cfn-nag 0.4.50 → 0.4.51

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb +43 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23ced2c4a6766dc4a486c41d98a8e08315759993e4df3e8919b66f788eaa2f4b
4
- data.tar.gz: df3054fa03e97822c010520ecc7401bcb9e3734eddba6a0d982881b76a749f19
3
+ metadata.gz: 78b33a6161c54bf1e7745c16c0b5b1cd494ad838db994437c80ec63493906700
4
+ data.tar.gz: cfbd391c61bd3dc697222ce2ba19dc0a8cc4da368cd9187c974c7f310abf476b
5
5
  SHA512:
6
- metadata.gz: c82426118b2e32bfa105d09644a625d4b12fcd30c734b2f7f1a8a26b4a269a68430adce3a9be397d09fb105506556904e8635cc7d41385fd695967f311b80bdd
7
- data.tar.gz: 4de188f0007787f0dd438329bcd55821f835080c21d60f89381fd79e1f4f4d5effdb2fe4cdf2a70237d412238858193241f12ac05bf7f8cf602aa1098cd52d80
6
+ metadata.gz: d9754d47d8334b0ca1bcf0e4f8d2550d215a7868a40061ee8098d1d23201421c7d8ae1ec62325fb5f823b51dfa8b01ab26191dd154c6189fbea9974677109584
7
+ data.tar.gz: 0e7e64c9303f5400243b516dc47c6b34b141ffe6ecb47c1c40566da288c7650786c88bb942b4b5948c83824e71665d2add8b0d7d96025efc71a4968b83d757b5
data/lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb ADDED
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class ElasticLoadBalancerV2AccessLoggingRule < BaseRule
7
+ def rule_text
8
+ 'Elastic Load Balancer V2 should have access logging enabled'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W52'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_elbs = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::LoadBalancer')
21
+ .select do |elb|
22
+ elb.loadBalancerAttributes.nil? || missing_access_logs?(elb) || access_logging_is_false?(elb)
23
+ end
24
+
25
+ violating_elbs.map(&:logical_resource_id)
26
+ end
27
+
28
+ private
29
+
30
+ def access_logging_is_false?(load_balancer)
31
+ false_access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
32
+ load_balancer_attribute['Key'] == 'access_logs.s3.enabled' && load_balancer_attribute['Value'].casecmp?('false')
33
+ end
34
+ false_access_log_attribute
35
+ end
36
+
37
+ def missing_access_logs?(load_balancer)
38
+ access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
39
+ load_balancer_attribute['Key'] == 'access_logs.s3.enabled'
40
+ end
41
+ access_log_attribute.nil?
42
+ end
43
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.50
4
+ version: 0.4.51
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-29 00:00:00.000000000 Z
11
+ date: 2019-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -174,6 +174,7 @@ files:
174
174
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
175
175
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
176
176
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
177
+ - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb
177
178
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
178
179
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb
179
180
  - lib/cfn-nag/custom_rules/IamManagedPolicyPassRoleWildcardResourceRule.rb