aws-cf-checker
Advanced tools
Comparing version 0.2.0 to 0.2.1
@@ -22,2 +22,11 @@ // TODO what about port ranges? I think we should not allow them | ||
function mapIdOrReferenceToId(entry) { | ||
"use strict"; | ||
if (entry.Ref) { | ||
return entry.Ref; | ||
} else { | ||
return entry; | ||
} | ||
} | ||
function normalizeSecurityGroupAttachmentIds(propertyName) { | ||
@@ -29,3 +38,3 @@ "use strict"; | ||
} | ||
return _.map(object.Properties[propertyName], "Ref"); | ||
return _.map(object.Properties[propertyName], mapIdOrReferenceToId); | ||
}; | ||
@@ -76,4 +85,15 @@ } | ||
"AWS::EC2::Instance": { | ||
"normalizationFun": normalizeSecurityGroupAttachmentIds("SecurityGroupIds"), // TODO could also be NetworkInterfaces | ||
"isPublicFun": alwaysPrivate// TODO is the assumption that a single instance should be never accessible from the outside valid? | ||
"normalizationFun": function(object) { | ||
"use strict"; | ||
if (object.Properties.NetworkInterfaces) { | ||
return _.chain(object.Properties.NetworkInterfaces) | ||
.map("GroupSet") | ||
.flatten() | ||
.map(mapIdOrReferenceToId) | ||
.value(); | ||
} else { | ||
return normalizeSecurityGroupAttachmentIds("SecurityGroupIds")(object); | ||
} | ||
}, | ||
"isPublicFun": alwaysPrivate // TODO is the assumption that a standalone EC2 instance should be never accessible from the outside valid? | ||
}, | ||
@@ -85,9 +105,8 @@ "AWS::EFS::MountTarget": { | ||
"AWS::EC2::SpotFleet": { | ||
"normalizationFun": //normalizeSecurityGroupAttachmentIds("SpotFleetRequestConfigData.LaunchSpecifications[].SecurityGroups[]") | ||
function(object) { | ||
"normalizationFun": function(object) { | ||
"use strict"; | ||
_.chain(object.Properties.SpotFleetRequestConfigData.LaunchSpecifications) | ||
return _.chain(object.Properties.SpotFleetRequestConfigData.LaunchSpecifications) | ||
.map("SecurityGroups") | ||
.flatten() | ||
.map("Ref") | ||
.map(mapIdOrReferenceToId) | ||
.value(); | ||
@@ -100,2 +119,6 @@ }, | ||
"isPublicFun": alwaysPrivate | ||
}, | ||
"AWS::EC2::NetworkInterface": { | ||
"normalizationFun": normalizeSecurityGroupAttachmentIds("GroupSet"), | ||
"isPublicFun": alwaysPrivate // TODO is the assumption that a standalone ENI should be never accessible from the outside valid? | ||
} | ||
@@ -102,0 +125,0 @@ }; |
{ | ||
"name": "aws-cf-checker", | ||
"version": "0.2.0", | ||
"version": "0.2.1", | ||
"description": "Checks AWS CloudFormation templates for security, reliability and conformity", | ||
@@ -5,0 +5,0 @@ "keywords": ["aws", "cloudformation", "cf"], |
@@ -120,2 +120,3 @@ [![Build Status](https://secure.travis-ci.org/widdix/aws-cf-checker.png)](http://travis-ci.org/widdix/aws-cf-checker) | ||
* AWS::AutoScaling::LaunchConfiguration | ||
* AWS::EC2::NetworkInterface | ||
* AWS::EC2::Instance | ||
@@ -122,0 +123,0 @@ * AWS::EC2::SpotFleet |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
44729
1439
138