cfn-nag 0.4.50 → 0.4.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb +43 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23ced2c4a6766dc4a486c41d98a8e08315759993e4df3e8919b66f788eaa2f4b
4
- data.tar.gz: df3054fa03e97822c010520ecc7401bcb9e3734eddba6a0d982881b76a749f19
3
+ metadata.gz: 78b33a6161c54bf1e7745c16c0b5b1cd494ad838db994437c80ec63493906700
4
+ data.tar.gz: cfbd391c61bd3dc697222ce2ba19dc0a8cc4da368cd9187c974c7f310abf476b
5
5
  SHA512:
6
- metadata.gz: c82426118b2e32bfa105d09644a625d4b12fcd30c734b2f7f1a8a26b4a269a68430adce3a9be397d09fb105506556904e8635cc7d41385fd695967f311b80bdd
7
- data.tar.gz: 4de188f0007787f0dd438329bcd55821f835080c21d60f89381fd79e1f4f4d5effdb2fe4cdf2a70237d412238858193241f12ac05bf7f8cf602aa1098cd52d80
6
+ metadata.gz: d9754d47d8334b0ca1bcf0e4f8d2550d215a7868a40061ee8098d1d23201421c7d8ae1ec62325fb5f823b51dfa8b01ab26191dd154c6189fbea9974677109584
7
+ data.tar.gz: 0e7e64c9303f5400243b516dc47c6b34b141ffe6ecb47c1c40566da288c7650786c88bb942b4b5948c83824e71665d2add8b0d7d96025efc71a4968b83d757b5
data/lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb ADDED
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
7
+ def rule_text
8
+ 'Elastic Load Balancer V2 should have access logging enabled'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W52'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_elbs = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::LoadBalancer')
21
+ .select do |elb|
22
+ elb.loadBalancerAttributes.nil? || missing_access_logs?(elb) || access_logging_is_false?(elb)
23
+ end
24
+
25
+ violating_elbs.map(&:logical_resource_id)
26
+ end
27
+
28
+ private
29
+
30
+ def access_logging_is_false?(load_balancer)
31
+ false_access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
32
+ load_balancer_attribute['Key'] == 'access_logs.s3.enabled' && load_balancer_attribute['Value'].casecmp?('false')
33
+ end
34
+ false_access_log_attribute
35
+ end
36
+
37
+ def missing_access_logs?(load_balancer)
38
+ access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
39
+ load_balancer_attribute['Key'] == 'access_logs.s3.enabled'
40
+ end
41
+ access_log_attribute.nil?
42
+ end
43
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.50
4
+ version: 0.4.51
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-29 00:00:00.000000000 Z
11
+ date: 2019-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -174,6 +174,7 @@ files:
174
174
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
175
175
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
176
176
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
177
+ - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb
177
178
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
178
179
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb
179
180
  - lib/cfn-nag/custom_rules/IamManagedPolicyPassRoleWildcardResourceRule.rb