scripts/elb_is_secure.py [18:44]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - for listener in listeners_obj['Listeners']: if desired_protocol != listener['Protocol']: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': 'Insecure %s protocol being used for the load balancer' % listener['Protocol'] } if int(desired_port) != listener['Port']: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': '%s port being used for the load balancer rather than %s' % (listener['Port'], desired_port) } if len(listener['Certificates']) < 1: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': 'Does not have a SSL Cert installed' } for cert in listener['Certificates']: if 'CertificateArn' not in cert: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': 'Invalid SSL Cert installed - no ARN found' } return { 'compliance_type': 'COMPLIANT', 'annotation': 'Load balancer is secure' } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - templates/config-rules.yaml [211:236]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - for listener in listeners_obj['Listeners']: if desired_protocol != listener['Protocol']: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': 'Insecure %s protocol being used for the load balancer' % listener['Protocol'] } if int(desired_port) != listener['Port']: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': '%s port being used for the load balancer rather than %s' % (listener['Port'], desired_port) } if len(listener['Certificates']) < 1: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': 'Does not have a SSL Cert installed' } for cert in listener['Certificates']: if 'CertificateArn' not in cert: return { 'compliance_type': 'NON_COMPLIANT', 'annotation': 'Invalid SSL Cert installed - no ARN found' } return { 'compliance_type': 'COMPLIANT', 'annotation': 'Load balancer is secure' } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -