danilop/runTests.js

## runTests.js
async function runTests() {

	let tests = [];

	// Unit tests
	tests.push(testFunction(functionName)); // With version

	// Check all resources in the stack
	let resources = await listStackResources(stackId);

	for (let r of resources) {
		switch(r.ResourceType) {
			case 'AWS::S3::Bucket':
				tests.push(testS3EncryptionAtRest(r.PhysicalResourceId));
				tests.push(testS3EncryptionInTransit(r.PhysicalResourceId));
				/* Using AWS Config Rules, for example:
					s3-bucket-logging-enabled
					s3-bucket-replication-enabled
					s3-bucket-versioning-enabled
					s3-bucket-public-write-prohibited
					s3-bucket-public-read-prohibited
					s3-bucket-ssl-requests-only
					s3-bucket-server-side-encryption-enabled
				*/
				tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
				break;
			case 'AWS::DynamoDB::Table':
				tests.push(testDynamoDBEncryption(r.PhysicalResourceId));
				tests.push(testDynamoDBBackup(r.PhysicalResourceId));
				/* Using AWS Config Rules, for example:
					dynamodb-autoscaling-enabled
					dynamodb-throughput-limit-check
				*/
				tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
				break;
			case 'AWS::Lambda::Function':
				if (r.PhysicalResourceId != currentFunctionName) {
					tests.push(testFunction(r.PhysicalResourceId)); // No version
				} else {
					console.log("Skipping self invocation.");
				}
				/* Using AWS Config Rules, for example:
					lambda-function-public-access-prohibited
					lambda-function-settings-check
				*/
				tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
				break;
			default:
		}
	}

	return Promise.all(tests);
}
	async function runTests() {

	let tests = [];

	// Unit tests
	tests.push(testFunction(functionName)); // With version

	// Check all resources in the stack
	let resources = await listStackResources(stackId);

	for (let r of resources) {
	switch(r.ResourceType) {
	case 'AWS::S3::Bucket':
	tests.push(testS3EncryptionAtRest(r.PhysicalResourceId));
	tests.push(testS3EncryptionInTransit(r.PhysicalResourceId));
	/* Using AWS Config Rules, for example:
	s3-bucket-logging-enabled
	s3-bucket-replication-enabled
	s3-bucket-versioning-enabled
	s3-bucket-public-write-prohibited
	s3-bucket-public-read-prohibited
	s3-bucket-ssl-requests-only
	s3-bucket-server-side-encryption-enabled
	*/
	tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
	break;
	case 'AWS::DynamoDB::Table':
	tests.push(testDynamoDBEncryption(r.PhysicalResourceId));
	tests.push(testDynamoDBBackup(r.PhysicalResourceId));
	/* Using AWS Config Rules, for example:
	dynamodb-autoscaling-enabled
	dynamodb-throughput-limit-check
	*/
	tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
	break;
	case 'AWS::Lambda::Function':
	if (r.PhysicalResourceId != currentFunctionName) {
	tests.push(testFunction(r.PhysicalResourceId)); // No version
	} else {
	console.log("Skipping self invocation.");
	}
	/* Using AWS Config Rules, for example:
	lambda-function-public-access-prohibited
	lambda-function-settings-check
	*/
	tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
	break;
	default:
	}
	}

	return Promise.all(tests);
	}