cfn-guardian 0.1.0 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/.dockerignore +1 -0
  3. data/Dockerfile +19 -0
  4. data/Gemfile.lock +31 -13
  5. data/README.md +441 -42
  6. data/cfn-guardian.gemspec +6 -2
  7. data/lib/cfnguardian.rb +301 -27
  8. data/lib/cfnguardian/cloudwatch.rb +121 -0
  9. data/lib/cfnguardian/codecommit.rb +54 -0
  10. data/lib/cfnguardian/codepipeline.rb +138 -0
  11. data/lib/cfnguardian/compile.rb +58 -17
  12. data/lib/cfnguardian/config/defaults.yaml +94 -0
  13. data/lib/cfnguardian/display_formatter.rb +164 -0
  14. data/lib/cfnguardian/drift.rb +79 -0
  15. data/lib/cfnguardian/log.rb +0 -1
  16. data/lib/cfnguardian/models/alarm.rb +98 -36
  17. data/lib/cfnguardian/models/check.rb +103 -26
  18. data/lib/cfnguardian/models/composite.rb +21 -0
  19. data/lib/cfnguardian/models/event.rb +164 -40
  20. data/lib/cfnguardian/models/metric_filter.rb +28 -0
  21. data/lib/cfnguardian/resources/application_targetgroup.rb +2 -0
  22. data/lib/cfnguardian/resources/base.rb +38 -16
  23. data/lib/cfnguardian/resources/ecs_service.rb +2 -2
  24. data/lib/cfnguardian/resources/http.rb +16 -1
  25. data/lib/cfnguardian/resources/internal_http.rb +74 -0
  26. data/lib/cfnguardian/resources/internal_port.rb +33 -0
  27. data/lib/cfnguardian/resources/internal_sftp.rb +58 -0
  28. data/lib/cfnguardian/resources/log_group.rb +26 -0
  29. data/lib/cfnguardian/resources/network_targetgroup.rb +1 -0
  30. data/lib/cfnguardian/resources/port.rb +25 -0
  31. data/lib/cfnguardian/resources/rds_instance.rb +2 -0
  32. data/lib/cfnguardian/resources/sftp.rb +50 -0
  33. data/lib/cfnguardian/resources/sql.rb +1 -1
  34. data/lib/cfnguardian/resources/tls.rb +66 -0
  35. data/lib/cfnguardian/s3.rb +3 -2
  36. data/lib/cfnguardian/stacks/main.rb +86 -65
  37. data/lib/cfnguardian/stacks/resources.rb +81 -42
  38. data/lib/cfnguardian/string.rb +12 -0
  39. data/lib/cfnguardian/version.rb +1 -1
  40. metadata +102 -5
data/lib/cfnguardian/drift.rb ADDED
@@ -0,0 +1,79 @@
1
+ require 'aws-sdk-cloudformation'
2
+
3
+ module CfnGuardian
4
+ class Drift
5
+
6
+ def initialize(stack)
7
+ @stack = stack
8
+ @client = Aws::CloudFormation::Client.new()
9
+ end
10
+
11
+ def find_nested_stacks
12
+ stacks = []
13
+ resp = @client.describe_stack_resources({
14
+ stack_name: @stack
15
+ })
16
+ resp.stack_resources.each do |r|
17
+ if r.resource_type == 'AWS::CloudFormation::Stack'
18
+ stacks << r.physical_resource_id
19
+ end
20
+ end
21
+ return stacks
22
+ end
23
+
24
+ def detect_drift(stack)
25
+ resp = @client.detect_stack_drift({
26
+ stack_name: stack
27
+ })
28
+ wait_for_dirft_detection(resp.stack_drift_detection_id)
29
+ end
30
+
31
+ def wait_for_dirft_detection(id,count=0)
32
+ resp = @client.describe_stack_drift_detection_status({
33
+ stack_drift_detection_id: id
34
+ })
35
+ if resp.detection_status == 'DETECTION_IN_PROGRESS' && count < 10
36
+ sleep(2)
37
+ count += 1
38
+ wait_for_dirft_detection(id,count)
39
+ end
40
+ end
41
+
42
+ def get_drift(stack)
43
+ rows = []
44
+ resp = @client.describe_stack_resource_drifts({
45
+ stack_name: stack,
46
+ stack_resource_drift_status_filters: ["MODIFIED", "DELETED"]
47
+ })
48
+
49
+ if resp.stack_resource_drifts.any?
50
+ resp.stack_resource_drifts.each do |drift|
51
+ next if drift.resource_type != 'AWS::CloudWatch::Alarm'
52
+
53
+ if drift.stack_resource_drift_status == 'MODIFIED'
54
+ drift.property_differences.each do |diff|
55
+ rows << [
56
+ drift.physical_resource_id,
57
+ diff.property_path,
58
+ diff.expected_value,
59
+ diff.actual_value,
60
+ diff.difference_type
61
+ ]
62
+ end
63
+ elsif drift.stack_resource_drift_status == 'DELETED'
64
+ rows << [
65
+ drift.physical_resource_id.red,
66
+ "",
67
+ "",
68
+ "",
69
+ drift.stack_resource_drift_status.red
70
+ ]
71
+ end
72
+ end
73
+ end
74
+
75
+ return rows
76
+ end
77
+
78
+ end
79
+ end
data/lib/cfnguardian/log.rb CHANGED
@@ -13,7 +13,6 @@ module Logging
13
13
 
14
14
  def logger
15
15
  @logger ||= Logger.new($stdout)
16
- @logger.level = Logger::DEBUG
17
16
  @logger.formatter = proc do |severity, datetime, progname, msg|
18
17
  "\e[#{colors[severity.to_sym]}m#{severity}: #{msg}\e[0m\n"
19
18
  end
data/lib/cfnguardian/models/alarm.rb CHANGED
@@ -1,11 +1,14 @@
1
1
  require 'cfnguardian/string'
2
+ require 'digest/md5'
2
3
 
3
4
  module CfnGuardian
4
5
  module Models
5
6
  class Alarm
6
7
 
7
- attr_reader :type
8
- attr_accessor :class,
8
+ attr_reader :type,
9
+ :resource_hash
10
+
11
+ attr_accessor :group,
9
12
  :name,
10
13
  :metric_name,
11
14
  :namespace,
@@ -17,21 +20,23 @@ module CfnGuardian
17
20
  :statistic,
18
21
  :actions_enabled,
19
22
  :enabled,
20
- :resource,
23
+ :resource_id,
24
+ :resource_name,
21
25
  :alarm_action,
22
26
  :treat_missing_data,
23
27
  :datapoints_to_alarm,
24
28
  :extended_statistic,
25
29
  :evaluate_low_sample_count_percentile,
26
- :unit
30
+ :unit,
31
+ :maintenance_groups
27
32
 
28
33
  def initialize(resource)
29
34
  @type = 'Alarm'
30
- @class = nil
35
+ @group = nil
31
36
  @name = ''
32
37
  @metric_name = nil
33
38
  @namespace = nil
34
- @dimensions = {}
39
+ @dimensions = nil
35
40
  @threshold = 0
36
41
  @period = 60
37
42
  @evaluation_periods = 1
@@ -43,28 +48,25 @@ module CfnGuardian
43
48
  @evaluate_low_sample_count_percentile = nil
44
49
  @unit = nil
45
50
  @enabled = true
46
- @resource_name = Digest::MD5.hexdigest resource['Id']
47
- @resource = resource['Id']
51
+ @resource_hash = Digest::MD5.hexdigest resource['Id']
52
+ @resource_id = resource['Id']
53
+ @resource_name = resource.fetch('Name', nil)
48
54
  @alarm_action = 'Critical'
49
55
  @treat_missing_data = nil
56
+ @maintenance_groups = []
50
57
  end
51
58
 
52
59
  def metric_name=(metric_name)
53
60
  raise ArgumentError.new("metric_name '#{metric_name}' must be of type String, provided type '#{metric_name.class}'") unless metric_name.is_a?(String)
54
61
  @metric_name=metric_name
55
- end
56
-
57
- def to_h
58
- Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
59
- end
60
-
62
+ end
61
63
  end
62
64
 
63
65
 
64
66
  class ApiGatewayAlarm < Alarm
65
67
  def initialize(resource)
66
68
  super(resource)
67
- @class = 'ApiGateway'
69
+ @group = 'ApiGateway'
68
70
  @namespace = 'AWS/ApiGateway'
69
71
  @dimensions = { ApiName: resource['Id'] }
70
72
  end
@@ -73,7 +75,7 @@ module CfnGuardian
73
75
  class ApplicationTargetGroupAlarm < Alarm
74
76
  def initialize(resource)
75
77
  super(resource)
76
- @class = 'ApplicationTargetGroup'
78
+ @group = 'ApplicationTargetGroup'
77
79
  @namespace = 'AWS/ApplicationELB'
78
80
  @dimensions = {
79
81
  TargetGroup: resource['Id'],
@@ -85,7 +87,7 @@ module CfnGuardian
85
87
  class AmazonMQBrokerAlarm < Alarm
86
88
  def initialize(resource)
87
89
  super(resource)
88
- @class = 'AmazonMQBroker'
90
+ @group = 'AmazonMQBroker'
89
91
  @namespace = 'AWS/AmazonMQ'
90
92
  @dimensions = { Broker: resource['Id'] }
91
93
  end
@@ -94,7 +96,7 @@ module CfnGuardian
94
96
  class CloudFrontDistributionAlarm < Alarm
95
97
  def initialize(resource)
96
98
  super(resource)
97
- @class = 'CloudFrontDistribution'
99
+ @group = 'CloudFrontDistribution'
98
100
  @namespace = 'AWS/CloudFront'
99
101
  @dimensions = {
100
102
  DistributionId: resource['Id'],
@@ -108,7 +110,7 @@ module CfnGuardian
108
110
  class AutoScalingGroupAlarm < Alarm
109
111
  def initialize(resource)
110
112
  super(resource)
111
- @class = 'AutoScalingGroup'
113
+ @group = 'AutoScalingGroup'
112
114
  @namespace = 'AWS/EC2'
113
115
  @dimensions = { AutoScalingGroupName: resource['Id'] }
114
116
  end
@@ -117,7 +119,7 @@ module CfnGuardian
117
119
  class DomainExpiryAlarm < Alarm
118
120
  def initialize(resource)
119
121
  super(resource)
120
- @class = 'DomainExpiry'
122
+ @group = 'DomainExpiry'
121
123
  @namespace = 'DNS'
122
124
  @dimensions = { Domain: resource['Id'] }
123
125
  @comparison_operator = 'LessThanThreshold'
@@ -127,7 +129,7 @@ module CfnGuardian
127
129
  class DynamoDBTableAlarm < Alarm
128
130
  def initialize(resource)
129
131
  super(resource)
130
- @class = 'DynamoDBTable'
132
+ @group = 'DynamoDBTable'
131
133
  @namespace = 'AWS/DynamoDB'
132
134
  @dimensions = { TableName: resource['Id'] }
133
135
  end
@@ -136,7 +138,7 @@ module CfnGuardian
136
138
  class Ec2InstanceAlarm < Alarm
137
139
  def initialize(resource)
138
140
  super(resource)
139
- @class = 'Ec2Instance'
141
+ @group = 'Ec2Instance'
140
142
  @namespace = 'AWS/EC2'
141
143
  @dimensions = { InstanceId: resource['Id'] }
142
144
  end
@@ -145,7 +147,7 @@ module CfnGuardian
145
147
  class ECSClusterAlarm < Alarm
146
148
  def initialize(resource)
147
149
  super(resource)
148
- @class = 'ECSCluster'
150
+ @group = 'ECSCluster'
149
151
  @namespace = 'AWS/ECS'
150
152
  @dimensions = { ClusterName: resource['Id'] }
151
153
  @threshold = 75
@@ -157,7 +159,7 @@ module CfnGuardian
157
159
  class ECSServiceAlarm < Alarm
158
160
  def initialize(resource)
159
161
  super(resource)
160
- @class = 'ECSService'
162
+ @group = 'ECSService'
161
163
  @namespace = 'AWS/ECS'
162
164
  @dimensions = {
163
165
  ServiceName: resource['Id'],
@@ -169,7 +171,7 @@ module CfnGuardian
169
171
  class ElastiCacheReplicationGroupAlarm < Alarm
170
172
  def initialize(resource)
171
173
  super(resource)
172
- @class = 'ElastiCacheReplicationGroup'
174
+ @group = 'ElastiCacheReplicationGroup'
173
175
  @namespace = 'AWS/ElastiCache'
174
176
  @dimensions = { CacheClusterId: resource['Id'] }
175
177
  end
@@ -178,7 +180,7 @@ module CfnGuardian
178
180
  class ElasticLoadBalancerAlarm < Alarm
179
181
  def initialize(resource)
180
182
  super(resource)
181
- @class = 'ElasticLoadBalancer'
183
+ @group = 'ElasticLoadBalancer'
182
184
  @namespace = 'AWS/ELB'
183
185
  @dimensions = { LoadBalancerName: resource['Id'] }
184
186
  end
@@ -187,7 +189,7 @@ module CfnGuardian
187
189
  class ElasticFileSystemAlarm < Alarm
188
190
  def initialize(resource)
189
191
  super(resource)
190
- @class = 'ElasticFileSystem'
192
+ @group = 'ElasticFileSystem'
191
193
  @namespace = 'AWS/EFS'
192
194
  @dimensions = { FileSystemId: resource['Id'] }
193
195
  end
@@ -196,7 +198,7 @@ module CfnGuardian
196
198
  class HttpAlarm < Alarm
197
199
  def initialize(resource)
198
200
  super(resource)
199
- @class = 'Http'
201
+ @group = 'Http'
200
202
  @namespace = 'HttpCheck'
201
203
  @dimensions = { Endpoint: resource['Id'] }
202
204
  @comparison_operator = 'LessThanThreshold'
@@ -204,11 +206,33 @@ module CfnGuardian
204
206
  @evaluation_periods = 2
205
207
  end
206
208
  end
209
+
210
+ class PortAlarm < Alarm
211
+ def initialize(resource)
212
+ super(resource)
213
+ @group = 'Port'
214
+ @namespace = 'TcpPortCheck'
215
+ @dimensions = { Endpoint: "#{resource['Id']}:#{resource['Port']}" }
216
+ @comparison_operator = 'LessThanThreshold'
217
+ @threshold = 1
218
+ @evaluation_periods = 2
219
+ end
220
+ end
221
+
222
+ class SslAlarm < Alarm
223
+ def initialize(resource)
224
+ super(resource)
225
+ @group = 'Ssl'
226
+ @namespace = 'SSL'
227
+ @dimensions = { URL: resource['Id'] }
228
+ @comparison_operator = 'LessThanThreshold'
229
+ end
230
+ end
207
231
 
208
232
  class NrpeAlarm < Alarm
209
233
  def initialize(resource,environment)
210
234
  super(resource)
211
- @class = 'Nrpe'
235
+ @group = 'Nrpe'
212
236
  @namespace = 'NRPE'
213
237
  @dimensions = { Host: "#{environment}-#{resource['Id']}" }
214
238
  @treat_missing_data = 'breaching'
@@ -219,7 +243,7 @@ module CfnGuardian
219
243
  class LambdaAlarm < Alarm
220
244
  def initialize(resource)
221
245
  super(resource)
222
- @class = 'Lambda'
246
+ @group = 'Lambda'
223
247
  @namespace = 'AWS/Lambda'
224
248
  @dimensions = { FunctionName: resource['Id'] }
225
249
  @statistic = 'Average'
@@ -230,7 +254,7 @@ module CfnGuardian
230
254
  class NetworkTargetGroupAlarm < Alarm
231
255
  def initialize(resource)
232
256
  super(resource)
233
- @class = 'NetworkTargetGroup'
257
+ @group = 'NetworkTargetGroup'
234
258
  @namespace = 'AWS/NetworkELB'
235
259
  @dimensions = {
236
260
  TargetGroup: resource['Id'],
@@ -242,7 +266,7 @@ module CfnGuardian
242
266
  class RedshiftClusterAlarm < Alarm
243
267
  def initialize(resource)
244
268
  super(resource)
245
- @class = 'RedshiftCluster'
269
+ @group = 'RedshiftCluster'
246
270
  @namespace = 'AWS/Redshift'
247
271
  @dimensions = { ClusterIdentifier: resource['Id'] }
248
272
  end
@@ -251,7 +275,7 @@ module CfnGuardian
251
275
  class RDSClusterInstanceAlarm < Alarm
252
276
  def initialize(resource)
253
277
  super(resource)
254
- @class = 'RDSClusterInstance'
278
+ @group = 'RDSClusterInstance'
255
279
  @namespace = 'AWS/RDS'
256
280
  @dimensions = { DBInstanceIdentifier: resource['Id'] }
257
281
  end
@@ -260,7 +284,7 @@ module CfnGuardian
260
284
  class RDSInstanceAlarm < Alarm
261
285
  def initialize(resource)
262
286
  super(resource)
263
- @class = 'RDSInstance'
287
+ @group = 'RDSInstance'
264
288
  @namespace = 'AWS/RDS'
265
289
  @dimensions = { DBInstanceIdentifier: resource['Id'] }
266
290
  end
@@ -269,7 +293,7 @@ module CfnGuardian
269
293
  class SqlAlarm < Alarm
270
294
  def initialize(resource)
271
295
  super(resource)
272
- @class = 'Sql'
296
+ @group = 'Sql'
273
297
  @namespace = 'SQL'
274
298
  @dimensions = { Host: resource['Id'] }
275
299
  @treat_missing_data = 'breaching'
@@ -280,7 +304,7 @@ module CfnGuardian
280
304
  class SQSQueueAlarm < Alarm
281
305
  def initialize(resource)
282
306
  super(resource)
283
- @class = 'SQSQueue'
307
+ @group = 'SQSQueue'
284
308
  @namespace = 'AWS/SQS'
285
309
  @dimensions = { QueueName: resource['Id'] }
286
310
  @statistic = 'Average'
@@ -288,5 +312,43 @@ module CfnGuardian
288
312
  end
289
313
  end
290
314
 
315
+ class LogGroupAlarm < Alarm
316
+ def initialize(resource)
317
+ super(resource)
318
+ @group = 'LogGroup'
319
+ @namespace = "MetricFilters"
320
+ @statistic = 'Sum'
321
+ @threshold = 1
322
+ @period = 300
323
+ @alarm_action = 'Informational'
324
+ end
325
+ end
326
+
327
+ class SFTPAlarm < Alarm
328
+ def initialize(resource)
329
+ super(resource)
330
+ @group = 'SFTP'
331
+ @namespace = 'SftpCheck'
332
+ @period = 300
333
+ @comparison_operator = 'LessThanThreshold'
334
+ @threshold = 1
335
+ @dimensions = { Host: resource['Id'], User: resource['User'] }
336
+ end
337
+ end
338
+
339
+ class TLSAlarm < Alarm
340
+ def initialize(resource)
341
+ super(resource)
342
+ @group = 'TLS'
343
+ @namespace = 'TLSVersionCheck'
344
+ @period = 300
345
+ @port = resource.fetch('Port', 443)
346
+ @dimensions = { Endpoint: "#{resource['Id']}:#{@port}" }
347
+ @comparison_operator = 'LessThanThreshold'
348
+ @threshold = 1
349
+ @evaluation_periods = 1
350
+ end
351
+ end
352
+
291
353
  end
292
354
  end
data/lib/cfnguardian/models/check.rb CHANGED
@@ -5,51 +5,84 @@ module CfnGuardian
5
5
  class Check
6
6
 
7
7
  attr_reader :type
8
- attr_accessor :class,
8
+ attr_accessor :group,
9
9
  :name,
10
+ :package,
10
11
  :handler,
11
12
  :version,
12
13
  :runtime,
13
- :environment
14
+ :environment,
15
+ :subnets,
16
+ :vpc
14
17
 
15
18
  def initialize(resource)
16
19
  @type = 'Check'
17
- @class = nil
20
+ @group = nil
18
21
  @name = nil
19
22
  @package = nil
20
23
  @handler = nil
21
24
  @version = nil
22
25
  @runtime = nil
23
26
  @environment = ''
24
- end
25
-
26
- def to_h
27
- Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
27
+ @subnets = nil
28
+ @vpc = nil
28
29
  end
29
30
  end
30
31
 
31
32
  class HttpCheck < Check
32
33
  def initialize(resource)
33
34
  super(resource)
34
- @class = 'Http'
35
+ @group = 'Http'
35
36
  @name = 'HttpCheck'
36
- @package = 'aws-lambda-http-check'
37
- @handler = 'handler.main'
38
- @version = '0.1'
37
+ @package = 'http-check'
38
+ @handler = 'handler.http_check'
39
+ @version = '0bc33e51abb1f27729ecb170611bf6b440e71a0e'
40
+ @runtime = 'python3.7'
41
+ end
42
+ end
43
+
44
+ class InternalHttpCheck < HttpCheck
45
+ def initialize(resource)
46
+ super(resource)
47
+ @group = 'InternalHttp'
48
+ @name = 'InternalHttpCheck'
49
+ @subnets = resource['Subnets']
50
+ @vpc = resource['VpcId']
51
+ @environment = resource['Environment']
52
+ end
53
+ end
54
+
55
+ class PortCheck < Check
56
+ def initialize(resource)
57
+ super(resource)
58
+ @group = 'Port'
59
+ @name = 'PortCheck'
60
+ @package = 'port-check'
61
+ @handler = 'handler.port_check'
62
+ @version = '356203b2a720ba0730622f978e677b88f8d0c328'
39
63
  @runtime = 'python3.6'
40
64
  end
41
65
  end
42
66
 
67
+ class InternalPortCheck < PortCheck
68
+ def initialize(resource)
69
+ super(resource)
70
+ @group = 'InternalPort'
71
+ @name = 'InternalPortCheck'
72
+ @subnets = resource['Subnets']
73
+ @vpc = resource['VpcId']
74
+ @environment = resource['Environment']
75
+ end
76
+ end
77
+
43
78
  class NrpeCheck < Check
44
- attr_accessor :subnets, :vpc
45
-
46
79
  def initialize(resource)
47
80
  super(resource)
48
- @class = 'Nrpe'
81
+ @group = 'Nrpe'
49
82
  @name = 'NrpeCheck'
50
83
  @package = 'aws-lambda-nrpe-check'
51
84
  @handler = 'main'
52
- @version = '0.2'
85
+ @version = 'aa51a0ad497a6c012a3639da0eb3446e4c0f9540'
53
86
  @runtime = 'go1.x'
54
87
  @subnets = resource['Subnets']
55
88
  @vpc = resource['VpcId']
@@ -60,37 +93,46 @@ module CfnGuardian
60
93
  class SslCheck < Check
61
94
  def initialize(resource)
62
95
  super(resource)
63
- @class = 'Ssl'
96
+ @group = 'Ssl'
64
97
  @name = 'SslCheck'
65
98
  @package = 'aws-lambda-ssl-check'
66
99
  @handler = 'main'
67
- @version = '0.1'
100
+ @version = 'a25fd4006d1f95c06f3c098188543f5eea1986da'
68
101
  @runtime = 'go1.x'
69
102
  end
70
103
  end
71
104
 
105
+ class InternalSslCheck < SslCheck
106
+ def initialize(resource)
107
+ super(resource)
108
+ @group = 'InternalSsl'
109
+ @name = 'InternalSslCheck'
110
+ @subnets = resource['Subnets']
111
+ @vpc = resource['VpcId']
112
+ @environment = resource['Environment']
113
+ end
114
+ end
115
+
72
116
  class DomainExpiryCheck < Check
73
117
  def initialize(resource)
74
118
  super(resource)
75
- @class = 'DomainExpiry'
119
+ @group = 'DomainExpiry'
76
120
  @name = 'DomainExpiryCheck'
77
121
  @package = 'aws-lambda-dns-check'
78
122
  @handler = 'main'
79
- @version = '0.1'
123
+ @version = '9db96ca32379faddc47e55849b7e296b7b70a48e'
80
124
  @runtime = 'go1.x'
81
125
  end
82
126
  end
83
127
 
84
128
  class SqlCheck < Check
85
- attr_accessor :subnets, :vpc
86
-
87
129
  def initialize(resource)
88
130
  super(resource)
89
- @class = 'Sql'
131
+ @group = 'Sql'
90
132
  @name = 'SqlCheck'
91
133
  @package = 'aws-lambda-sql-check'
92
134
  @handler = 'main'
93
- @version = '0.1'
135
+ @version = '83bd6399c0376c98df90dd5f29e49d629c556cee'
94
136
  @runtime = 'go1.x'
95
137
  @subnets = resource['Subnets']
96
138
  @vpc = resource['VpcId']
@@ -101,14 +143,49 @@ module CfnGuardian
101
143
  class ContainerInstanceCheck < Check
102
144
  def initialize(resource)
103
145
  super(resource)
104
- @class = 'ContainerInstance'
146
+ @group = 'ContainerInstance'
105
147
  @name = 'ContainerInstanceCheck'
106
- @package = 'aws-lambda-ecs-container-instance-check'
148
+ @package = 'ecs-containder-instance-check'
107
149
  @handler = 'handler.run_check'
108
- @version = '0.1'
150
+ @version = '4f650d5846d6e8d19f0139bccdeeb147f03f0dd6'
109
151
  @runtime = 'python3.6'
110
152
  end
111
153
  end
154
+
155
+ class TLSCheck < Check
156
+ def initialize(resource)
157
+ super(resource)
158
+ @group = 'TLS'
159
+ @name = 'TLSCheck'
160
+ @package = 'tls-version-check'
161
+ @handler = 'handler.run_check'
162
+ @version = 'de83afdde0d976364af37ad7552a8496c3c94ab5'
163
+ @runtime = 'python3.7'
164
+ end
165
+ end
166
+
167
+ class SFTPCheck < Check
168
+ def initialize(resource)
169
+ super(resource)
170
+ @group = 'SFTP'
171
+ @name = 'SFTPCheck'
172
+ @package = 'sftp-check'
173
+ @handler = 'handler.sftp_check'
174
+ @version = '987e71f2607347e13e3f156535059d6d3ce1ceed'
175
+ @runtime = 'python3.7'
176
+ end
177
+ end
178
+
179
+ class InternalSFTPCheck < SFTPCheck
180
+ def initialize(resource)
181
+ super(resource)
182
+ @group = 'InternalSFTP'
183
+ @name = 'InternalSFTPCheck'
184
+ @subnets = resource['Subnets']
185
+ @vpc = resource['VpcId']
186
+ @environment = resource['Environment']
187
+ end
188
+ end
112
189
 
113
190
  end
114
191
  end