class ApiGatewayAccessLoggingRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 20
def audit_impl(cfn_model)
  stage_deployment_ids = stage_deployments_with_logging(cfn_model)

  violating_deployments = cfn_model.resources_by_type('AWS::ApiGateway::Deployment').select do |deployment|
    violating_deployment?(deployment, stage_deployment_ids)
  end

  violating_deployments.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 16
def rule_id
  'W45'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 7
def rule_text
  'ApiGateway Deployment resource should have AccessLogSetting property configured when creating an ' \
  'API Stage itself (through specifying the StageName and StageDescription properties).'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 12
def rule_type
  Violation::WARNING
end

Private Instance Methods

stage_deployments_with_logging(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 40
def stage_deployments_with_logging(cfn_model)
  stage_deployment_ids = []
  cfn_model.resources_by_type('AWS::ApiGateway::Stage').each do |stage|
    unless stage.accessLogSetting.nil? && stage.deploymentId.nil?
      stage_deployment_ids.push(References.resolve_resource_id(stage.deploymentId))
    end
  end
  stage_deployment_ids
end
violating_deployment?(deployment, stage_deployment_ids) click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 32
def violating_deployment?(deployment, stage_deployment_ids)
  if deployment.stageDescription.nil?
    !stage_deployment_ids.include?(deployment.logical_resource_id)
  else
    deployment.stageDescription['AccessLogSetting'].nil?
  end
end