Skip to content


Sample rules

A few rules that use objects from this package:

from typing import List, Dict

from import AwsEnvironmentContext
from import AwsBaseRule
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType

class EnsureDaxClustersEncryptedRule(AwsBaseRule):

    def get_id(self) -> str:
        return 'not_car_dynamodb_dax_clusters_encrypted_at_rest'

    def execute(self, env_context: AwsEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []

        for dax_cluster in env_context.dax_cluster:
            if dax_cluster.is_new_resource():
                if not dax_cluster.server_side_encryption:
                            f'The {dax_cluster.get_type()} `{dax_cluster.get_friendly_name()}` is not set '
                            f'to be encrypted at rest', dax_cluster, dax_cluster))
        return issues

    def should_run_rule(self, environment_context: AwsEnvironmentContext) -> bool:
        return bool(environment_context.dax_cluster)

DaxCluster (AwsResource)


Name Type Description
cluster_name str

The name of the DAX cluster.

server_side_encryption bool

True if SSE is enabled.

cluster_arn str

The ARN of the cluster.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process