Class: Terracop::Cop::Aws::DescribeSecurityGroupRules

Inherits:

Base

Object
Base
Terracop::Cop::Aws::DescribeSecurityGroupRules

show all

Defined in:: lib/terracop/cop/aws/describe_security_group_rules.rb

Overview

This cop checks for AWS Security Group rules with no description. Reading terraform code can immediately tell why a rule is in place, but the AWS console is a bit more cryptic and a description can help.

Examples:

# bad
resource "aws_security_group_rule" "rule" {
  source_security_group_id = "sg-123456"
}

# good
resource "aws_security_group_rule" "rule" {
  source_security_group_id = "sg-123456"
  description = "Traffic from the load balancer"
}

Instance Attribute Summary

Attributes inherited from Base

#attributes, #index, #name, #offenses, #type

Instance Method Summary collapse

#check ⇒ Object

Methods inherited from Base

config, cop_name, #human_name, #initialize, #offense, run

Constructor Details

This class inherits a constructor from Terracop::Cop::Base

Instance Method Details

#check ⇒ `Object`

# File 'lib/terracop/cop/aws/describe_security_group_rules.rb', line 27

def check
  return unless attributes['description'] == ''

  offense('Add a description to security group rules.')
end