Updates - The rules `EC2SecurityGroupOpenToWorldRule` and `EC2SecurityGroupIngressOpenToWorldRule` were by default allowing ports 80 and 443. This has now been migrated to use a filter object, that can be optionally applied. See the README for further details. This means if the filter is not applied, Security Groups open to the world on ports 80 and 443 will start failing in CFRipper.
1.1.2
Not secure
Fixes - Add a fix to the `KMSKeyEnabledKeyRotation` rule to be able to detect the `EnableKeyRotation` property properly.
1.1.1
Not secure
Fixes - Add a fix to the `PartialWildcardPrincipal` rule to be able to detect policies where whole account access is specified via just the account ID. - For example, if the Principal was defined as `Principal: AWS: 123456789012` as opposed to `Principal: AWS: arn:aws:iam::123456789012:root`. - These are identical: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
1.1.0
Not secure
Improvements - Add `S3ObjectVersioning` rule - Update `pycfmodel` to `0.11.0` - This includes model support for S3 Buckets. Rules against these resources have been updated (alongside tests).
1.0.9
Not secure
Improvements - Update valid AWS Account IDs that might be included as principals on policies. - This list now covers ELB Logs, CloudTrail Logs, Redshift Audit, and ElastiCache backups. - `WildCardResourceRule` is now triggered by resources that only limit by service (ex: `arn:aws:s3:::*`)