cfn-nag 0.4.32 → 0.4.33

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb +27 -0
  3. data/lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb +10 -11
  4. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e0a6819df2c336e0bb1ef07b208904b86f57a2196662d3d19400af8f1a3e6685
4
- data.tar.gz: 6aaf41ba6de74d2e23e4be417f1921e642bb541b86394906c1e6bc3704e0901f
3
+ metadata.gz: 1ec5b3cfc2ced9f607e73fbed7b089eea84557790e9437fd561f45f0e6c4b9ab
4
+ data.tar.gz: 36dc09072565257d707f06a1b90372a32cb50250a2e0eb1771696ac1e86b2a42
5
5
  SHA512:
6
- metadata.gz: f51b67dc85200d5d349ac0bbbd26585a1956dddb23dba4b1c210f8527b74050b4e3bc1f17a6a975b192945836165714c20ab4e5e8d605e75c6f3d74821fe293c
7
- data.tar.gz: f74dd428e534d1df734f7bb13e087a67c30af46d5b7e755ebc056e9dac3ec99bc551fc84aa791d6f31b0b203894deeeb4ede05a5a4bfca32b59e0ea38f5f7457
6
+ metadata.gz: a55bce3659d9275f43acfa7be9972da439d8f3a334d3154ab72a841694a91663143f04a28a154fc5709a0c66159ad60c5f1c59443d927b0819d21d0ab451f216
7
+ data.tar.gz: 56589b4434346cb1ba5428c0e3bad1f1a15a41bf96d4024f990f8d67ab1a7ec04708e00f6dc958ea606b11b048677fcc3b8992944bfeff96534ab0737513f729
data/lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class EbsVolumeEncryptionKeyRule < BaseRule
7
+ def rule_text
8
+ 'EBS Volume should specify a KmsKeyId value'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W37'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_volumes = cfn_model.resources_by_type('AWS::EC2::Volume')
21
+ .select do |volume|
22
+ volume.kmsKeyId.nil? || volume.kmsKeyId == { 'Ref' => 'AWS::NoValue' }
23
+ end
24
+
25
+ violating_volumes.map(&:logical_resource_id)
26
+ end
27
+ end
data/lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb CHANGED
@@ -1,13 +1,21 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'cfn-nag/violation'
4
- require_relative 'base'
4
+ require_relative 'boolean_base_rule'
5
5
 
6
- class EbsVolumeHasSseRule < BaseRule
6
+ class EbsVolumeHasSseRule < BooleanBaseRule
7
7
  def rule_text
8
8
  'EBS volume should have server-side encryption enabled'
9
9
  end
10
10
 
11
+ def resource_type
12
+ 'AWS::EC2::Volume'
13
+ end
14
+
15
+ def boolean_property
16
+ :encrypted
17
+ end
18
+
11
19
  def rule_type
12
20
  Violation::FAILING_VIOLATION
13
21
  end
@@ -15,13 +23,4 @@ class EbsVolumeHasSseRule < BaseRule
15
23
  def rule_id
16
24
  'F1'
17
25
  end
18
-
19
- def audit_impl(cfn_model)
20
- violating_volumes = cfn_model.resources_by_type('AWS::EC2::Volume')
21
- .select do |volume|
22
- volume.encrypted.nil? || volume.encrypted.to_s.casecmp('false').zero?
23
- end
24
-
25
- violating_volumes.map(&:logical_resource_id)
26
- end
27
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.32
4
+ version: 0.4.33
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -180,6 +180,7 @@ files:
180
180
  - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
181
181
  - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
182
182
  - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
183
+ - lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb
183
184
  - lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
184
185
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
185
186
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb