Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create kms example rule #248

Merged
merged 23 commits into from
Nov 16, 2023
Merged

Create kms example rule #248

merged 23 commits into from
Nov 16, 2023

Conversation

Max-Huneshagen
Copy link
Contributor

@Max-Huneshagen Max-Huneshagen commented Nov 10, 2023

We create a new rule that ensures that DB instances are encrypted.

This does not work with Amazon Aurora as the encryption for DB instances is managed by the DB cluster.

@Max-Huneshagen Max-Huneshagen marked this pull request as ready for review November 13, 2023 08:55
@Max-Huneshagen Max-Huneshagen requested a review from a team November 13, 2023 14:38
@Max-Huneshagen Max-Huneshagen marked this pull request as draft November 13, 2023 15:21
@Max-Huneshagen Max-Huneshagen marked this pull request as ready for review November 13, 2023 15:55
ignaciobolonio
ignaciobolonio previously approved these changes Nov 14, 2023
Copy link
Contributor

@ignaciobolonio ignaciobolonio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

AliceMEd
AliceMEd previously approved these changes Nov 15, 2023
if (
resource.Type == "AWS::RDS::DBInstance"
and not is_encrypted
and not getattr(resource.Properties, "Engine", "").startswith("aurora")

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth adding a comment on why aurora is not included

@Max-Huneshagen Max-Huneshagen merged commit d7848ba into master Nov 16, 2023
7 checks passed
@Max-Huneshagen Max-Huneshagen deleted the create-kms-example-rule branch November 16, 2023 08:35
Max-Huneshagen added a commit that referenced this pull request Nov 16, 2023
* Create new stack name rule.

* remove unused import

* review comments

* lint error

* add new db encryption rule

* remove changes from other pr

* Update lint-and-test.yml (#247)

* Update lint-and-test.yml

* Update pyyaml dependency

* Update README.md (#246)

* Update README.md

* Add license badge

* rebase

* rebase onto master

* rebase

* make lint

* remove duplicate test

* update changelog

* add comment as for stack name rule

* make format

* rule not invoked for aurora

* make templates valid cloud formations (except for aurora one)

* make templates valid cloud formations

* Update tests/rules/test_StorageEncryptedRule.py

Co-authored-by: Ignacio Bolonio <[email protected]>

* add aurora comment

---------

Co-authored-by: Jordi Soucheiron <[email protected]>
Co-authored-by: Ignacio Bolonio <[email protected]>
Max-Huneshagen added a commit that referenced this pull request Nov 16, 2023
* create new rule

* create new rule

* refactor tests

* Create kms example rule (#248)

* Create new stack name rule.

* remove unused import

* review comments

* lint error

* add new db encryption rule

* remove changes from other pr

* Update lint-and-test.yml (#247)

* Update lint-and-test.yml

* Update pyyaml dependency

* Update README.md (#246)

* Update README.md

* Add license badge

* rebase

* rebase onto master

* rebase

* make lint

* remove duplicate test

* update changelog

* add comment as for stack name rule

* make format

* rule not invoked for aurora

* make templates valid cloud formations (except for aurora one)

* make templates valid cloud formations

* Update tests/rules/test_StorageEncryptedRule.py

Co-authored-by: Ignacio Bolonio <[email protected]>

* add aurora comment

---------

Co-authored-by: Jordi Soucheiron <[email protected]>
Co-authored-by: Ignacio Bolonio <[email protected]>

* update changelog

---------

Co-authored-by: Jordi Soucheiron <[email protected]>
Co-authored-by: Ignacio Bolonio <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants