Class: BaseRule
Overview
Base class all Rules should subclass
Direct Known Subclasses
AlexaASKSkillAuthenticationConfigurationClientSecretRule, AlexaASKSkillAuthenticationConfigurationRefreshTokenRule, AmazonMQBrokerEncryptionOptionsRule, ApiGatewayAccessLoggingRule, ApiGatewayDeploymentUsagePlanRule, ApiGatewayMethodAuthorizationTypeRule, ApiGatewaySecurityPolicyRule, ApiGatewayStageAccessLoggingRule, ApiGatewayStageUsagePlanRule, ApiGatewayV2AccessLoggingRule, BatchJobDefinitionContainerPropertiesPrivilegedRule, BooleanBaseRule, CloudFormationAuthenticationRule, CloudFrontDistributionAccessLoggingRule, CloudfrontMinimumProtocolVersionRule, CodeBuildEncryptionKeyRule, CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule, CognitoUserPoolMfaConfigurationOnorOptionalRule, DAXClusterEncryptionRule, DLMLifecyclePolicyCrossRegionCopyEncryptionRule, DynamoDBBackupRule, DynamoDBBillingModeRule, DynamoDBEncryptionRule, EC2NetworkAclEntryDuplicateRule, EC2NetworkAclEntryIneffectiveDenyRule, EC2NetworkAclEntryOverlappingPortsRule, EC2NetworkAclEntryPortRangeRule, EC2NetworkAclEntryProtocolRule, EC2SubnetMapPublicIpOnLaunchRule, ECRRepositoryScanOnPushRule, EKSClusterEncryptionRule, EMRClusterSecurityConfigurationAttachedRule, EMRSecurityConfigurationEncryptionsEnabledAndConfiguredRule, ElasticLoadBalancerAccessLoggingRule, ElasticLoadBalancerV2AccessLoggingRule, ElasticLoadBalancerV2ListenerProtocolRule, ElasticLoadBalancerV2ListenerSslPolicyRule, ElasticsearchDomainEncryptionAtRestOptionsRule, ElasticsearchDomainNodeToNodeEncryptionOptionsRule, GameLiftFleetInboundPortRangeRule, IamManagedPolicyNotActionRule, IamManagedPolicyNotResourceRule, IamManagedPolicyWildcardActionRule, IamManagedPolicyWildcardResourceRule, IamPolicyNotActionRule, IamPolicyNotResourceRule, IamPolicyWildcardActionRule, IamPolicyWildcardResourceRule, IamRoleAdministratorAccessPolicyRule, IamRoleElevatedManagedPolicyRule, IamRoleNotActionOnPermissionsPolicyRule, IamRoleNotActionOnTrustPolicyRule, IamRoleNotPrincipalOnTrustPolicyRule, IamRoleNotResourceOnPermissionsPolicyRule, IamRolePassRoleWildcardResourceRule, IamRoleWildcardActionOnPermissionsPolicyRule, IamRoleWildcardActionOnTrustPolicyRule, IamRoleWildcardResourceOnPermissionsPolicyRule, IamUserLoginProfilePasswordResetRule, IotPolicyWildcardActionRule, IotPolicyWildcardResourceRule, KMSKeyRotationRule, KMSKeyWildcardPrincipalRule, KendraIndexServerSideEncryptionConfigurationKmsKeyIdRule, KinesisStreamStreamEncryptionRule, LambdaFunctionCloudWatchLogsRule, LambdaPermissionInvokeFunctionActionRule, LambdaPermissionWildcardPrincipalRule, LogsLogGroupEncryptedRule, LogsLogGroupRetentionRule, ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule, ManagedPolicyOnUserRule, MissingBucketPolicyRule, PassRoleBaseRule, PasswordBaseRule, PolicyOnUserRule, RDSDBInstanceStorageEncryptedRule, RDSInstanceBackupRetentionPeriodRule, RDSInstanceDeletionProtectionRule, RDSInstancePubliclyAccessibleRule, ResourceBaseRule, ResourceWithExplicitNameRule, S3BucketAccessLoggingRule, S3BucketEncryptionSetRule, S3BucketPolicyNotActionRule, S3BucketPolicyNotPrincipalRule, S3BucketPolicyWildcardActionRule, S3BucketPolicyWildcardPrincipalRule, S3BucketPublicReadAclRule, S3BucketPublicReadWriteAclRule, SPCMRule, SecurityGroupEgressAllProtocolsRule, SecurityGroupEgressOpenToWorldRule, SecurityGroupEgressPortRangeRule, SecurityGroupIngressAllProtocolsRule, SecurityGroupIngressCidrNon32Rule, SecurityGroupIngressOpenToWorldRule, SecurityGroupIngressPortRangeRule, SecurityGroupMissingEgressRule, SecurityGroupRuleDescriptionRule, SnsTopicPolicyNotActionRule, SnsTopicPolicyNotPrincipalRule, SnsTopicPolicyWildcardPrincipalRule, SqsQueuePolicyNotActionRule, SqsQueuePolicyNotPrincipalRule, SqsQueuePolicyWildcardActionRule, SqsQueuePolicyWildcardPrincipalRule, SubPropertyWithListPasswordBaseRule, UserHasInlinePolicyRule, UserMissingGroupRule, VpcHasFlowLogRule, WafWebAclDefaultActionRule, WorkspacesWorkspaceEncryptionRule
Instance Method Summary collapse
-
#audit(cfn_model) ⇒ Object
Returns nil when there are no violations Returns a Violation object otherwise.
-
#audit_impl(_cfn_model) ⇒ Object
Returns a collection of logical resource ids.
Instance Method Details
#audit(cfn_model) ⇒ Object
Returns nil when there are no violations Returns a Violation object otherwise
18 19 20 21 22 23 24 25 26 |
# File 'lib/cfn-nag/custom_rules/base.rb', line 18 def audit(cfn_model) logical_resource_ids = audit_impl(cfn_model) return if logical_resource_ids.empty? Violation.new(id: rule_id, type: rule_type, message: rule_text, logical_resource_ids: logical_resource_ids) end |
#audit_impl(_cfn_model) ⇒ Object
Returns a collection of logical resource ids
10 11 12 |
# File 'lib/cfn-nag/custom_rules/base.rb', line 10 def audit_impl(_cfn_model) raise 'must implement in subclass' end |