  @subnets = resource['Subnets']
55
88
  @vpc = resource['VpcId']
@@ -60,37 +93,46 @@ module CfnGuardian
60
93
  class SslCheck < Check
61
94
  def initialize(resource)
62
95
  super(resource)
63
- @class = 'Ssl'
96
+ @group = 'Ssl'
64
97
  @name = 'SslCheck'
65
98
  @package = 'aws-lambda-ssl-check'
66
99
  @handler = 'main'
67
- @version = '0.1'
100
+ @version = 'a25fd4006d1f95c06f3c098188543f5eea1986da'
68
101
  @runtime = 'go1.x'
69
102
  end
70
103
  end
71
104
 
105
+ class InternalSslCheck < SslCheck
106
+ def initialize(resource)
107
+ super(resource)
108
+ @group = 'InternalSsl'
109
+ @name = 'InternalSslCheck'
110
+ @subnets = resource['Subnets']
111
+ @vpc = resource['VpcId']
112
+ @environment = resource['Environment']
113
+ end
114
+ end
115
+
72
116
  class DomainExpiryCheck < Check
73
117
  def initialize(resource)
74
118
  super(resource)
75
- @class = 'DomainExpiry'
119
+ @group = 'DomainExpiry'
76
120
  @name = 'DomainExpiryCheck'
77
121
  @package = 'aws-lambda-dns-check'
78
122
  @handler = 'main'
79
- @version = '0.1'
123
+ @version = '9db96ca32379faddc47e55849b7e296b7b70a48e'
80
124
  @runtime = 'go1.x'
81
125
  end
82
126
  end
83
127
 
84
128
  class SqlCheck < Check
85
- attr_accessor :subnets, :vpc
86
-
87
129
  def initialize(resource)
88
130
  super(resource)
89
- @class = 'Sql'
131
+ @group = 'Sql'
90
132
  @name = 'SqlCheck'
91
133
  @package = 'aws-lambda-sql-check'
92
134
  @handler = 'main'
93
- @version = '0.1'
135
+ @version = '83bd6399c0376c98df90dd5f29e49d629c556cee'
94
136
  @runtime = 'go1.x'
95
137
  @subnets = resource['Subnets']
96
138
  @vpc = resource['VpcId']
@@ -101,14 +143,49 @@ module CfnGuardian
101
143
  class ContainerInstanceCheck < Check
102
144
  def initialize(resource)
103
145
  super(resource)
104
- @class = 'ContainerInstance'
146
+ @group = 'ContainerInstance'
105
147
  @name = 'ContainerInstanceCheck'
106
- @package = 'aws-lambda-ecs-container-instance-check'
148
+ @package = 'ecs-containder-instance-check'
107
149
  @handler = 'handler.run_check'
108
- @version = '0.1'
150
+ @version = '4f650d5846d6e8d19f0139bccdeeb147f03f0dd6'
109
151
  @runtime = 'python3.6'
110
152
  end
111
153
  end
154
+
155
+ class TLSCheck < Check
156
+ def initialize(resource)
157
+ super(resource)
158
+ @group = 'TLS'
159
+ @name = 'TLSCheck'
160
+ @package = 'tls-version-check'
161
+ @handler = 'handler.run_check'
162
+ @version = 'de83afdde0d976364af37ad7552a8496c3c94ab5'
163
+ @runtime = 'python3.7'
164
+ end
165
+ end
166
+
167
+ class SFTPCheck < Check
168
+ def initialize(resource)
169
+ super(resource)
170
+ @group = 'SFTP'
171
+ @name = 'SFTPCheck'
172
+ @package = 'sftp-check'
173
+ @handler = 'handler.sftp_check'
174
+ @version = '987e71f2607347e13e3f156535059d6d3ce1ceed'
175
+ @runtime = 'python3.7'
176
+ end
177
+ end
178
+
179
+ class InternalSFTPCheck < SFTPCheck
180
+ def initialize(resource)
181
+ super(resource)
182
+ @group = 'InternalSFTP'
183
+ @name = 'InternalSFTPCheck'
184
+ @subnets = resource['Subnets']
185
+ @vpc = resource['VpcId']
186
+ @environment = resource['Environment']
187
+ end
188
+ end
112
189
 
113
190
  end
114
191
  end