cfn_nag

cfn_nag

Linting tool for CloudFormation templates

The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure. Roughly speaking, it will look for:

• IAM rules that are too permissive (wildcards)
• Security group rules that are too permissive (wildcards)
• Access logs that aren’t enabled
• Encryption that isn’t enabled
• Password literals

For more background on the tool, please see this post at Stelligent’s blog:

Finding Security Problems Early in the Development Process of a CloudFormation Template with “cfn-nag”