cfn-nag 0.5.47 → 0.5.48

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/DynamoDBEncryptionRule.rb +27 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b47091e75c442da5fe53ae831fb7be99ce85207fef705ac84c2ea479015da970
4
- data.tar.gz: 37b41b30fdc3afe83c3320c3855b5812ba2c7032a80ade987d481a37c602ba26
3
+ metadata.gz: '08220755ff105b0beb2227a6f10ac84286f56b9110db4a6168212ff6d39f6e49'
4
+ data.tar.gz: 9bb91dc2a76bc69853988dad4ce5fec319883a4a4a3c778b99f24f70ef879514
5
5
  SHA512:
6
- metadata.gz: b759c4b1475348d6776d2654229e2859fa89e1db48420599a73fe31d86293931664be221ca4d422c438c8a091a933dda3a5a77ac86f4b1c9c8b5db20b9c2339f
7
- data.tar.gz: 3d79059ca28c1cf19d72e9a91b468e68c4d7fd957894e73051fa253efe056a75b4cf6af8837962dc8bbaaca4e63586b6dbb9eb4bd0d3db49b3ef6d30c94955d4
6
+ metadata.gz: '005169dde876c4285fee9fde7a94247cfd431346a26ae67d0ebd58dfc2cfe821024a6e40f292f9d106b0162550293c1f585dc2e8cad3219fc689813b11da5126'
7
+ data.tar.gz: 831ce0b71288c357ca99d9b3becaf41b335ccd45c4399577ff006ca5d6271dcc584259ad7f27682db6bf711d12c1425a68d1de6dc403609d15b5e9d0a685b815
data/lib/cfn-nag/custom_rules/DynamoDBEncryptionRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/truthy'
5
+ require_relative 'base'
6
+
7
+ class DynamoDBEncryptionRule < BaseRule
8
+ def rule_text
9
+ 'DynamoDB table should have encryption enabled using a CMK stored in KMS'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::WARNING
14
+ end
15
+
16
+ def rule_id
17
+ 'W74'
18
+ end
19
+
20
+ def audit_impl(cfn_model)
21
+ violating_ddb_tables = cfn_model.resources_by_type('AWS::DynamoDB::Table').select do |table|
22
+ table.sSESpecification.nil? || !truthy?(table.sSESpecification['SSEEnabled'].to_s)
23
+ end
24
+
25
+ violating_ddb_tables.map(&:logical_resource_id)
26
+ end
27
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.47
4
+ version: 0.5.48
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -202,6 +202,7 @@ files:
202
202
  - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
203
203
  - lib/cfn-nag/custom_rules/DocDBDBClusterMasterUserPasswordRule.rb
204
204
  - lib/cfn-nag/custom_rules/DynamoDBBillingModeRule.rb
205
+ - lib/cfn-nag/custom_rules/DynamoDBEncryptionRule.rb
205
206
  - lib/cfn-nag/custom_rules/EC2NetworkAclEntryDuplicateRule.rb
206
207
  - lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb
207
208
  - lib/cfn-nag/custom_rules/EC2NetworkAclEntryOverlappingPortsRule.rb