Class: EC2NetworkAclEntryProtocolRule
- Defined in:
- lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb
Instance Method Summary collapse
Methods inherited from BaseRule
Instance Method Details
#audit_impl(cfn_model) ⇒ Object
20 21 22 23 24 25 26 27 |
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 20 def audit_impl(cfn_model) violating_network_acl_entries = cfn_model.resources_by_type('AWS::EC2::NetworkAclEntry') .select do |network_acl_entry| violating_network_acl_entries?(network_acl_entry) end violating_network_acl_entries.map(&:logical_resource_id) end |
#rule_id ⇒ Object
16 17 18 |
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 16 def rule_id 'W66' end |
#rule_text ⇒ Object
7 8 9 10 |
# File 'lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb', line 7 def rule_text 'To avoid opening all ports for Allow rules, EC2 NetworkACL Entry Protocol should be either 6 (for TCP), 17 ' \ '(for UDP), 1 (for ICMP), or 58 (for ICMPv6, which must include an IPv6 CIDR block, ICMP type, and code).' end |