cfn-nag 0.4.32 → 0.4.33
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ec5b3cfc2ced9f607e73fbed7b089eea84557790e9437fd561f45f0e6c4b9ab
|
4
|
+
data.tar.gz: 36dc09072565257d707f06a1b90372a32cb50250a2e0eb1771696ac1e86b2a42
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a55bce3659d9275f43acfa7be9972da439d8f3a334d3154ab72a841694a91663143f04a28a154fc5709a0c66159ad60c5f1c59443d927b0819d21d0ab451f216
|
7
|
+
data.tar.gz: 56589b4434346cb1ba5428c0e3bad1f1a15a41bf96d4024f990f8d67ab1a7ec04708e00f6dc958ea606b11b048677fcc3b8992944bfeff96534ab0737513f729
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'base'
|
5
|
+
|
6
|
+
class EbsVolumeEncryptionKeyRule < BaseRule
|
7
|
+
def rule_text
|
8
|
+
'EBS Volume should specify a KmsKeyId value'
|
9
|
+
end
|
10
|
+
|
11
|
+
def rule_type
|
12
|
+
Violation::WARNING
|
13
|
+
end
|
14
|
+
|
15
|
+
def rule_id
|
16
|
+
'W37'
|
17
|
+
end
|
18
|
+
|
19
|
+
def audit_impl(cfn_model)
|
20
|
+
violating_volumes = cfn_model.resources_by_type('AWS::EC2::Volume')
|
21
|
+
.select do |volume|
|
22
|
+
volume.kmsKeyId.nil? || volume.kmsKeyId == { 'Ref' => 'AWS::NoValue' }
|
23
|
+
end
|
24
|
+
|
25
|
+
violating_volumes.map(&:logical_resource_id)
|
26
|
+
end
|
27
|
+
end
|
@@ -1,13 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'cfn-nag/violation'
|
4
|
-
require_relative '
|
4
|
+
require_relative 'boolean_base_rule'
|
5
5
|
|
6
|
-
class EbsVolumeHasSseRule <
|
6
|
+
class EbsVolumeHasSseRule < BooleanBaseRule
|
7
7
|
def rule_text
|
8
8
|
'EBS volume should have server-side encryption enabled'
|
9
9
|
end
|
10
10
|
|
11
|
+
def resource_type
|
12
|
+
'AWS::EC2::Volume'
|
13
|
+
end
|
14
|
+
|
15
|
+
def boolean_property
|
16
|
+
:encrypted
|
17
|
+
end
|
18
|
+
|
11
19
|
def rule_type
|
12
20
|
Violation::FAILING_VIOLATION
|
13
21
|
end
|
@@ -15,13 +23,4 @@ class EbsVolumeHasSseRule < BaseRule
|
|
15
23
|
def rule_id
|
16
24
|
'F1'
|
17
25
|
end
|
18
|
-
|
19
|
-
def audit_impl(cfn_model)
|
20
|
-
violating_volumes = cfn_model.resources_by_type('AWS::EC2::Volume')
|
21
|
-
.select do |volume|
|
22
|
-
volume.encrypted.nil? || volume.encrypted.to_s.casecmp('false').zero?
|
23
|
-
end
|
24
|
-
|
25
|
-
violating_volumes.map(&:logical_resource_id)
|
26
|
-
end
|
27
26
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.33
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -180,6 +180,7 @@ files:
|
|
180
180
|
- lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
|
181
181
|
- lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
|
182
182
|
- lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
|
183
|
+
- lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb
|
183
184
|
- lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
|
184
185
|
- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
|
185
186
|
- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
|