class IamRoleElevatedManagedPolicyRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/IamRoleElevatedManagedPolicyRule.rb, line 26 def audit_impl(cfn_model) violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role| includes_elevated_policy(role) end violating_roles.map(&:logical_resource_id) end
includes_elevated_policy(role)
click to toggle source
# File lib/cfn-nag/custom_rules/IamRoleElevatedManagedPolicyRule.rb, line 19 def includes_elevated_policy(role) role.managedPolicyArns.find do |policy| policy.include?('arn:aws:iam::aws:policy/PowerUserAccess') || policy.include?('arn:aws:iam::aws:policy/IAMFullAccess') end end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/IamRoleElevatedManagedPolicyRule.rb, line 15 def rule_id 'W44' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/IamRoleElevatedManagedPolicyRule.rb, line 7 def rule_text 'IAM role should not have Elevated Managed policy' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/IamRoleElevatedManagedPolicyRule.rb, line 11 def rule_type Violation::WARNING end