in code/cfn_encrypted_ebs.py [0:0]
def evaluate_template(template, job_id):
# Validate rules and increase risk value
#print(template)
risk = 0
failedRules = []
print("----------------")
template = json.loads(template)
#print(template)
for r in template['Resources']:
#print(template['Resources'][r])
for s in template['Resources'][r]:
#print(s)
if template['Resources'][r][s] == template['Resources'][r]['Type']:
#print(template['Resources'][r]['Type'])
if template['Resources'][r]['Type'] == 'AWS::EC2::Volume':
#print(template['Resources'][r]['Properties'])
try:
if template['Resources'][r]['Properties']['Encrypted'] == 'true':
print('Found encrypted EBS volume')
if template['Resources'][r]['Properties']['Encrypted'] == 'false':
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("Found unencrypted EBS volume.")
print("killing job")
put_job_failure(job_id, "EBS Encryption is set to false")
print('EBS encryption flag is neither true or false.')
except:
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("EBS volume with no encryption configured.")
print("killing job")
put_job_failure(job_id, "EBS Encryption is set to false")
print("----------------")
if risk > 10:
print("good job")
put_job_success(job_id, 'Job succesful, minimal or no risk detected.')
return risk, failedRules