class CognitoUserPoolMfaConfigurationOnorOptionalRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb, line 20
def audit_impl(cfn_model)
  violating_userpools = cfn_model.resources_by_type('AWS::Cognito::UserPool').select do |userpool|
    violating_userpool?(userpool)
  end

  violating_userpools.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb, line 16
def rule_id
  'F78'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb, line 8
def rule_text
  "AWS Cognito UserPool should have MfaConfiguration set to 'ON' (MUST be wrapped in quotes) or at least 'OPTIONAL'"
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb, line 12
def rule_type
  Violation::FAILING_VIOLATION
end

Private Instance Methods

violating_userpool?(user_pool) click to toggle source
# File lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb, line 30
def violating_userpool?(user_pool)
  user_pool.mfaConfiguration.to_s.casecmp('off').zero?
end