class IamUserLoginProfilePasswordResetRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 20 def audit_impl(cfn_model) violating_iam_users = cfn_model.resources_by_type('AWS::IAM::User').select do |iam_user| violating_iam_users?(iam_user) end violating_iam_users.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 16 def rule_id 'W50' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 8 def rule_text 'IAM User Login Profile should exist and have PasswordResetRequired property set to true' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 12 def rule_type Violation::WARNING end
Private Instance Methods
iam_user_password_reset_required_key?(login_profile)
click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 30 def iam_user_password_reset_required_key?(login_profile) if login_profile.key? 'PasswordResetRequired' if login_profile['PasswordResetRequired'].nil? true elsif not_truthy?(login_profile['PasswordResetRequired']) true end else true end end
violating_iam_users?(iam_user)
click to toggle source
# File lib/cfn-nag/custom_rules/IamUserLoginProfilePasswordResetRule.rb, line 42 def violating_iam_users?(iam_user) if !iam_user.loginProfile.nil? iam_user_password_reset_required_key?(iam_user.loginProfile) else false end end