class CloudFormationAuthenticationRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 19
def audit_impl(cfn_model)
  violating_resources = cfn_model.raw_model['Resources'].select do |_resource_name, resource|
    resource_has_authentication?(resource) && resource_has_sensitive_credentials?(resource)
  end
  violating_resources.keys
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 15
def rule_id
  'W1'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 7
def rule_text
  'Specifying credentials in the template itself is probably not the safest thing'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 11
def rule_type
  Violation::WARNING
end

Private Instance Methods

potentially_sensitive_credentials?(auth) click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 38
def potentially_sensitive_credentials?(auth)
  auth['accessKeyId'] || auth['password'] || auth['secretKey']
end
resource_has_authentication?(resource) click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 34
def resource_has_authentication?(resource)
  resource['Metadata'] && resource['Metadata']['AWS::CloudFormation::Authentication']
end
resource_has_sensitive_credentials?(resource) click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 28
def resource_has_sensitive_credentials?(resource)
  resource['Metadata']['AWS::CloudFormation::Authentication'].find do |_auth_name, auth|
    potentially_sensitive_credentials? auth
  end
end