Class: RDSInstanceMasterUserPasswordRule
- Defined in:
- lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb
Instance Method Summary collapse
-
#audit_impl(cfn_model) ⇒ Object
one word of warning…
- #rule_id ⇒ Object
- #rule_text ⇒ Object
- #rule_type ⇒ Object
Methods inherited from BaseRule
Instance Method Details
#audit_impl(cfn_model) ⇒ Object
one word of warning… if somebody applies parameter values via JSON.… this will compare that.… probably shouldn’t be doing that though - if it’s NoEcho there’s a good reason bother checking synthesized_value? that would be the indicator.….
20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 20 def audit_impl(cfn_model) violating_rdsinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance').select do |instance| if instance.masterUserPassword.nil? false else !references_no_echo_parameter_without_default?(cfn_model, instance.masterUserPassword) end end violating_rdsinstances.map(&:logical_resource_id) end |
#rule_id ⇒ Object
13 14 15 |
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 13 def rule_id 'F23' end |
#rule_text ⇒ Object
5 6 7 |
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 5 def rule_text 'RDS instance master user password must be Ref to NoEcho Parameter. Default credentials are not recommended' end |
#rule_type ⇒ Object
9 10 11 |
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 9 def rule_type Violation::FAILING_VIOLATION end |