class VpcHasFlowLogRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb, line 19
def audit_impl(cfn_model)
  violating_vpcs = cfn_model.resources_by_type('AWS::EC2::VPC')
                            .select do |vpc|
    flowlog_for_vpc(cfn_model, vpc).nil?
  end

  violating_vpcs.map(&:logical_resource_id)
end
flowlog_for_vpc(cfn_model, vpc) click to toggle source
# File lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb, line 28
def flowlog_for_vpc(cfn_model, vpc)
  cfn_model.resources_by_type('AWS::EC2::FlowLog').find do |flowlog|
    if flowlog.resourceId && flowlog.resourceId['Ref']
      flowlog.resourceId['Ref'] == vpc.logical_resource_id
    end
  end
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb, line 15
def rule_id
  'W60'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb, line 7
def rule_text
  'VPC should have a flow log attached'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/VpcHasFlowLogRule.rb, line 11
def rule_type
  Violation::WARNING
end