class KMSKeyWildcardPrincipalRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 20
def audit_impl(cfn_model)
  # Select all AWS::KMS::Key resources to audit
  violating_keys = cfn_model.resources_by_type('AWS::KMS::Key').select do |key|
    # Return key if wildcard_allowed_principals boolean is not empty
    !key.key_policy.policy_document.wildcard_allowed_principals.empty?
  end

  violating_keys.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 16
def rule_id
  'F76'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 7
def rule_text
  'KMS key should not allow * principal ' \
  '(https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 12
def rule_type
  Violation::FAILING_VIOLATION
end