Skip to content

Instantly share code, notes, and snippets.

@danilop
Created June 11, 2018 17:40
Show Gist options
  • Save danilop/5e73bb1876f1673323d756c547aed65c to your computer and use it in GitHub Desktop.
Save danilop/5e73bb1876f1673323d756c547aed65c to your computer and use it in GitHub Desktop.
Run tests on all CLoudFormation resources in the stack
async function runTests() {
let tests = [];
// Unit tests
tests.push(testFunction(functionName)); // With version
// Check all resources in the stack
let resources = await listStackResources(stackId);
for (let r of resources) {
switch(r.ResourceType) {
case 'AWS::S3::Bucket':
tests.push(testS3EncryptionAtRest(r.PhysicalResourceId));
tests.push(testS3EncryptionInTransit(r.PhysicalResourceId));
/* Using AWS Config Rules, for example:
s3-bucket-logging-enabled
s3-bucket-replication-enabled
s3-bucket-versioning-enabled
s3-bucket-public-write-prohibited
s3-bucket-public-read-prohibited
s3-bucket-ssl-requests-only
s3-bucket-server-side-encryption-enabled
*/
tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
break;
case 'AWS::DynamoDB::Table':
tests.push(testDynamoDBEncryption(r.PhysicalResourceId));
tests.push(testDynamoDBBackup(r.PhysicalResourceId));
/* Using AWS Config Rules, for example:
dynamodb-autoscaling-enabled
dynamodb-throughput-limit-check
*/
tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
break;
case 'AWS::Lambda::Function':
if (r.PhysicalResourceId != currentFunctionName) {
tests.push(testFunction(r.PhysicalResourceId)); // No version
} else {
console.log("Skipping self invocation.");
}
/* Using AWS Config Rules, for example:
lambda-function-public-access-prohibited
lambda-function-settings-check
*/
tests.push(checkCompliance(r.ResourceType, r.PhysicalResourceId));
break;
default:
}
}
return Promise.all(tests);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment