cfn-nag 0.5.53 → 0.5.54

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb +28 -10
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ac1bdca59f3a327ab7ae81c32a49c552f39dc73b35336482e59a402de8028fd7
4
- data.tar.gz: d6ca34d13ad4f7fb051ef361696c243a7276fca82101c8e8fdeffee0d161085b
3
+ metadata.gz: 8232b564687290f3dd3b3e1c269ab6c1dbcd69ed7c63239dcf85f91afc4c687b
4
+ data.tar.gz: 705772c9cabfb4f41332ea8cb0b4d21b46b5a8ef3bcb6789f7f9f77decb1bdf9
5
5
  SHA512:
6
- metadata.gz: 0073ae1c50938347a514300cf3bff5dd989437ae735832e23a9c0d6aff7b38c5aa9426a5bad88875d97eb83a37667b267e3d7e0a2e4e053d53313e933c480ff2
7
- data.tar.gz: ca82e692882a48e14e50e9d17bc789f362e30608c7226304619486c4d35ec22e67ccd7eaa00d014bacf884a42a1edb566453a048425398521447770f5fa77044
6
+ metadata.gz: e56d4d946f611a683a9b4f87954eaf8f65ad7dc904cf1c151f7d5f318ca9951a21daf4bcf6c933b010cd10291028e2657f782d75db5b54df519f89f92f9d008f
7
+ data.tar.gz: e18d8150848d43a2e7fb2ac5c0c5f79dde276b6c528b0218fe19cf07d596dbc3ae0f0e18561f4f4c517e3c069c1858926c922d661d9c31250acc503451e32c5e
data/lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb CHANGED
@@ -1,21 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require_relative 'base'
4
+ require 'cfn-nag/util/truthy.rb'
3
5
  require 'cfn-nag/violation'
4
- require_relative 'boolean_base_rule'
5
6
 
6
- class RDSInstanceDeletionProtectionRule < BooleanBaseRule
7
+ class RDSInstanceDeletionProtectionRule < BaseRule
7
8
  def rule_text
8
9
  'RDS instance should have deletion protection enabled'
9
10
  end
10
11
 
11
- def resource_type
12
- 'AWS::RDS::DBInstance'
13
- end
14
-
15
- def boolean_property
16
- :deletionProtection
17
- end
18
-
19
12
  def rule_type
20
13
  Violation::FAILING_VIOLATION
21
14
  end
@@ -23,4 +16,29 @@ class RDSInstanceDeletionProtectionRule < BooleanBaseRule
23
16
  def rule_id
24
17
  'F80'
25
18
  end
19
+
20
+ def audit_impl(cfn_model)
21
+ rds_dbinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance')
22
+
23
+ violating_rdsinstances = rds_dbinstances.select do |instance|
24
+ not_protected?(instance) && !aurora?(instance)
25
+ end
26
+
27
+ violating_rdsinstances.map(&:logical_resource_id)
28
+ end
29
+
30
+ private
31
+
32
+ def not_protected?(instance)
33
+ not_truthy?(instance.deletionProtection) || instance.deletionProtection == { 'Ref' => 'AWS::NoValue' }
34
+ end
35
+
36
+ def aurora?(db_instance)
37
+ aurora_engines = %w[
38
+ aurora
39
+ aurora-mysql
40
+ aurora-postgresql
41
+ ]
42
+ aurora_engines.include? db_instance.engine
43
+ end
26
44
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.53
4
+ version: 0.5.54
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic