cfn-nag 0.4.60 → 0.4.61
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4e2fbf41ee7b7b7c9a006eebc84d6efc8192a766bfe98680d1c25cded44c0b5b
|
4
|
+
data.tar.gz: 7007b13295ec63c3b74bb5cb028b235646006c0b8b8c520dd42aed396416d9a2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d008c8dcd79768df12e4e07b348fcd84dde7e10b62d3552377d8ec58310e03e77929eafa62b7151169e7a8da6fe1b33938baef812643fcab3aeefd380453729e
|
7
|
+
data.tar.gz: 62892dac3ea28382e002452ef7f269301953767645b5eaee8b826eec8d45e801551a1940a3c0a88fb47a297f9dc2ef9f1de52e24efea8e1cbf0da31a6f370242
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'base'
|
5
|
+
|
6
|
+
class ElasticsearchDomainEncryptionAtRestOptionsRule < BaseRule
|
7
|
+
def rule_text
|
8
|
+
'ElasticsearchcDomain should specify EncryptionAtRestOptions'
|
9
|
+
end
|
10
|
+
|
11
|
+
def rule_type
|
12
|
+
Violation::WARNING
|
13
|
+
end
|
14
|
+
|
15
|
+
def rule_id
|
16
|
+
'W54'
|
17
|
+
end
|
18
|
+
|
19
|
+
def audit_impl(cfn_model)
|
20
|
+
violating_domains = cfn_model.resources_by_type('AWS::Elasticsearch::Domain').select do |domain|
|
21
|
+
domain.encryptionAtRestOptions.nil? || encryption_not_enabled?(domain.encryptionAtRestOptions)
|
22
|
+
end
|
23
|
+
|
24
|
+
violating_domains.map(&:logical_resource_id)
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def encryption_not_enabled?(encryption_at_rest_options)
|
30
|
+
encryption_at_rest_options['Enabled'].nil? || encryption_at_rest_options['Enabled'].to_s.casecmp?('false')
|
31
|
+
end
|
32
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.61
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -181,6 +181,7 @@ files:
|
|
181
181
|
- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb
|
182
182
|
- lib/cfn-nag/custom_rules/ElasticLoadBalancerAccessLoggingRule.rb
|
183
183
|
- lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb
|
184
|
+
- lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb
|
184
185
|
- lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb
|
185
186
|
- lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb
|
186
187
|
- lib/cfn-nag/custom_rules/IamManagedPolicyPassRoleWildcardResourceRule.rb
|