class ElasticLoadBalancerV2AccessLoggingRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb, line 20
def audit_impl(cfn_model)
  violating_elbs = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::LoadBalancer')
                            .select do |elb|
    elb.loadBalancerAttributes.nil? || missing_access_logs?(elb) || access_logging_is_false?(elb)
  end

  violating_elbs.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb, line 16
def rule_id
  'W52'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb, line 8
def rule_text
  'Elastic Load Balancer V2 should have access logging enabled'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb, line 12
def rule_type
  Violation::WARNING
end

Private Instance Methods

access_logging_is_false?(load_balancer) click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb, line 31
def access_logging_is_false?(load_balancer)
  load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
    load_balancer_attribute['Key'] == 'access_logs.s3.enabled' && not_truthy?(load_balancer_attribute['Value'])
  end
end
missing_access_logs?(load_balancer) click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2AccessLoggingRule.rb, line 37
def missing_access_logs?(load_balancer)
  access_log_attribute = load_balancer.loadBalancerAttributes.find do |load_balancer_attribute|
    load_balancer_attribute['Key'] == 'access_logs.s3.enabled'
  end
  access_log_attribute.nil?
end