class KinesisStreamStreamEncryptionRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/KinesisStreamStreamEncryptionRule.rb, line 19
def audit_impl(cfn_model)
  violating_kinesis_streams = cfn_model.resources_by_type('AWS::Kinesis::Stream').select do |kinesis_stream|
    violating_kinesis_streams?(kinesis_stream)
  end

  violating_kinesis_streams.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/KinesisStreamStreamEncryptionRule.rb, line 15
def rule_id
  'W49'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/KinesisStreamStreamEncryptionRule.rb, line 7
def rule_text
  'Kinesis Stream should specify StreamEncryption. EncryptionType should be KMS and specify KMS Key Id.'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/KinesisStreamStreamEncryptionRule.rb, line 11
def rule_type
  Violation::WARNING
end

Private Instance Methods

violating_kinesis_streams?(kinesis_stream) click to toggle source
# File lib/cfn-nag/custom_rules/KinesisStreamStreamEncryptionRule.rb, line 29
def violating_kinesis_streams?(kinesis_stream)
  if kinesis_stream.streamEncryption.nil?
    true
  elsif kinesis_stream.streamEncryption['EncryptionType'].nil?
    true
  elsif kinesis_stream.streamEncryption['KeyId'].nil?
    true
  else
    kinesis_stream.streamEncryption['EncryptionType'] == 'NONE'
  end
end