ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4423/python/how-to-fix-it/aws-cdk.adoc
Loris S 1a84c758e1
Modify S4423: Learn-As-You-Code Migration (#2097) 
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
2023-06-20 15:36:01 +00:00

68 lines
2.1 KiB
Plaintext
Raw Blame History

== How to fix it in AWS CDK
=== Code examples
==== Noncompliant code example
[source,python,diff-id=1,diff-type=noncompliant]
----
from aws_cdk.aws_apigateway import DomainName, SecurityPolicy
class ExampleStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
DomainName(self, "example",
domain_name="example.com",
certificate=certificate,
security_policy=SecurityPolicy.TLS_1_0 # Noncompliant
)
----
By default, AWS's OpenSearch service `CfnDomains` enables TLS 1.0, a weak
cryptographic algorithm.
[source,python,diff-id=2,diff-type=noncompliant]
----
from aws_cdk.aws_opensearchservice import CfnDomain, EngineVersion
class ExampleStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
CfnDomain(self, "example",
version=EngineVersion.OPENSEARCH_1_3
) # Noncompliant
----
==== Compliant solution
[source,python,diff-id=1,diff-type=compliant]
----
from aws_cdk.aws_apigateway import DomainName, SecurityPolicy
class ExampleStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
DomainName(self, "example",
domain_name="example.com",
certificate=certificate,
security_policy=SecurityPolicy.TLS_1_2
)
----
[source,python,diff-id=2,diff-type=compliant]
----
from aws_cdk.aws_opensearchservice import CfnDomain, EngineVersion
class ExampleStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
CfnDomain(self, "example",
version=EngineVersion.OPENSEARCH_1_3
domain_endpoint_options=CfnDomain.DomainEndpointOptionsProperty(
tls_security_policy="Policy-Min-TLS-1-2-2019-07"
)
)
----
=== How does this work?
include::../../common/fix/fix.adoc[]
Reference in New Issue View Git Blame Copy Permalink