cfn-nag 0.3.59 → 0.3.60
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4eacba2d71f8eb632f29c28caff7581ebb1cf71feeaa19dba7862374158d9a3
|
4
|
+
data.tar.gz: d88d3e7a663382e0f752a97007a9d77ca438ad5c52b3d33617ed410010afd1f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 70637b52376a724b66acb967be404dcb909533ccf917dcfbfcf9e9661eefc76753b52a7af11087162111ba17697ea6da60ac0ff44fbab3fb19dd0389d207e9f0
|
7
|
+
data.tar.gz: 1a3b52785ef6a0f81f33f88fb8a24eb1223cfc126bd7fb968fac173bab7e0983500a9bab220e7d654e3551774e6cf9d2cf4788614471414797ae95aadc2fbdd1
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'cfn-nag/violation'
|
2
|
+
require_relative 'base'
|
3
|
+
|
4
|
+
class RDSDBClusterStorageEncryptedRule < BaseRule
|
5
|
+
def rule_text
|
6
|
+
'RDS DBCluster should have StorageEncrypted enabled'
|
7
|
+
end
|
8
|
+
|
9
|
+
def rule_type
|
10
|
+
Violation::FAILING_VIOLATION
|
11
|
+
end
|
12
|
+
|
13
|
+
def rule_id
|
14
|
+
'F26'
|
15
|
+
end
|
16
|
+
|
17
|
+
def audit_impl(cfn_model)
|
18
|
+
resources = cfn_model.resources_by_type('AWS::RDS::DBCluster')
|
19
|
+
|
20
|
+
violating_clusters = resources.select do |cluster|
|
21
|
+
cluster.storageEncrypted.nil? ||
|
22
|
+
cluster.storageEncrypted.to_s.casecmp('false').zero?
|
23
|
+
end
|
24
|
+
|
25
|
+
violating_clusters.map(&:logical_resource_id)
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'cfn-nag/violation'
|
2
|
+
require_relative 'base'
|
3
|
+
|
4
|
+
class RDSDBInstanceStorageEncryptedRule < BaseRule
|
5
|
+
def rule_text
|
6
|
+
'RDS DBInstance should have StorageEncrypted enabled'
|
7
|
+
end
|
8
|
+
|
9
|
+
def rule_type
|
10
|
+
Violation::FAILING_VIOLATION
|
11
|
+
end
|
12
|
+
|
13
|
+
def rule_id
|
14
|
+
'F27'
|
15
|
+
end
|
16
|
+
|
17
|
+
def audit_impl(cfn_model)
|
18
|
+
resources = cfn_model.resources_by_type('AWS::RDS::DBInstance')
|
19
|
+
|
20
|
+
violating_instances = resources.select do |instance|
|
21
|
+
instance.storageEncrypted.nil? ||
|
22
|
+
instance.storageEncrypted.to_s.casecmp('false').zero?
|
23
|
+
end
|
24
|
+
|
25
|
+
violating_instances.map(&:logical_resource_id)
|
26
|
+
end
|
27
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.60
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -162,6 +162,8 @@ files:
|
|
162
162
|
- lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
|
163
163
|
- lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
|
164
164
|
- lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
|
165
|
+
- lib/cfn-nag/custom_rules/RDSDBClusterStorageEncryptedRule.rb
|
166
|
+
- lib/cfn-nag/custom_rules/RDSDBInstanceStorageEncryptedRule.rb
|
165
167
|
- lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb
|
166
168
|
- lib/cfn-nag/custom_rules/RDSInstanceMasterUsernameRule.rb
|
167
169
|
- lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
|