Class: CloudFormationAuthenticationRule

Inherits:

BaseRule

• Object
• BaseRule
• CloudFormationAuthenticationRule

Defined in:

lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb

Instance Method Summary

• #audit_impl(cfn_model) ⇒ Object
• #potentially_sensitive_credentials?(auth) ⇒ Boolean
• #rule_id ⇒ Object
• #rule_text ⇒ Object
• #rule_type ⇒ Object

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object

# File 'lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb', line 17

def audit_impl(cfn_model)
  logical_resource_ids = []
  cfn_model.raw_model['Resources'].each do |resource_name, resource|
    unless resource['Metadata'].nil?
      unless resource['Metadata']['AWS::CloudFormation::Authentication'].nil?

        resource['Metadata']['AWS::CloudFormation::Authentication'].each do |auth_name, auth|
          if potentially_sensitive_credentials? auth
            logical_resource_ids << resource_name
          end
        end

      end
    end
  end
  logical_resource_ids
end

#potentially_sensitive_credentials?(auth) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb', line 35

def potentially_sensitive_credentials?(auth)
  auth['accessKeyId'] || auth['password'] || auth['secretKey']
end

#rule_id ⇒ Object

# File 'lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb', line 13

def rule_id
  'W1'
end

#rule_text ⇒ Object

# File 'lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb', line 5

def rule_text
  'Specifying credentials in the template itself is probably not the safest thing'
end

#rule_type ⇒ Object

# File 'lib/cfn-nag/custom_rules/CloudFormationAuthenticationRule.rb', line 9

def rule_type
  Violation::WARNING
end