UNPKG

cdk-nag

Version:

Check CDK v2 applications for best practices using a combination on available rule packs.

github.com/cdklabs/cdk-nag

cdklabs/cdk-nag

40 lines 6.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); /* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ const path_1 = require("path"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const aws_cloudwatch_1 = require("aws-cdk-lib/aws-cloudwatch"); const nag_rules_1 = require("../../nag-rules"); /** * CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled * @param node the CfnResource to check */ exports.default = Object.defineProperty((node) => { if (node instanceof aws_cloudwatch_1.CfnAlarm) { const actionsEnabled = aws_cdk_lib_1.Stack.of(node).resolve(node.actionsEnabled); if (actionsEnabled === false) { return nag_rules_1.NagRuleCompliance.NON_COMPLIANT; } // Actions can be an array with a token that then resolves to an empty array or undefined const alarmActions = aws_cdk_lib_1.Stack.of(node).resolve(node.alarmActions); const insufficientDataActions = aws_cdk_lib_1.Stack.of(node).resolve(node.insufficientDataActions); const okActions = aws_cdk_lib_1.Stack.of(node).resolve(node.okActions); const totalAlarmActions = alarmActions ? alarmActions.length : 0; const totalInsufficientDataActions = insufficientDataActions ? insufficientDataActions.length : 0; const totalOkActions = okActions ? okActions.length : 0; const totalActions = totalAlarmActions + totalInsufficientDataActions + totalOkActions; if (totalActions == 0) { return nag_rules_1.NagRuleCompliance.NON_COMPLIANT; } return nag_rules_1.NagRuleCompliance.COMPLIANT; } else { return nag_rules_1.NagRuleCompliance.NOT_APPLICABLE; } }, 'name', { value: path_1.parse(__filename).name }); //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2xvdWRXYXRjaEFsYXJtQWN0aW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3J1bGVzL2Nsb3Vkd2F0Y2gvQ2xvdWRXYXRjaEFsYXJtQWN0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUE7OztFQUdFO0FBQ0YsK0JBQTZCO0FBQzdCLDZDQUFpRDtBQUNqRCwrREFBc0Q7QUFDdEQsK0NBQW9EO0FBRXBEOzs7R0FHRztBQUNILGtCQUFlLE1BQU0sQ0FBQyxjQUFjLENBQ2xDLENBQUMsSUFBaUIsRUFBcUIsRUFBRTtJQUN2QyxJQUFJLElBQUksWUFBWSx5QkFBUSxFQUFFO1FBQzVCLE1BQU0sY0FBYyxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDbkUsSUFBSSxjQUFjLEtBQUssS0FBSyxFQUFFO1lBQzVCLE9BQU8sNkJBQWlCLENBQUMsYUFBYSxDQUFDO1NBQ3hDO1FBQ0QseUZBQXlGO1FBQ3pGLE1BQU0sWUFBWSxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDL0QsTUFBTSx1QkFBdUIsR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUFPLENBQ3BELElBQUksQ0FBQyx1QkFBdUIsQ0FDN0IsQ0FBQztRQUNGLE1BQU0sU0FBUyxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDekQsTUFBTSxpQkFBaUIsR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNqRSxNQUFNLDRCQUE0QixHQUFHLHVCQUF1QjtZQUMxRCxDQUFDLENBQUMsdUJBQXVCLENBQUMsTUFBTTtZQUNoQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ04sTUFBTSxjQUFjLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDeEQsTUFBTSxZQUFZLEdBQ2hCLGlCQUFpQixHQUFHLDRCQUE0QixHQUFHLGNBQWMsQ0FBQztRQUNwRSxJQUFJLFlBQVksSUFBSSxDQUFDLEVBQUU7WUFDckIsT0FBTyw2QkFBaUIsQ0FBQyxhQUFhLENBQUM7U0FDeEM7UUFDRCxPQUFPLDZCQUFpQixDQUFDLFNBQVMsQ0FBQztLQUNwQztTQUFNO1FBQ0wsT0FBTyw2QkFBaUIsQ0FBQyxjQUFjLENBQUM7S0FDekM7QUFDSCxDQUFDLEVBQ0QsTUFBTSxFQUNOLEVBQUUsS0FBSyxFQUFFLFlBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FDbEMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qXG5Db3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cblNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG4qL1xuaW1wb3J0IHsgcGFyc2UgfSBmcm9tICdwYXRoJztcbmltcG9ydCB7IENmblJlc291cmNlLCBTdGFjayB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7IENmbkFsYXJtIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWNsb3Vkd2F0Y2gnO1xuaW1wb3J0IHsgTmFnUnVsZUNvbXBsaWFuY2UgfSBmcm9tICcuLi8uLi9uYWctcnVsZXMnO1xuXG4vKipcbiAqIENsb3VkV2F0Y2ggYWxhcm1zIGhhdmUgYXQgbGVhc3Qgb25lIGFsYXJtIGFjdGlvbiwgb25lIElOU1VGRklDSUVOVF9EQVRBIGFjdGlvbiwgb3Igb25lIE9LIGFjdGlvbiBlbmFibGVkXG4gKiBAcGFyYW0gbm9kZSB0aGUgQ2ZuUmVzb3VyY2UgdG8gY2hlY2tcbiAqL1xuZXhwb3J0IGRlZmF1bHQgT2JqZWN0LmRlZmluZVByb3BlcnR5KFxuICAobm9kZTogQ2ZuUmVzb3VyY2UpOiBOYWdSdWxlQ29tcGxpYW5jZSA9PiB7XG4gICAgaWYgKG5vZGUgaW5zdGFuY2VvZiBDZm5BbGFybSkge1xuICAgICAgY29uc3QgYWN0aW9uc0VuYWJsZWQgPSBTdGFjay5vZihub2RlKS5yZXNvbHZlKG5vZGUuYWN0aW9uc0VuYWJsZWQpO1xuICAgICAgaWYgKGFjdGlvbnNFbmFibGVkID09PSBmYWxzZSkge1xuICAgICAgICByZXR1cm4gTmFnUnVsZUNvbXBsaWFuY2UuTk9OX0NPTVBMSUFOVDtcbiAgICAgIH1cbiAgICAgIC8vIEFjdGlvbnMgY2FuIGJlIGFuIGFycmF5IHdpdGggYSB0b2tlbiB0aGF0IHRoZW4gcmVzb2x2ZXMgdG8gYW4gZW1wdHkgYXJyYXkgb3IgdW5kZWZpbmVkXG4gICAgICBjb25zdCBhbGFybUFjdGlvbnMgPSBTdGFjay5vZihub2RlKS5yZXNvbHZlKG5vZGUuYWxhcm1BY3Rpb25zKTtcbiAgICAgIGNvbnN0IGluc3VmZmljaWVudERhdGFBY3Rpb25zID0gU3RhY2sub2Yobm9kZSkucmVzb2x2ZShcbiAgICAgICAgbm9kZS5pbnN1ZmZpY2llbnREYXRhQWN0aW9uc1xuICAgICAgKTtcbiAgICAgIGNvbnN0IG9rQWN0aW9ucyA9IFN0YWNrLm9mKG5vZGUpLnJlc29sdmUobm9kZS5va0FjdGlvbnMpO1xuICAgICAgY29uc3QgdG90YWxBbGFybUFjdGlvbnMgPSBhbGFybUFjdGlvbnMgPyBhbGFybUFjdGlvbnMubGVuZ3RoIDogMDtcbiAgICAgIGNvbnN0IHRvdGFsSW5zdWZmaWNpZW50RGF0YUFjdGlvbnMgPSBpbnN1ZmZpY2llbnREYXRhQWN0aW9uc1xuICAgICAgICA/IGluc3VmZmljaWVudERhdGFBY3Rpb25zLmxlbmd0aFxuICAgICAgICA6IDA7XG4gICAgICBjb25zdCB0b3RhbE9rQWN0aW9ucyA9IG9rQWN0aW9ucyA/IG9rQWN0aW9ucy5sZW5ndGggOiAwO1xuICAgICAgY29uc3QgdG90YWxBY3Rpb25zID1cbiAgICAgICAgdG90YWxBbGFybUFjdGlvbnMgKyB0b3RhbEluc3VmZmljaWVudERhdGFBY3Rpb25zICsgdG90YWxPa0FjdGlvbnM7XG4gICAgICBpZiAodG90YWxBY3Rpb25zID09IDApIHtcbiAgICAgICAgcmV0dXJuIE5hZ1J1bGVDb21wbGlhbmNlLk5PTl9DT01QTElBTlQ7XG4gICAgICB9XG4gICAgICByZXR1cm4gTmFnUnVsZUNvbXBsaWFuY2UuQ09NUExJQU5UO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gTmFnUnVsZUNvbXBsaWFuY2UuTk9UX0FQUExJQ0FCTEU7XG4gICAgfVxuICB9LFxuICAnbmFtZScsXG4gIHsgdmFsdWU6IHBhcnNlKF9fZmlsZW5hbWUpLm5hbWUgfVxuKTtcbiJdfQ==