class CloudfrontMinimumProtocolVersionRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 19 def audit_impl(cfn_model) violating_distributions = cfn_model.resources_by_type('AWS::CloudFront::Distribution') .select do |dist| dist.distributionConfig['ViewerCertificate'].nil? || tls_version?(dist.distributionConfig['ViewerCertificate']) end violating_distributions.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 15 def rule_id 'W70' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 7 def rule_text 'Cloudfront should use minimum protocol version TLS 1.2' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 11 def rule_type Violation::WARNING end
Private Instance Methods
cert_has_bad_tls_version?(min_protocol_version)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 34 def cert_has_bad_tls_version?(min_protocol_version) min_protocol_version.nil? || (min_protocol_version.is_a?(String) && !min_protocol_version.start_with?('TLSv1.2')) end
override_tls_config?(viewer_certificate)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 39 def override_tls_config?(viewer_certificate) !viewer_certificate['CloudFrontDefaultCertificate'].nil? && viewer_certificate['CloudFrontDefaultCertificate'] end
tls_version?(viewer_certificate)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudfrontMinimumProtocolVersionRule.rb, line 30 def tls_version?(viewer_certificate) cert_has_bad_tls_version?(viewer_certificate['MinimumProtocolVersion']) || override_tls_config?(viewer_certificate) end