cfn-nag 0.0.14 → 0.0.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6c9db58dbb6a9c5e9c2b1e0200c894c87b7c1f48
-  data.tar.gz: ef814e71af5df58940efedfb929494d17e01103f
+  metadata.gz: 321aab48e50c578d52366929c70c050feb20b027
+  data.tar.gz: 100ef582f666736c16cfdc52a44db75ba23f7438
 SHA512:
-  metadata.gz: aaafe66c12e5466345071c6dc7b385761ba94f013284b7f47e7a27cb6e0408f14e448c6c92810a72c03d382d653af7b3e5272d360395b01dc0485888c72d9cf1
-  data.tar.gz: c63bbb827017b74717351f20c516d1ff5b89c8cc9f821e8f74d0d03b8edbb5407ea7e5cdb4aa5065ca704d20c512c47e7fa9c16bcb4b006a11c964346c203553
+  metadata.gz: 4ff24d952355ccdcfa55b488777f3f0e19ae9efdb37091b2df85538bfdb2d626456fd3012c8ccf4425d916e3b877f43fd81cfc3770cb00f99664a9d8f1075b04
+  data.tar.gz: 8c1e4d0849c2a07560b3005bc869d24e10a481181c47fb7b8d69ccc4ee30aed498431d0507cf53f7b1ca168d3284111aad310cabe1833a98dfc53d21091ab12b

data/lib/json_rules/lambda_rules.rb

@@ -0,0 +1,7 @@
+warning jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::Lambda::Permission")|'\
+              'select(.Properties.Action != "lambda:InvokeFunction")]|map(.LogicalResourceId) ',
+        message: 'Lambda permission beside InvokeFunction might not be what you want?  Not sure!?'
+
+violation jq: '[.Resources|with_entries(.value.LogicalResourceId = .key)[] | select(.Type == "AWS::Lambda::Permission")|'\
+              'select(.Properties.Principal == "*")]|map(.LogicalResourceId) ',
+        message: 'Lambda permission principal should not be wildcard'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.0.14
+  version: 0.0.15
 platform: ruby
 authors:
 - someguy
@@ -56,6 +56,7 @@ files:
 - lib/json_rules/ebs_rules.rb
 - lib/json_rules/iam_policy_rules.rb
 - lib/json_rules/iam_user_rules.rb
+- lib/json_rules/lambda_rules.rb
 - lib/json_rules/loadbalancer_rules.rb
 - lib/json_rules/port_rules.rb
 - lib/json_rules/s3_bucket_rules.rb