class MissingBucketPolicyRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 19
def audit_impl(cfn_model)
  violating_buckets = cfn_model.resources_by_type('AWS::S3::Bucket').select do |bucket|
    policy_for_bucket(cfn_model, bucket).nil?
  end

  violating_buckets.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 15
def rule_id
  'W51'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 7
def rule_text
  'S3 bucket should likely have a bucket policy'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 11
def rule_type
  Violation::WARNING
end

Private Instance Methods

policy_for_bucket(cfn_model, bucket) click to toggle source
# File lib/cfn-nag/custom_rules/MissingBucketPolicyRule.rb, line 29
def policy_for_bucket(cfn_model, bucket)
  cfn_model.resources_by_type('AWS::S3::BucketPolicy').find do |bucket_policy|
    if bucket_policy.bucket.is_a?(Hash) && bucket_policy.bucket.key?('Ref')
      bucket_policy.bucket['Ref'] == bucket.logical_resource_id
    else
      bucket.bucketName == bucket_policy.bucket
    end
  end
end