cfn-nag 0.3.56 → 0.3.57

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8123748b8a78389365b846d062dc47672cf6e4156175a6e3c92b545892f7082f
-  data.tar.gz: ffc2cd7cd5e2301c13c9ba445ccf039cddc2ebc1061a6a3f1d54e29a05b3604e
+  metadata.gz: 79dcb4fea6efff2ae6d4b3a265e606cb3169c1038b79eef78d759415aff32d0b
+  data.tar.gz: 7d18ff483aee02076573a365a75950f8cd889c4b3c53ac9250d61526102c4647
 SHA512:
-  metadata.gz: ce04761bd32b368ae701ce72fcf53350f5999a203f3709d56a58b2d9289bd20d2076aee9d3f7fea71ea9668eb366f637d42314b1e0d8d66e0f6ed82b062ff4d7
-  data.tar.gz: e42492fb96b2941366508ac2f0cb1489970f1ac428b22cb23d408e6ce224bca3415c438f7825a29b05db6039a5303d74f4517e51fdd0364f400f4ba5bc764692
+  metadata.gz: 1d446aa26de33b539dab26e8330ccb2f6fccdfb6853b3bdaf835cfda4769f622395ee5de6ff9ba25b0a40de3e92a576c088f0a41f5de1b8519802879f979cc43
+  data.tar.gz: daa22f691a631f4f5fce8ad1493530e7cc0ebbfc036891b13de5bf10519a9eca0e1465a5221c1127e0501381d03db7ec809818d4c55866369c0642a244942623

data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb

@@ -0,0 +1,27 @@
+require 'cfn-nag/violation'
+require_relative 'base'
+
+class ElastiCacheReplicationGroupAtRestEncryptionRule < BaseRule
+  def rule_text
+    'ElastiCache ReplicationGroup should have encryption enabled for at rest'
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F25'
+  end
+
+  def audit_impl(cfn_model)
+    resources = cfn_model.resources_by_type('AWS::ElastiCache::ReplicationGroup')
+
+    violating_groups = resources.select do |group|
+      group.atRestEncryptionEnabled.nil? ||
+        group.atRestEncryptionEnabled.to_s.casecmp('false').zero?
+    end
+
+    violating_groups.map(&:logical_resource_id)
+  end
+end

data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb

@@ -0,0 +1,27 @@
+require 'cfn-nag/violation'
+require_relative 'base'
+
+class ElastiCacheReplicationGroupTransitEncryptionRule < BaseRule
+  def rule_text
+    'ElastiCache ReplicationGroup should have encryption enabled for in transit'
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F24'
+  end
+
+  def audit_impl(cfn_model)
+    resources = cfn_model.resources_by_type('AWS::ElastiCache::ReplicationGroup')
+
+    violating_groups = resources.select do |group|
+      group.transitEncryptionEnabled.nil? ||
+        group.transitEncryptionEnabled.to_s.casecmp('false').zero?
+    end
+
+    violating_groups.map(&:logical_resource_id)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.3.56
+  version: 0.3.57
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-22 00:00:00.000000000 Z
+date: 2019-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -140,6 +140,8 @@ files:
 - lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb
 - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
 - lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
+- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
+- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
 - lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
 - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
 - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb