in code/cfn_s3_versioning.py [0:0]
def evaluate_template(template, job_id):
# Validate rules and increase risk value
#print(template)
risk = 0
failedRules = []
print("----------------")
template = json.loads(template)
#print(template)
for r in template['Resources']:
#print(template['Resources'][r])
for s in template['Resources'][r]:
#print(s)
if template['Resources'][r][s] == template['Resources'][r]['Type']:
#print(template['Resources'][r]['Type'])
if template['Resources'][r]['Type'] == 'AWS::S3::Bucket':
#print(template['Resources'][r]['Properties'])
try:
if template['Resources'][r]['Properties']['VersioningConfiguration']['Status'] != 'Enabled':
if template['Resources'][r]['Properties']['VersioningConfiguration']['Status'] == 'Disabled':
print('Found s3 bucket with versioning disabled.')
if template['Resources'][r]['Properties']['VersioningConfiguration']['Status'] == 'Suspended':
print('Found s3 bucket with versioning suspended.')
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("s3 versioning flag is neither Enabled or Suspended.")
print("killing job")
put_job_failure(job_id, "s3 versioning flag is neither Enabled or Suspended.")
else:
risk = 11
except:
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("s3 bucket does not have VersionConfiguration configured.")
print("killing job")
put_job_failure(job_id, "s3 bucket does not have VersionConfiguration configured.")
print('s3 bucket does not have VersionConfiguration configured..')
print("----------------")
if risk > 10:
print("good job")
put_job_success(job_id, 'Job succesful, minimal or no risk detected.')
return risk, failedRules