Class: CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule

Inherits:
BaseRule
  • Object
show all
Defined in:
lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object


21
22
23
24
25
26
27
# File 'lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb', line 21

def audit_impl(cfn_model)
  violating_identity_pools = cfn_model.resources_by_type('AWS::Cognito::IdentityPool').select do |identity_pool|
    violating_identity_pool?(identity_pool)
  end

  violating_identity_pools.map(&:logical_resource_id)
end

#rule_idObject


17
18
19
# File 'lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb', line 17

def rule_id
  'W57'
end

#rule_textObject


8
9
10
11
# File 'lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb', line 8

def rule_text
  'AWS::Cognito::IdentityPool AllowUnauthenticatedIdentities property should be false ' \
  'but CAN be true if proper restrictive IAM roles and permissions are established for unauthenticated users.'
end

#rule_typeObject


13
14
15
# File 'lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb', line 13

def rule_type
  Violation::WARNING
end