Investigate whether MfaConfiguration=ON for AWS::Cognito::UserPool is a sane check #67
Assignees
Labels
Comments
ghost
changed the title
ghost
reopened this
tmcelhattan
pushed a commit
that referenced
this issue
Feb 7, 2020
…ool MfaConfiguration set to 'ON' or 'OPTIONAL'
ghost
pushed a commit
that referenced
this issue
Feb 17, 2020
#366) #67 - Adding rule to check for Cognito UserPool MfaConfiguration set to 'ON' or 'OPTIONAL' * cleaning up * change rule to failing violation * refactors * Refactoring rule. Added util script and methods for checking if property is referencing a parameter and for getting that parameter's Default value * #369 PRESUMING that unwrapped on/off will cause cloudformation to fail.... this hopefully simplifies the search for OFF 1. ignore a boolean parse of on/off given cfn will just blow 2. don't sweat trying to resolve parameter values from the rule - that's a job for the model. when the cognito_user_pool_mfa_configuration_violations_all_variations_with_param_refs.yaml is parsed with parameter_value subsitution enabled... the default values of the parameter are applied. * cleaning up * rubocop Co-authored-by: Eric Kascic <eric.kascic@stelligent.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Will require understanding if there are any use cases where we really want it OFF or OPTIONAL..... might be a warning if we usually want ON, but can have a reason for other
The text was updated successfully, but these errors were encountered: