Class: EC2NetworkAclEntryIneffectiveDenyRule

Inherits:
BaseRule show all
Defined in:
lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object


20
21
22
23
24
25
26
27
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 20

def audit_impl(cfn_model)
  violating_nacl_entries = []
  cfn_model.resources_by_type('AWS::EC2::NetworkAcl').each do |nacl|
    violating_nacl_entries += violating_nacl_entries(nacl)
  end

  violating_nacl_entries.map(&:logical_resource_id)
end

#rule_idObject


16
17
18
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 16

def rule_id
  'W71'
end

#rule_textObject


8
9
10
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 8

def rule_text
  'NetworkACL Entry Deny rules should affect all CIDR ranges.'
end

#rule_typeObject


12
13
14
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 12

def rule_type
  Violation::WARNING
end