class GameLiftFleetInboundPortRangeRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb, line 19
def audit_impl(cfn_model)
  violating_gamelift_fleets = cfn_model.resources_by_type('AWS::GameLift::Fleet').select do |gamelift_fleet|
    violating_permissions = gamelift_fleet.eC2InboundPermissions.select do |permission|
      # Cast to strings incase template provided mixed types
      permission['FromPort'].to_s != permission['ToPort'].to_s
    end

    !violating_permissions.empty?
  end

  violating_gamelift_fleets.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb, line 15
def rule_id
  'W65'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb, line 7
def rule_text
  'GameLift fleet EC2InboundPermissions found with port range instead of just a single port'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb, line 11
def rule_type
  Violation::WARNING
end