cfn-nag 0.4.60 → 0.4.61

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb +32 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e521cca339b0d04bdf312516c723feeee8d8e51232dd3fa1858e7f1dfa850ef2
4
- data.tar.gz: f026fd261930526d39b2267fd7e503f10beb6f84eadd3f6b42b73c5635f0c3d6
3
+ metadata.gz: 4e2fbf41ee7b7b7c9a006eebc84d6efc8192a766bfe98680d1c25cded44c0b5b
4
+ data.tar.gz: 7007b13295ec63c3b74bb5cb028b235646006c0b8b8c520dd42aed396416d9a2
5
5
  SHA512:
6
- metadata.gz: 941801eba255c52d33f4db65a0cc070048bb7c8c01fd333080a87cd444d6ff1557342a07cfb0a05a75c14c8540f9cd297474c5e46aafdb6259224893c4d16ef5
7
- data.tar.gz: 0d377e26405a6cd68a4cc5269139ef33ca7fe33fd189b4c9f00a352890edf02730a59a50b668791d789b3b40d3d160812c6ec3c592176e7d727ec5fcb0a85d73
6
+ metadata.gz: d008c8dcd79768df12e4e07b348fcd84dde7e10b62d3552377d8ec58310e03e77929eafa62b7151169e7a8da6fe1b33938baef812643fcab3aeefd380453729e
7
+ data.tar.gz: 62892dac3ea28382e002452ef7f269301953767645b5eaee8b826eec8d45e801551a1940a3c0a88fb47a297f9dc2ef9f1de52e24efea8e1cbf0da31a6f370242
data/lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb ADDED
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class ElasticsearchDomainEncryptionAtRestOptionsRule < BaseRule
7
+ def rule_text
8
+ 'ElasticsearchcDomain should specify EncryptionAtRestOptions'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W54'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_domains = cfn_model.resources_by_type('AWS::Elasticsearch::Domain').select do |domain|
21
+ domain.encryptionAtRestOptions.nil? || encryption_not_enabled?(domain.encryptionAtRestOptions)
22
+ end
23
+
24
+ violating_domains.map(&:logical_resource_id)
25
+ end
26
+
27
+ private
28
+
29
+ def encryption_not_enabled?(encryption_at_rest_options)
30
+ encryption_at_rest_options['Enabled'].nil? || encryption_at_rest_options['Enabled'].to_s.casecmp?('false')
31
+ end
32
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.60
4
+ version: 0.4.61
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -181,6 +181,7 @@ files:
181
181
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
182
182
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
183
183
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb
184
+ - lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb
184
185
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
185
186
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb
186
187
  - lib/cfn-nag/custom_rules/IamManagedPolicyPassRoleWildcardResourceRule.rb