Class: EC2NetworkAclEntryIneffectiveDenyRule

Inherits:

BaseRule

Object
BaseRule
EC2NetworkAclEntryIneffectiveDenyRule

show all

Defined in:: lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ `Object`

# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 20

def audit_impl(cfn_model)
  violating_nacl_entries = []
  cfn_model.resources_by_type('AWS::EC2::NetworkAcl').each do |nacl|
    violating_nacl_entries += violating_nacl_entries(nacl)
  end

  violating_nacl_entries.map(&:logical_resource_id)
end

#rule_id ⇒ `Object`



16
17
18

# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 16

def rule_id
  'W71'
end

#rule_text ⇒ `Object`



8
9
10

# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 8

def rule_text
  'NetworkACL Entry Deny rules should affect all CIDR ranges.'
end

#rule_type ⇒ `Object`



12
13
14

# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryIneffectiveDenyRule.rb', line 12

def rule_type
  Violation::WARNING
end

Class: EC2NetworkAclEntryIneffectiveDenyRule

Instance Method Summary collapse

Methods inherited from BaseRule

Instance Method Details

#audit_impl(cfn_model) ⇒ Object

#rule_id ⇒ Object

#rule_text ⇒ Object

#rule_type ⇒ Object

#audit_impl(cfn_model) ⇒ `Object`

#rule_id ⇒ `Object`

#rule_text ⇒ `Object`

#rule_type ⇒ `Object`