cfn_nag | Linting tool for CloudFormation templates | AWS library
kandi X-RAY | cfn_nag Summary
kandi X-RAY | cfn_nag Summary
The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure. Roughly speaking, it will look for:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of cfn_nag
cfn_nag Key Features
cfn_nag Examples and Code Snippets
Community Discussions
Trending Discussions on cfn_nag
QUESTION
I have a cloud formation template where I have all the resources and details for the project.
I have the cfn-lint setup locally and it is running perfectly fine. However when I push the code changes, build fails at deployment stage due to cfn-nag stating some simple changes which could be fixed.
I'm using windows machine and I need a way to run this cfn-nag locally so that I could check this just like cfn-lint and fix them locally instead of waiting 40 minutes for build till it reaches deployment stage.
I referred several posts online, found below two helpful
https://stelligent.com/2018/03/23/validating-aws-cloudformation-templates-with-cfn_nag-and-mu/ https://github.com/stelligent/cfn_nag
What is the difference between cfn-nag and cfn-lint and why lint is not failing on what cfn-nag is complaining about?
The above links have some instructions on Ruby and Brew but I'm using Nodejs, felt lost. Please help.
...ANSWER
Answered 2021-Jul-15 at 10:53CFN-Nag looks for patterns in AWS CloudFormation templates that may indicate insecure infrastructure,
Ex:
IAM rules that are too permissive (wildcards), Security group rules that are too permissive (wildcards), Access logs that aren’t enabled, Encryption that isn’t enabled,
CFN-Lint scans the AWS CloudFormation template by processing a collection of Rules, where every rule handles a specific function check or validation of the template. It validates against AWS CloudFormation Resource specification.
This collection of rules can be extended with custom rules using the --append-rules argument.
Ex: Whitespaces, alignment(YAML), type checks, valid values for resource properties, and other best practices.
Those two links you previded above have all the information needed, just not directly for a Nodejs developer using a Windows machine.
Step1: Pull the docket image stelligent/cfn-nag
Step2: Add the script to your package.json for cfn-nag
Ex:
QUESTION
Testing AWS instance scheduler with terraform. Code here
Looks like my code is bumming with this error:
Error: error waiting for CloudFormation Stack creation: failed to create CloudFormation stack, rollback requested (ROLLBACK_COMPLETE): ["The following resource(s) failed to create: [Main]. Rollback requested by user." "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for solutions-us-gov-west-1/aws-instance-scheduler/v1.3.1/instance-scheduler.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException; Request ID: 731b7c0d-cda9-4f9e-b821-efed4cbced46; Proxy: null)"]
Below is part of the code: IAM policy
ANSWER
Answered 2021-Feb-16 at 21:10You have an issue with your joins in your SchedulerPolicy. You need to remove the trailing *:*:*.
QUESTION
I am creating a cloudformation stack to generate aws instance scheduler in aws gov cloud via TF. The goal is to start/stop ec2 based on tags. Many way to achieve it but I have to use terraform and cloudformation. Here is the repo --> https://github.com/Vinod1908/TestTerraform/blob/master/instanceScheduler.tf
Below is the part of the code where I think I am blocked:
ANSWER
Answered 2021-Feb-12 at 20:18The reason why it is failing is because you are forming the wrong ARN in your Terraform Code.
In your repo, link
Replace these following lines with respect to Lambda: 1047, 1358, 1420 as "arn:aws-us-gov:lambda" instead of "arn:aws:lambda".
As per the documentation of aws: The ARN should be in this format arn:aws-us-gov:lambda:account-id:function:function-name.
The answer to your question is to update the above-mentioned line. But I am sure you will get errors with respect to other resources as all resources which you are creating are in the Us-Region. So please update all the necessary Joining Function Arn lines which your forming in your code. :)
QUESTION
Go and binaries were part of our docker image.
I tried all possible combinations to build Go binary
...ANSWER
Answered 2020-May-25 at 02:57golang:1.14 is not alpine base but debian base. So of course you cannot run the debian build binary in alpine image.
Try replace
FROM golang:${GOLANG_VERSION} as build-helpers
with
FROM golang:${GOLANG_VERSION}-alpine as build-helpers
and add following lines to download necessary lib for building binary
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install cfn_nag
On MacOS or Linux you can alternatively install with brew:.
To install the current git branch locally:.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
