class RDSInstanceDeletionProtectionRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 20 def audit_impl(cfn_model) rds_dbinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance') violating_rdsinstances = rds_dbinstances.select do |instance| not_protected?(instance) && !aurora?(instance) end violating_rdsinstances.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 16 def rule_id 'F80' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 8 def rule_text 'RDS instance should have deletion protection enabled' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 12 def rule_type Violation::FAILING_VIOLATION end
Private Instance Methods
aurora?(db_instance)
click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 36 def aurora?(db_instance) aurora_engines = %w[ aurora aurora-mysql aurora-postgresql ] aurora_engines.include? db_instance.engine end
not_protected?(instance)
click to toggle source
# File lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb, line 32 def not_protected?(instance) not_truthy?(instance.deletionProtection) || instance.deletionProtection == { 'Ref' => 'AWS::NoValue' } end