class ElasticLoadBalancerV2ListenerSslPolicyRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 19
def audit_impl(cfn_model)
  violating_listeners = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::Listener')
                                 .select do |listener|
    violating_listeners?(listener)
  end

  violating_listeners.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 15
def rule_id
  'W55'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 7
def rule_text
  'Elastic Load Balancer V2 Listener SslPolicy should use TLS 1.2'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 11
def rule_type
  Violation::WARNING
end

Private Instance Methods

violating_listeners?(listener) click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 30
def violating_listeners?(listener)
  if %w[HTTPS TLS].include?(listener.protocol)
    listener.sslPolicy.nil? ||
      %w[ELBSecurityPolicy-2016-08 ELBSecurityPolicy-TLS-1-0-2015-04
         ELBSecurityPolicy-TLS-1-1-2017-01 ELBSecurityPolicy-FS-2018-06
         ELBSecurityPolicy-FS-1-1-2019-08 ELBSecurityPolicy-2015]
        .include?(listener.sslPolicy)
  else
    false
  end
end