class CloudFormationAuthenticationRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 19 def audit_impl(cfn_model) violating_resources = cfn_model.raw_model['Resources'].select do |_resource_name, resource| resource_has_authentication?(resource) && resource_has_sensitive_credentials?(resource) end violating_resources.keys end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 15 def rule_id 'W1' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 7 def rule_text 'Specifying credentials in the template itself is probably not the safest thing' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 11 def rule_type Violation::WARNING end
Private Instance Methods
potentially_sensitive_credentials?(auth)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 38 def potentially_sensitive_credentials?(auth) auth['accessKeyId'] || auth['password'] || auth['secretKey'] end
resource_has_authentication?(resource)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 34 def resource_has_authentication?(resource) resource['Metadata'] && resource['Metadata']['AWS::CloudFormation::Authentication'] end
resource_has_sensitive_credentials?(resource)
click to toggle source
# File lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb, line 28 def resource_has_sensitive_credentials?(resource) resource['Metadata']['AWS::CloudFormation::Authentication'].find do |_auth_name, auth| potentially_sensitive_credentials? auth end end