class MissingBucketPolicyRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 19 def audit_impl(cfn_model) violating_buckets = cfn_model.resources_by_type('AWS::S3::Bucket').select do |bucket| policy_for_bucket(cfn_model, bucket).nil? end violating_buckets.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 15 def rule_id 'W51' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 7 def rule_text 'S3 bucket should likely have a bucket policy' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 11 def rule_type Violation::WARNING end
Private Instance Methods
policy_for_bucket(cfn_model, bucket)
click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 29 def policy_for_bucket(cfn_model, bucket) cfn_model.resources_by_type('AWS::S3::BucketPolicy').find do |bucket_policy| if bucket_policy.bucket.is_a?(Hash) && bucket_policy.bucket.key?('Ref') bucket_policy.bucket['Ref'] == bucket.logical_resource_id else bucket.bucketName == bucket_policy.bucket end end end