cfn-nag 0.5.47 → 0.5.48
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/DynamoDBEncryptionRule.rb +27 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '08220755ff105b0beb2227a6f10ac84286f56b9110db4a6168212ff6d39f6e49'
|
4
|
+
data.tar.gz: 9bb91dc2a76bc69853988dad4ce5fec319883a4a4a3c778b99f24f70ef879514
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '005169dde876c4285fee9fde7a94247cfd431346a26ae67d0ebd58dfc2cfe821024a6e40f292f9d106b0162550293c1f585dc2e8cad3219fc689813b11da5126'
|
7
|
+
data.tar.gz: 831ce0b71288c357ca99d9b3becaf41b335ccd45c4399577ff006ca5d6271dcc584259ad7f27682db6bf711d12c1425a68d1de6dc403609d15b5e9d0a685b815
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require 'cfn-nag/util/truthy'
|
5
|
+
require_relative 'base'
|
6
|
+
|
7
|
+
class DynamoDBEncryptionRule < BaseRule
|
8
|
+
def rule_text
|
9
|
+
'DynamoDB table should have encryption enabled using a CMK stored in KMS'
|
10
|
+
end
|
11
|
+
|
12
|
+
def rule_type
|
13
|
+
Violation::WARNING
|
14
|
+
end
|
15
|
+
|
16
|
+
def rule_id
|
17
|
+
'W74'
|
18
|
+
end
|
19
|
+
|
20
|
+
def audit_impl(cfn_model)
|
21
|
+
violating_ddb_tables = cfn_model.resources_by_type('AWS::DynamoDB::Table').select do |table|
|
22
|
+
table.sSESpecification.nil? || !truthy?(table.sSESpecification['SSEEnabled'].to_s)
|
23
|
+
end
|
24
|
+
|
25
|
+
violating_ddb_tables.map(&:logical_resource_id)
|
26
|
+
end
|
27
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.48
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -202,6 +202,7 @@ files:
|
|
202
202
|
- lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
|
203
203
|
- lib/cfn-nag/custom_rules/DocDBDBClusterMasterUserPasswordRule.rb
|
204
204
|
- lib/cfn-nag/custom_rules/DynamoDBBillingModeRule.rb
|
205
|
+
- lib/cfn-nag/custom_rules/DynamoDBEncryptionRule.rb
|
205
206
|
- lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb
|
206
207
|
- lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb
|
207
208
|
- lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb
|