cfn-nag 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/S3BucketAccessLoggingRule.rb +26 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0f5de570723903c2f18b9357dff531d4f5b20f6fe39e8dfe91deac5958727b68
|
4
|
+
data.tar.gz: 57995b9d7d51647a764c839b11be7faccd1d1a80e46f9fb3a304543684de44c7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dda098626fa0aa22b6f244c24b4c2935ddc27c6da3f127644548ededd5901790e1478b74027c69854eb04b24496688ebb224c3d72fff69042c728cb403776986
|
7
|
+
data.tar.gz: d03936c85264a72189f2690c9fc348c962ad0d32fc6826216d0fc0da59f67099112bcc870c278c59e6855e145dde5a8a7dfb6ae6f3af3beda43a127f8a9a143a
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'base'
|
5
|
+
|
6
|
+
class S3BucketAccessLoggingRule < BaseRule
|
7
|
+
def rule_text
|
8
|
+
'S3 Bucket should have access logging configured'
|
9
|
+
end
|
10
|
+
|
11
|
+
def rule_type
|
12
|
+
Violation::WARNING
|
13
|
+
end
|
14
|
+
|
15
|
+
def rule_id
|
16
|
+
'W35'
|
17
|
+
end
|
18
|
+
|
19
|
+
def audit_impl(cfn_model)
|
20
|
+
violating_buckets = cfn_model.resources_by_type('AWS::S3::Bucket').select do |bucket|
|
21
|
+
bucket.loggingConfiguration.nil?
|
22
|
+
end
|
23
|
+
|
24
|
+
violating_buckets.map(&:logical_resource_id)
|
25
|
+
end
|
26
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -177,6 +177,7 @@ files:
|
|
177
177
|
- lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
|
178
178
|
- lib/cfn-nag/custom_rules/RedshiftClusterEncryptedRule.rb
|
179
179
|
- lib/cfn-nag/custom_rules/ResourceWithExplicitNameRule.rb
|
180
|
+
- lib/cfn-nag/custom_rules/S3BucketAccessLoggingRule.rb
|
180
181
|
- lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb
|
181
182
|
- lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb
|
182
183
|
- lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb
|