search

aaronlippold / inspec-aws

InSpec for AWS (Incubation)
https://www.inspec.io/
Other
1 stars 1 forks source link

enhancement to aws_vpc #35

Open rx294 opened 6 years ago

rx294 commented 6 years ago

Please consider following enhancements to aws_vpc

1) Check if flow logs is enabled; Support cis_aws 4.3

Enable test code such as 

describe aws_vpc('vpc-017a4079') do
   it { should be_flow_logs_enabled}
end

Code suggestion (diff):

17c17
<   [:cidr_block, :dhcp_options_id, :state, :vpc_id, :instance_tenancy, :is_default, :flow_logs].each do |property|
---
>   [:cidr_block, :dhcp_options_id, :state, :vpc_id, :instance_tenancy, :is_default].each do |property|
23,26d22
<   def flow_logs_enabled?
<     !flow_logs.empty?
<   end
<
60,69d55
<
<     @vpc[:flow_logs] = []
<     if @exists
<       filter = { name: "resource-id", values: [@vpc_id],}
<       resp = backend.describe_flow_logs({filter: [filter]})
<       @vpc[:flow_logs] = resp.flow_logs
<     end
<
<     resp = backend.describe_vpcs({})
79,81d64
<       def describe_flow_logs(query)
<         AWSConnection.new.ec2_client.describe_flow_logs(query)
<       end
84c67
samcornwell commented 6 years ago

Is part 1 relevant now that we have aws_vpcs merged?

rx294 commented 6 years ago

True...have have removed part 1...thank you Sam.