Class: RDSInstanceMasterUserPasswordRule

Inherits:
BaseRule
  • Object
show all
Defined in:
lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object

one word of warning… if somebody applies parameter values via JSON.… this will compare that.… probably shouldn’t be doing that though if it’s NoEcho there’s a good reason bother checking synthesized_value? that would be the indicator.….



24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 24

def audit_impl(cfn_model)
  rds_dbinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance')
  violating_rdsinstances = rds_dbinstances.select do |instance|
    if instance.masterUserPassword.nil?
      false
    else
      !no_echo_parameter_without_default?(cfn_model,
                                          instance.masterUserPassword)
    end
  end

  violating_rdsinstances.map(&:logical_resource_id)
end

#rule_idObject 



16
17
18
 
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 16

def rule_id
  'F23'
end

#rule_textObject 



7
8
9
10
 
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 7

def rule_text
  'RDS instance master user password must be Ref to NoEcho Parameter. ' \
  'Default credentials are not recommended'
end

#rule_typeObject 



12
13
14
 
# File 'lib/cfn-nag/custom_rules/RDSInstanceMasterUserPasswordRule.rb', line 12

def rule_type
  Violation::FAILING_VIOLATION
end