cfn-nag 0.6.19 → 0.6.20

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 28cde1a5e7484f6b0f2d63097071e68ef162a97de6d5e957cd5638d08aa420ce
4
- data.tar.gz: a325b62b2f79bbb4b4ae2beec6a5beec6c0e40ba53cd1bb10b11a9c26f78e72a
3
+ metadata.gz: acfa4c8d862bf691a56f99ded65fcfab7f5ca114f91a11aa3d453776093fd862
4
+ data.tar.gz: b125a02a79b010e02eee085d7421b359aeefb43de345f5ff8a2ab009c3528c44
5
5
  SHA512:
6
- metadata.gz: 50d18a321a5a0f9050523c657d0f8eee055555fce4e62547738760c5dae59e603ed7ef49e85a4618e51d64fbe30eafd7439e112516c2f7adc021db34b40cacbe
7
- data.tar.gz: b44e85f191a4c3710491cfd2ed9e81e6107b641c28414656f19163ee3cf66b547a19296d28836e6fbface9a1087ccb03bfb037dc72e21a242899d0ee70e07b12
6
+ metadata.gz: 6d52ca5b92b8f8dce9034c493adb4a7c81cebc40211ba524dd8060ce9efdabea09d129d80db2eca2e4560239972d0192302f9027c53bd660139178697e4eb7ed
7
+ data.tar.gz: 5198f37c1c20d290d3c2073928f1509bca083dee22b03b099b456406f2bcbcc9f146a00d59d4fd57ef3bf5f44fb2a3753eddf0a0615544ef1374754c75f509d2
@@ -0,0 +1,37 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/truthy'
5
+ require_relative 'base'
6
+
7
+ class DLMLifecyclePolicyCrossRegionCopyEncryptionRule < BaseRule
8
+ def rule_text
9
+ 'DLM LifecyclePolicy PolicyDetails Actions CrossRegionCopy EncryptionConfiguration should enable Encryption'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::WARNING
14
+ end
15
+
16
+ def rule_id
17
+ 'W81'
18
+ end
19
+
20
+ def audit_impl(cfn_model)
21
+ violating_policies = cfn_model.resources_by_type('AWS::DLM::LifecyclePolicy').select do |policy|
22
+ if policy.policyDetails['Actions'].nil?
23
+ false
24
+ else
25
+ violating_actions = policy.policyDetails['Actions'].select do |action|
26
+ violating_copies = action['CrossRegionCopy'].select do |copy|
27
+ !truthy?(copy['EncryptionConfiguration']['Encrypted'].to_s)
28
+ end
29
+ !violating_copies.empty?
30
+ end
31
+ !violating_actions.empty?
32
+ end
33
+ end
34
+
35
+ violating_policies.map(&:logical_resource_id)
36
+ end
37
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.19
4
+ version: 0.6.20
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -199,6 +199,7 @@ files:
199
199
  - lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb
200
200
  - lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb
201
201
  - lib/cfn-nag/custom_rules/DAXClusterEncryptionRule.rb
202
+ - lib/cfn-nag/custom_rules/DLMLifecyclePolicyCrossRegionCopyEncryptionRule.rb
202
203
  - lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb
203
204
  - lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
204
205
  - lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb