class RDSInstanceDeletionProtectionRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 20
def audit_impl(cfn_model)
  rds_dbinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance')

  violating_rdsinstances = rds_dbinstances.select do |instance|
    not_protected?(instance) && !aurora?(instance)
  end

  violating_rdsinstances.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 16
def rule_id
  'F80'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 8
def rule_text
  'RDS instance should have deletion protection enabled'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 12
def rule_type
  Violation::FAILING_VIOLATION
end

Private Instance Methods

aurora?(db_instance) click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 36
def aurora?(db_instance)
  aurora_engines = %w[
    aurora
    aurora-mysql
    aurora-postgresql
  ]
  aurora_engines.include? db_instance.engine
end
not_protected?(instance) click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 32
def not_protected?(instance)
  not_truthy?(instance.deletionProtection) || instance.deletionProtection == { 'Ref' => 'AWS::NoValue' }
end