cfn-nag 0.3.56 → 0.3.57

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb +27 -0
  3. data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb +27 -0
  4. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8123748b8a78389365b846d062dc47672cf6e4156175a6e3c92b545892f7082f
4
- data.tar.gz: ffc2cd7cd5e2301c13c9ba445ccf039cddc2ebc1061a6a3f1d54e29a05b3604e
3
+ metadata.gz: 79dcb4fea6efff2ae6d4b3a265e606cb3169c1038b79eef78d759415aff32d0b
4
+ data.tar.gz: 7d18ff483aee02076573a365a75950f8cd889c4b3c53ac9250d61526102c4647
5
5
  SHA512:
6
- metadata.gz: ce04761bd32b368ae701ce72fcf53350f5999a203f3709d56a58b2d9289bd20d2076aee9d3f7fea71ea9668eb366f637d42314b1e0d8d66e0f6ed82b062ff4d7
7
- data.tar.gz: e42492fb96b2941366508ac2f0cb1489970f1ac428b22cb23d408e6ce224bca3415c438f7825a29b05db6039a5303d74f4517e51fdd0364f400f4ba5bc764692
6
+ metadata.gz: 1d446aa26de33b539dab26e8330ccb2f6fccdfb6853b3bdaf835cfda4769f622395ee5de6ff9ba25b0a40de3e92a576c088f0a41f5de1b8519802879f979cc43
7
+ data.tar.gz: daa22f691a631f4f5fce8ad1493530e7cc0ebbfc036891b13de5bf10519a9eca0e1465a5221c1127e0501381d03db7ec809818d4c55866369c0642a244942623
data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ require 'cfn-nag/violation'
2
+ require_relative 'base'
3
+
4
+ class ElastiCacheReplicationGroupAtRestEncryptionRule < BaseRule
5
+ def rule_text
6
+ 'ElastiCache ReplicationGroup should have encryption enabled for at rest'
7
+ end
8
+
9
+ def rule_type
10
+ Violation::FAILING_VIOLATION
11
+ end
12
+
13
+ def rule_id
14
+ 'F25'
15
+ end
16
+
17
+ def audit_impl(cfn_model)
18
+ resources = cfn_model.resources_by_type('AWS::ElastiCache::ReplicationGroup')
19
+
20
+ violating_groups = resources.select do |group|
21
+ group.atRestEncryptionEnabled.nil? ||
22
+ group.atRestEncryptionEnabled.to_s.casecmp('false').zero?
23
+ end
24
+
25
+ violating_groups.map(&:logical_resource_id)
26
+ end
27
+ end
data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ require 'cfn-nag/violation'
2
+ require_relative 'base'
3
+
4
+ class ElastiCacheReplicationGroupTransitEncryptionRule < BaseRule
5
+ def rule_text
6
+ 'ElastiCache ReplicationGroup should have encryption enabled for in transit'
7
+ end
8
+
9
+ def rule_type
10
+ Violation::FAILING_VIOLATION
11
+ end
12
+
13
+ def rule_id
14
+ 'F24'
15
+ end
16
+
17
+ def audit_impl(cfn_model)
18
+ resources = cfn_model.resources_by_type('AWS::ElastiCache::ReplicationGroup')
19
+
20
+ violating_groups = resources.select do |group|
21
+ group.transitEncryptionEnabled.nil? ||
22
+ group.transitEncryptionEnabled.to_s.casecmp('false').zero?
23
+ end
24
+
25
+ violating_groups.map(&:logical_resource_id)
26
+ end
27
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.56
4
+ version: 0.3.57
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-22 00:00:00.000000000 Z
11
+ date: 2019-04-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -140,6 +140,8 @@ files:
140
140
  - lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb
141
141
  - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
142
142
  - lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
143
+ - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
144
+ - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
143
145
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
144
146
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
145
147
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb