cfn_nag

Changes

🐛 Bug Fixes

• #416 Updates to support UTF-8 templates @pshelby (#420)

Changes

🚀 Features

• #378 Created custom rules from boolean_base_rule and applied to SageMaker EndpointConfig/NotebookInstance @pshelby (#419)

Changes

🐛 Bug Fixes

• Locking release-drafter version to fix GH workflow @pshelby (#413)

Changes

• Fix Omissions For W58 @zf-jmac (#412)

Changes

• Adding warning rule for API Gateway Stage AccessLogSetting property @tmcelhattan (#404)

Changes

• warning rule for API Deloyments being associated with Usage Plans @tmcelhattan (#411)

Changes

• #10 Add NACL rules for VPC ID, Protocol, and Port Range @thegonch (#373)

Changes

• No changes

Changes

• No changes

Changes

🚀 Features

• #58 GameLift custom rule to warn on open EC2 ingress port ranges @pshelby (#401)

Changes

• No changes

🚀 Features

• #191 Create GitHub releases with corresponding changelog @pshelby (#398)

0.0.0 - 0.5.21 Changes

• ApiGateway UsagePlan rule @tmcelhattan (#390)
• Fix for W59 @tmcelhattan (#397)
• #394 Cleanup rspec output @pshelby (#395)
• #59 Two rules to validate EMR SecurityConfigurations @pshelby (#393)
• #74 Raise violations on administrator access for SAM functions @pshelby (#392)
• Update README.md @mtoothman (#391)
• [#63] Adding a Warning for VPCs Missing FlowLogs @archetypalsxe (#382)
• #337 Inherit proper Serverless generated resource handling from latest cfn-model @pshelby (#387)
• #388 Correcting logs:PutLogEvent permission to logs:PutLogEvents @pshelby (#389)
• init commit for issue 72 - API Gateway AuthType property - warning fo… @tmcelhattan (#385)
• https://github.com/stelligent/cfn_nag/issues/383 ApiGateway Security @pethers (#386)
• #76 Rule to validate Lambda permission to write CloudWatch Logs @pshelby (#358)
• #141 Upgrading cfn-model version to inherit Globals section parsing @pshelby (#381)
• update rule Ids @tmcelhattan (#375)
• Adding warning rule for cognito IdentityPool AllowUnauthenticatedIdentities - #68 @tmcelhattan (#372)
• Initial commit for Issue #67 - Adding rule to check for Cognito UserP… @tmcelhattan (#366)
• Feature/369 adjust vscode container build and deploy @phelewski (#370)
• #368 changing ssh and gpg to be mounted as a volume @phelewski (#371)
• Fix the Listener SslPolicy parameter name casing @thegonch (#363)
• Feature/vscode development @phelewski (#356)
• #53 Flag AWS::SDB::Domain resource as a violation @thegonch (#360)
• #60 Feature/60 elbv2 listener ssl policy rules @thegonch (#354)
• Updating deprecated 'version' property to 'ruby-version' for setup-ruby action @pshelby (#355)
• Feature/352 allow novalue in password rules @phelewski (#353)
• #268 Adding step in cfn_nag workflow to trigger workflow in stelligent/homebrew-tap repo. @pshelby (#348)
• #349 adding status badge for workflow @phelewski (#350)
• Feature/253 remaining password property rules @phelewski (#345)
• #253 updating AmazonMQ Broker Users Password rule to use password helper and to correct custom rule name to match property name @phelewski (#346)
• Feature/253 update iam user login profile password rule @phelewski (#347)
• Feature/253 emr cluster kerberos attributes password rules @phelewski (#343)
• Feature/253 aws pinpoint password rules @phelewski (#341)
• Feature/253 kinesis firehose delivery stream password rules @phelewski (#342)
• Feature/253 aws opsworks password rules @phelewski (#340)
• #335 Adding warning if a KMS key allows wildcarded principals in its policy @pshelby (#338)
• Feature/add secure rule for alexa ask skill authentication configuration @phelewski (#323)
• new rule :ElasticsearchcDomain should specify EncryptionAtRestOptions @pethers (#331)
• New rule : AmazonMQ Broker should specify EncryptionOptions @pethers (#330)
• Correcting Failing Unit Test @archetypalsxe (#333)
• Feature/253 amplify password rules @phelewski (#325)
• #253 adding AccountPassword rule for AppStream DirectoryConfig ServiceAccountCredentials @phelewski (#327)
• feature/253 dms endpoint mongodbsettings password rule @phelewski (#326)
• Issue #316 kinesis stream encryption @tmcelhattan (#328)
• Creating and Updating password helpers and updating opsworks stack rds password rule @phelewski (#324)
• Adding violation rule for SQS Queue - KmsMasterKeyId property. Issue #315 @tmcelhattan (#320)
• Feature/issue 314 sns topic kmsmasterkeyid - Issue #314 @tmcelhattan (#321)
• Missing access logging rule for AWS::ElasticLoadBalancingV2 @pethers (#313)
• ApiGateway V2 should have access logging configured @pethers (#312)
• Adding custom rules and tests for issue #253 - AWS::IAM::User.LoginPr… @tmcelhattan (#298)
• Feature/issue 253 ops works stack rds db password @tmcelhattan (#302)
• Feature/issue 253 amazonmq broker user password @tmcelhattan (#301)
• Rule for api gateway access logging enabled https://github.com/stelligent/cfn_nag/issues/299 @pethers (#300)
• Modify Rule W43 to include warning for PowerUserAccess and IAMFullAccess @mcahill7 (#294)
• Update netaddr to resolve CVE-2019-17383 @arothian (#296)
• Iam AdministratorAccess managed policy rule @mcahill7 (#293)
• #273 - New rule to warn on ipProtocol -1 @Mr-Lizard (#279)
• #278 - Create rule for S3 Bucket Encryption @Mr-Lizard (#282)
• #57 Look for wildcards in AWS::IoT::Policy @Mr-Lizard (#275)
• #86 install cfn_nag using brew on Mac and Linux @twellspring (#267)
• #269 Add output-format option to cfn_nag_rules @twellspring (#270)
• Dockerfile improvements @nevstokes (#264)
• #244 update dev dockerfile and documentation @twellspring (#259)
• #147 Feature/147 @twellspring (#243)
• #242 - Add new 'colortxt' output_format, 'txt' output_format no longer colorizes output @jesseadams (#257)
• Feature/adjust password base rule to work with sub properties @phelewski (#256)
• Updating tests for RDS DB Instance resource @phelewski (#241)
• Feature/148 @twellspring (#246)
• fix dockerfile when gemfile.lock is not present @kidbrax (#247)
• Create consolidated Password rule @phelewski (#239)
• Fail on not utilizing NoEcho for Password in AWS::DirectoryService::MicrosoftAD @phelewski (#235)
• Fail on not utilizing NoEcho for Password in AWS::DMS::Endpoint @phelewski (#236)
• Add Dynamic Reference checks for AWS::DirectoryService::SimpleAD Password @phelewski (#237)
• Fail on not utilizing NoEcho for MasterUserPassword in AWS::Redshift::Cluster @phelewski (#232)
• converted Make to Rake and added a few new commands @kidbrax (#229)
• Fail on not utilizing NoEcho for MasterUserPassword in AWS::RDS::DBCluster @phelewski (#228)
• #230 - More windows :io to :string fixes @jesseadams (#231)
• merge stelligent updates @fortunecookiezen (#1)
• Remove need for RVM @kidbrax (#227)
• #140 - Fixes input-path opt on Windows @jesseadams (#226)
• #224 - Fixes rule loading with Windows Command Prompt @jesseadams (#225)
• Prevent duplicate ids @jesseadams (#221)
• #211 - Refactoring boolean rules to be more DRY @jesseadams (#222)
• #214 - Restore output-type to cfn_nag @jesseadams (#215)
• Refactor CLI Interface, Add Scan fail-on-warnings @byronic (#197)
• Bugfix/account for false as string @seanmckinley (#219)
• Feature/fail if enable key rotation false or absent @seanmckinley (#218)

When using the default output-type of text, warnings will now show as yellow and failures as red.

This change uses the new line numbers support of cfn-model.

$ cfn_nag ../cfn-model/test.json
{
  "failure_count": 1,
  "violations": [
    {
      "id": "F14",
      "type": "FAIL",
      "message": "S3 Bucket should not have a public read-write acl",
      "logical_resource_ids": [
        "S3Bucket"
      ],
      "line_numbers": [
        5
      ]
    }
  ]
}