class KMSKeyRotationRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb, line 19
def audit_impl(cfn_model)
  violating_keys = cfn_model.resources_by_type('AWS::KMS::Key')
                            .select do |key|
    key_rotation_false_or_absent?(key)
  end

  violating_keys.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb, line 15
def rule_id
  'F19'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb, line 7
def rule_text
  'EnableKeyRotation should not be false or absent on KMS::Key resource'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb, line 11
def rule_type
  Violation::FAILING_VIOLATION
end

Private Instance Methods

key_rotation_false_or_absent?(resource) click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb, line 30
def key_rotation_false_or_absent?(resource)
  !truthy?(resource.enableKeyRotation)
end