class KMSKeyWildcardPrincipalRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 20 def audit_impl(cfn_model) # Select all AWS::KMS::Key resources to audit violating_keys = cfn_model.resources_by_type('AWS::KMS::Key').select do |key| # Return key if wildcard_allowed_principals boolean is not empty !key.key_policy.policy_document.wildcard_allowed_principals.empty? end violating_keys.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 16 def rule_id 'F76' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 7 def rule_text 'KMS key should not allow * principal ' \ '(https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb, line 12 def rule_type Violation::FAILING_VIOLATION end