class ElasticLoadBalancerV2ListenerSslPolicyRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 19 def audit_impl(cfn_model) violating_listeners = cfn_model.resources_by_type('AWS::ElasticLoadBalancingV2::Listener') .select do |listener| violating_listeners?(listener) end violating_listeners.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 15 def rule_id 'W55' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 7 def rule_text 'Elastic Load Balancer V2 Listener SslPolicy should use TLS 1.2' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 11 def rule_type Violation::WARNING end
Private Instance Methods
violating_listeners?(listener)
click to toggle source
# File lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb, line 30 def violating_listeners?(listener) if %w[HTTPS TLS].include?(listener.protocol) listener.sslPolicy.nil? || %w[ELBSecurityPolicy-2016-08 ELBSecurityPolicy-TLS-1-0-2015-04 ELBSecurityPolicy-TLS-1-1-2017-01 ELBSecurityPolicy-FS-2018-06 ELBSecurityPolicy-FS-1-1-2019-08 ELBSecurityPolicy-2015] .include?(listener.sslPolicy) else false end end