Class: SPCMRule
- Defined in:
- lib/cfn-nag/custom_rules/SPCMRule.rb
Constant Summary collapse
- DEFAULT_THRESHOLD =
25
Instance Attribute Summary collapse
-
#spcm_threshold ⇒ Object
Returns the value of attribute spcm_threshold.
Instance Method Summary collapse
Methods inherited from BaseRule
Instance Attribute Details
#spcm_threshold ⇒ Object
Returns the value of attribute spcm_threshold.
8 9 10 |
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 8 def spcm_threshold @spcm_threshold end |
Instance Method Details
#audit_impl(cfn_model) ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 23 def audit_impl(cfn_model) logical_resource_ids = [] begin policy_documents = SPCM.new.metric_impl(cfn_model) rescue StandardError => catch_all_exception puts "Experimental SPCM rule is failing. Please report #{catch_all_exception} with the violating template" policy_documents = { 'AWS::IAM::Policy' => {}, 'AWS::IAM::Role' => {} } end threshold = spcm_threshold.nil? ? DEFAULT_THRESHOLD : spcm_threshold.to_i logical_resource_ids += violating_policy_resources(policy_documents, threshold) logical_resource_ids += violating_role_resources(policy_documents, threshold) logical_resource_ids end |
#rule_id ⇒ Object
19 20 21 |
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 19 def rule_id 'W76' end |
#rule_text ⇒ Object
11 12 13 |
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 11 def rule_text "SPCM for IAM policy document is higher than #{spcm_threshold || DEFAULT_THRESHOLD}" end |