class ApiGatewayAccessLoggingRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 20 def audit_impl(cfn_model) stage_deployment_ids = stage_deployments_with_logging(cfn_model) violating_deployments = cfn_model.resources_by_type('AWS::ApiGateway::Deployment').select do |deployment| violating_deployment?(deployment, stage_deployment_ids) end violating_deployments.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 16 def rule_id 'W45' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 7 def rule_text 'ApiGateway Deployment resource should have AccessLogSetting property configured when creating an ' \ 'API Stage itself (through specifying the StageName and StageDescription properties).' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 12 def rule_type Violation::WARNING end
Private Instance Methods
stage_deployments_with_logging(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 40 def stage_deployments_with_logging(cfn_model) stage_deployment_ids = [] cfn_model.resources_by_type('AWS::ApiGateway::Stage').each do |stage| unless stage.accessLogSetting.nil? && stage.deploymentId.nil? stage_deployment_ids.push(References.resolve_resource_id(stage.deploymentId)) end end stage_deployment_ids end
violating_deployment?(deployment, stage_deployment_ids)
click to toggle source
# File lib/cfn-nag/custom_rules/ApiGatewayAccessLoggingRule.rb, line 32 def violating_deployment?(deployment, stage_deployment_ids) if deployment.stageDescription.nil? !stage_deployment_ids.include?(deployment.logical_resource_id) else deployment.stageDescription['AccessLogSetting'].nil? end end