Class: EC2NetworkAclEntryProtocolRule

Inherits:
BaseRule show all
Defined in:
lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object


20
21
22
23
24
25
26
27
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 20

def audit_impl(cfn_model)
  violating_network_acl_entries = cfn_model.resources_by_type('AWS::EC2::NetworkAclEntry')
                                           .select do |network_acl_entry|
    violating_network_acl_entries?(network_acl_entry)
  end

  violating_network_acl_entries.map(&:logical_resource_id)
end

#rule_idObject


16
17
18
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 16

def rule_id
  'W66'
end

#rule_textObject


7
8
9
10
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 7

def rule_text
  'To avoid opening all ports for Allow rules, EC2 NetworkACL Entry Protocol should be either 6 (for TCP), 17 ' \
  '(for UDP), 1 (for ICMP), or 58 (for ICMPv6, which must include an IPv6 CIDR block, ICMP type, and code).'
end

#rule_typeObject


12
13
14
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 12

def rule_type
  Violation::WARNING
end