class IotPolicyWildcardResourceRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/IotPolicyWildcardResourceRule.rb, line 20 def audit_impl(cfn_model) violating_policies = cfn_model.resources_by_type('AWS::IoT::Policy').select do |policy| policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy.policyDocument) !policy.policy_document.wildcard_allowed_resources.empty? end violating_policies.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/IotPolicyWildcardResourceRule.rb, line 16 def rule_id 'W39' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/IotPolicyWildcardResourceRule.rb, line 8 def rule_text 'IoT policy should not allow * resource' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/IotPolicyWildcardResourceRule.rb, line 12 def rule_type Violation::WARNING end