cfn-nag 0.3.84 → 0.3.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb +27 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c33a8491cb7b894b90e448cca20e52df0618e8ba032cfd9e9b292ae356bb9f05
4
- data.tar.gz: b77cf4ffc9fe149b6db4eb1b61560d967c7d21b32060d9fdf5044880ba8dc149
3
+ metadata.gz: f8d615e9dc330c563f34558beeb4c26e48e33108b1e2ec95bd779f0f8231b848
4
+ data.tar.gz: 0d155d7c475a8a14efae1860d89f8dc6b82d2c1754d4eee2f75c1dfa637a34e8
5
5
  SHA512:
6
- metadata.gz: 1a247df6f2e830516644ba5d288d65457ac60baf213ff0cab4e9affed7c3a795f4ba52a6c77b6bb323372f2578f95c55e47ec518cb16e5a88296a843e8422335
7
- data.tar.gz: 350713a1fb6bada81699cba627e1ef9f22b5d050b88f9c77dbd2699c9b389eea54a3ceb37ea19e0bf6c398f1fe001677d25458779a301d4e46d2bf81f0c602c4
6
+ metadata.gz: dbdcbc2184f3352417fb991e26cb190471c548c9a503370d759b394205e92deb1d46a04a963acc69387cc1ed806ced91e110084f960a0a17537c8a34230ef70c
7
+ data.tar.gz: 49dadf883a11d60b5548944c5dd9237e5dbf5a4bcc24f5efd4aea39c38568fcfafa462311239fa81d54d73fdbef27bb6586a68bf72e26109d8f35f62a458a5a1
data/lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class EC2SubnetMapPublicIpOnLaunchRule < BaseRule
7
+ def rule_text
8
+ 'EC2 Subnet should not have MapPublicIpOnLaunch set to true'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W33'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_subnets = cfn_model.resources_by_type('AWS::EC2::Subnet')
21
+ .select do |subnet|
22
+ truthy?(subnet.mapPublicIpOnLaunch)
23
+ end
24
+
25
+ violating_subnets.map(&:logical_resource_id)
26
+ end
27
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.84
4
+ version: 0.3.85
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-02 00:00:00.000000000 Z
11
+ date: 2019-05-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -143,6 +143,7 @@ files:
143
143
  - lib/cfn-nag/custom_rules/CloudFrontDistributionAccessLoggingRule.rb
144
144
  - lib/cfn-nag/custom_rules/CodeBuildEncryptionKeyRule.rb
145
145
  - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
146
+ - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
146
147
  - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
147
148
  - lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
148
149
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb