cfn-nag 0.4.50 → 0.4.51
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 78b33a6161c54bf1e7745c16c0b5b1cd494ad838db994437c80ec63493906700
|
4
|
+
data.tar.gz: cfbd391c61bd3dc697222ce2ba19dc0a8cc4da368cd9187c974c7f310abf476b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d9754d47d8334b0ca1bcf0e4f8d2550d215a7868a40061ee8098d1d23201421c7d8ae1ec62325fb5f823b51dfa8b01ab26191dd154c6189fbea9974677109584
|
7
|
+
data.tar.gz: 0e7e64c9303f5400243b516dc47c6b34b141ffe6ecb47c1c40566da288c7650786c88bb942b4b5948c83824e71665d2add8b0d7d96025efc71a4968b83d757b5
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'base'
|
5
|
+
|
6
|
+
class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
|
7
|
+
def rule_text
|
8
|
+
'Elastic Load Balancer V2 should have access logging enabled'
|
9
|
+
end
|
10
|
+
|
11
|
+
def rule_type
|
12
|
+
Violation::WARNING
|
13
|
+
end
|
14
|
+
|
15
|
+
def rule_id
|
16
|
+
'W52'
|
17
|
+
end
|
18
|
+
|
19
|
+
def audit_impl(cfn_model)
|
20
|
+
violating_elbs = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::LoadBalancer')
|
21
|
+
.select do |elb|
|
22
|
+
elb.loadBalancerAttributes.nil? || missing_access_logs?(elb) || access_logging_is_false?(elb)
|
23
|
+
end
|
24
|
+
|
25
|
+
violating_elbs.map(&:logical_resource_id)
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def access_logging_is_false?(load_balancer)
|
31
|
+
false_access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
|
32
|
+
load_balancer_attribute['Key'] == 'access_logs.s3.enabled' && load_balancer_attribute['Value'].casecmp?('false')
|
33
|
+
end
|
34
|
+
false_access_log_attribute
|
35
|
+
end
|
36
|
+
|
37
|
+
def missing_access_logs?(load_balancer)
|
38
|
+
access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
|
39
|
+
load_balancer_attribute['Key'] == 'access_logs.s3.enabled'
|
40
|
+
end
|
41
|
+
access_log_attribute.nil?
|
42
|
+
end
|
43
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.51
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-12-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -174,6 +174,7 @@ files:
|
|
174
174
|
- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
|
175
175
|
- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
|
176
176
|
- lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
|
177
|
+
- lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb
|
177
178
|
- lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
|
178
179
|
- lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb
|
179
180
|
- lib/cfn-nag/custom_rules/IamManagedPolicyPassRoleWildcardResourceRule.rb
|