cfn-nag 0.5.13 → 0.5.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb +35 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ab02e7d2daf7be0134c7e05b20099adf93e71c9fde86ec7bf9c08c89414d747e
4
- data.tar.gz: 5655b685d7dba5eabc415f27a48891c183a02f57e1ec10776b4928f8f96650cf
3
+ metadata.gz: f65bcb143842fb3d452533c66fb9565aef16202c26cf128e7f5149357eea7016
4
+ data.tar.gz: a9697c8ca1fba8411ca961a35f6845dfea666f0ccbec66e43f0109d209913dde
5
5
  SHA512:
6
- metadata.gz: 560fb2a1cb437fa6d66189c52accdf8ea32b4ba7a5508bb9eb1e6a9fb1a9f4e03a4464170f8eff653c2a3e798fe1f685cfe4c770c03719e844c19b819043b9e8
7
- data.tar.gz: fb59d45b11891e6002688d525c001ccd38ddba784f3b786abfc01d19ab45e9e4d9d62b4d2e187d233c798f511284df3dc2bc41438acbbe990ef90b77e79825f5
6
+ metadata.gz: dd7516f8ecab2c37edd79704bb560395a7a44187979388834f4f2ce350ded03b67a821dd08beeec983bcfa29c048cc5fcd0e915e2bd2e7bb3b5550585b3a93b7
7
+ data.tar.gz: 83b6445875a38e00b5c540e8916812068502902866ade213132ac9cca36bb39e1aa601658732a67910e620b86c3a59d5e6d3345c3d9c30f5d4f9e86f51daf46c
data/lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class VpcHasFlowLogRule < BaseRule
7
+ def rule_text
8
+ 'VPC should have a flow log attached'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W60'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_vpcs = cfn_model.resources_by_type('AWS::EC2::VPC')
21
+ .select do |vpc|
22
+ flowlog_for_vpc(cfn_model, vpc).nil?
23
+ end
24
+
25
+ violating_vpcs.map(&:logical_resource_id)
26
+ end
27
+
28
+ def flowlog_for_vpc(cfn_model, vpc)
29
+ cfn_model.resources_by_type('AWS::EC2::FlowLog').find do |flowlog|
30
+ if flowlog.resourceId && flowlog.resourceId['Ref']
31
+ flowlog.resourceId['Ref'] == vpc.logical_resource_id
32
+ end
33
+ end
34
+ end
35
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.13
4
+ version: 0.5.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-26 00:00:00.000000000 Z
11
+ date: 2020-03-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -299,6 +299,7 @@ files:
299
299
  - lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardPrincipalRule.rb
300
300
  - lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb
301
301
  - lib/cfn-nag/custom_rules/UserMissingGroupRule.rb
302
+ - lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb
302
303
  - lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb
303
304
  - lib/cfn-nag/custom_rules/WorkspacesWorkspaceEncryptionRule.rb
304
305
  - lib/cfn-nag/custom_rules/base.rb