class IamUserLoginProfilePasswordResetRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 20
def audit_impl(cfn_model)
  violating_iam_users = cfn_model.resources_by_type('AWS::IAM::User').select do |iam_user|
    violating_iam_users?(iam_user)
  end

  violating_iam_users.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 16
def rule_id
  'W50'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 8
def rule_text
  'IAM User Login Profile should exist and have PasswordResetRequired property set to true'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 12
def rule_type
  Violation::WARNING
end

Private Instance Methods

iam_user_password_reset_required_key?(login_profile) click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 30
def iam_user_password_reset_required_key?(login_profile)
  if login_profile.key? 'PasswordResetRequired'
    if login_profile['PasswordResetRequired'].nil?
      true
    elsif not_truthy?(login_profile['PasswordResetRequired'])
      true
    end
  else
    true
  end
end
violating_iam_users?(iam_user) click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 42
def violating_iam_users?(iam_user)
  if !iam_user.loginProfile.nil?
    iam_user_password_reset_required_key?(iam_user.loginProfile)
  else
    false
  end
end