cfn-nag 0.6.0 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/AmazonMQBrokerUsersPasswordRule.rb +2 -2
- data/lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb +3 -2
- data/lib/cfn-nag/custom_rules/CodePipelineWebhookAuthenticationConfigurationSecretTokenRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/DocDBDBClusterMasterUserPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb +3 -2
- data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAuthTokenRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/IAMUserLoginProfilePasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule.rb +3 -2
- data/lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule.rb +3 -2
- data/lib/cfn-nag/custom_rules/LambdaPermissionEventSourceTokenRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/OpsWorksAppAppSourcePasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/OpsWorksAppSslConfigurationPrivateKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/OpsWorksStackCustomCookbooksSourcePasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancesDbPasswordRule.rb +3 -2
- data/lib/cfn-nag/custom_rules/PinpointAPNSChannelPrivateKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSChannelTokenKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelPrivateKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelTokenKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelPrivateKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelTokenKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelPrivateKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelTokenKeyRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUserPasswordRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUsernameRule.rb +2 -1
- data/lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb +2 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a9ce6cd0d3c752291550da0672213d71d1fcd41e8198425c213230303ea8cfb6
|
4
|
+
data.tar.gz: aa57ef3c7b3c2817fc67d5fcf87984ba1d7f90faccc89087842710a5f7f07226
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cfa8286dc2e0ed4fbbfa37826557054839abc26080bb15b389c201e6309f2ab22343cc0b1e8380beaf03f6f1732d4eb6adf93a623e788e512ca15b184024bf2a
|
7
|
+
data.tar.gz: 4e756cec00c0e82a08d14f726e212bdcf6b45ae7e37bb3c3160165163367ca7cfcd601e1c95b554f69efe68a398c90848fec198a144dd073f7899e91f2495967
|
@@ -5,8 +5,8 @@ require_relative 'sub_property_with_list_password_base_rule'
|
|
5
5
|
|
6
6
|
class AmazonMQBrokerUsersPasswordRule < SubPropertyWithListPasswordBaseRule
|
7
7
|
def rule_text
|
8
|
-
'AmazonMQ Broker Users Password must not be a plaintext ' \
|
9
|
-
'
|
8
|
+
'AmazonMQ Broker Users Password must not be a plaintext string or a Ref to a Parameter with a Default value. ' \
|
9
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
10
|
end
|
11
11
|
|
12
12
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class AmplifyAppAccessTokenRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Amplify App AccessToken must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class AmplifyAppBasicAuthConfigPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Amplify App BasicAuthConfig Password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class AmplifyAppOauthTokenRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Amplify App OauthToken must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class AmplifyBranchBasicAuthConfigPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Amplify Branch BasicAuthConfig Password must not be a plaintext ' \
|
9
|
-
'string or a Ref to a
|
9
|
+
'string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
|
|
6
6
|
class AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'AppStream DirectoryConfig ServiceAccountCredentials AccountPassword ' \
|
9
|
-
'must not be a plaintext string or a Ref to a
|
10
|
-
'with a Default value.'
|
9
|
+
'must not be a plaintext string or a Ref to a Parameter ' \
|
10
|
+
'with a Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
data/lib/cfn-nag/custom_rules/CodePipelineWebhookAuthenticationConfigurationSecretTokenRule.rb
CHANGED
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class CodePipelineWebhookAuthenticationConfigurationSecretTokenRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'CodePipeline Webhook AuthenticationConfiguration SecretToken must not be ' \
|
9
|
-
'a plaintext string or a Ref to a
|
9
|
+
'a plaintext string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class DMSEndpointMongoDbSettingsPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'DMS Endpoint MongoDbSettings Password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class DMSEndpointPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'DMS Endpoint password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
|
|
7
7
|
class DirectoryServiceMicrosoftADPasswordRule < PasswordBaseRule
|
8
8
|
def rule_text
|
9
9
|
'Directory Service Microsoft AD password must not be a plaintext string ' \
|
10
|
-
'or a Ref to a
|
10
|
+
'or a Ref to a Parameter with a Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
|
|
7
7
|
class DirectoryServiceSimpleADPasswordRule < PasswordBaseRule
|
8
8
|
def rule_text
|
9
9
|
'DirectoryService SimpleAD password must not be a plaintext string ' \
|
10
|
-
'or a Ref to a
|
10
|
+
'or a Ref to a Parameter with a Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class DocDBDBClusterMasterUserPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'DocDB DB Cluster master user password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class EMRClusterKerberosAttributesADDomainJoinPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'EMR Cluster KerberosAttributes AD Domain JoinPassword must not be a ' \
|
9
|
-
'plaintext string or a Ref to a
|
9
|
+
'plaintext string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
CHANGED
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
|
|
6
6
|
class EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'EMR Cluster KerberosAttributes CrossRealmTrustPrincipal Password must ' \
|
9
|
-
'not be a plaintext string or a Ref to a
|
10
|
-
'Default value.'
|
9
|
+
'not be a plaintext string or a Ref to a Parameter with a ' \
|
10
|
+
'Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class EMRClusterKerberosAttributesKdcAdminPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'EMR Cluster KerberosAttributes KdcAdmin Password must not be a ' \
|
9
|
-
'plaintext string or a Ref to a
|
9
|
+
'plaintext string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class ElastiCacheReplicationGroupAuthTokenRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'ElastiCache ReplicationGroup AuthToken must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class IAMUserLoginProfilePasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'IAM User LoginProfile Password must not be a plaintext string or ' \
|
9
|
-
'a Ref to a
|
9
|
+
'a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
|
|
6
6
|
class KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Kinesis Firehose DeliveryStream RedshiftDestinationConfiguration Password ' \
|
9
|
-
'must not be a plaintext string or a Ref to a
|
10
|
-
'Default value.'
|
9
|
+
'must not be a plaintext string or a Ref to a Parameter with a ' \
|
10
|
+
'Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
|
|
6
6
|
class KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Kinesis Firehose DeliveryStream SplunkDestinationConfiguration HECToken ' \
|
9
|
-
'must not be a plaintext string or a Ref to a
|
10
|
-
'Default value.'
|
9
|
+
'must not be a plaintext string or a Ref to a Parameter with a ' \
|
10
|
+
'Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class LambdaPermissionEventSourceTokenRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Lambda Permission EventSourceToken must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class OpsWorksAppAppSourcePasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'OpsWorks App AppSource Password must not be a plaintext ' \
|
9
|
-
'string or a Ref to a
|
9
|
+
'string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class OpsWorksAppSslConfigurationPrivateKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'OpsWorks App SslConfiguration PrivateKey must not be a plaintext ' \
|
9
|
-
'string or a Ref to a
|
9
|
+
'string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class OpsWorksStackCustomCookbooksSourcePasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'OpsWorks Stack CustomCookbooksSource Password must not be a plaintext ' \
|
9
|
-
'string or a Ref to a
|
9
|
+
'string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -5,8 +5,9 @@ require_relative 'sub_property_with_list_password_base_rule'
|
|
5
5
|
|
6
6
|
class OpsWorksStackRdsDbInstancesDbPasswordRule < SubPropertyWithListPasswordBaseRule
|
7
7
|
def rule_text
|
8
|
-
'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext '
|
9
|
-
'
|
8
|
+
'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext string '\
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSChannelPrivateKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSChannel PrivateKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSChannelTokenKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSSandboxChannelPrivateKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSSandboxChannel PrivateKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSSandboxChannelTokenKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSSandboxChannel TokenKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSVoipChannelPrivateKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSVoipChannel PrivateKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSVoipChannelTokenKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSVoipSandboxChannelPrivateKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSVoipSandboxChannel PrivateKey must not be a plaintext ' \
|
9
|
-
'string or a Ref to a
|
9
|
+
'string or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class PinpointAPNSVoipSandboxChannelTokenKeyRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Pinpoint APNSVoipSandboxChannel TokenKey must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class RDSDBClusterMasterUserPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'RDS DB Cluster master user password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class RDSDBInstanceMasterUserPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'RDS instance master user password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
|
|
7
7
|
class RDSDBInstanceMasterUsernameRule < PasswordBaseRule
|
8
8
|
def rule_text
|
9
9
|
'RDS instance master username must not be a plaintext string ' \
|
10
|
-
'or a Ref to a
|
10
|
+
'or a Ref to a Parameter with a Default value. ' \
|
11
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
|
11
12
|
end
|
12
13
|
|
13
14
|
def rule_type
|
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
|
|
6
6
|
class RedshiftClusterMasterUserPasswordRule < PasswordBaseRule
|
7
7
|
def rule_text
|
8
8
|
'Redshift Cluster master user password must not be a plaintext string ' \
|
9
|
-
'or a Ref to a
|
9
|
+
'or a Ref to a Parameter with a Default value. ' \
|
10
|
+
'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
|
10
11
|
end
|
11
12
|
|
12
13
|
def rule_type
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-05-
|
11
|
+
date: 2020-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|