class EKSClusterEncryptionRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 19 def audit_impl(cfn_model) violating_clusters = cfn_model.resources_by_type('AWS::EKS::Cluster').select do |cluster| if cluster.encryptionConfig.nil? true elsif violating_configs?(cluster) true else violating_providers?(cluster) end end violating_clusters.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 15 def rule_id 'W82' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 7 def rule_text 'EKS Cluster EncryptionConfig Provider should specify KeyArn to enable Encryption.' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 11 def rule_type Violation::WARNING end
Private Instance Methods
violating_configs?(cluster)
click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 35 def violating_configs?(cluster) violating_config = cluster.encryptionConfig.select do |config| config['Provider'].nil? end !violating_config.empty? end
violating_providers?(cluster)
click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 42 def violating_providers?(cluster) violating_provider = cluster.encryptionConfig.select do |config| config['Provider']['KeyArn'].empty? end !violating_provider.empty? end