Skip to content


Sample rules

A few rules that use objects from this package:

from typing import List, Dict

from import AwsEnvironmentContext
from import KeyManager
from import AwsBaseRule
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType

class FsxWindowsFileSystemEncryptedAtRestWithCustomerManagedCmkRule(AwsBaseRule):

    def get_id(self) -> str:
        return 'non_car_fsx_windows_file_system_encrypted_at_rest_with_customer_managed_cmk'

    def execute(self, env_context: AwsEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []

        for fsx_windows_file_system in env_context.fsx_windows_file_systems:
            if fsx_windows_file_system.is_new_resource():
                if not fsx_windows_file_system.kms_data or fsx_windows_file_system.kms_data.key_manager != KeyManager.CUSTOMER:
                            f'The FSx Windows File System `{fsx_windows_file_system.get_friendly_name()}` is not set to be encrypted at rest using customer-managed CMK',
                            fsx_windows_file_system, fsx_windows_file_system))
        return issues

    def should_run_rule(self, environment_context: AwsEnvironmentContext) -> bool:
        return bool(environment_context.fsx_windows_file_systems)

FsxWindowsFileSystem (AwsResource)


Name Type Description
fsx_windows_file_system_id str

The ID of this Fsx Windows File System.

kms_key_id Optional[str]

The ARN of the KMS key used for encryption.

kms_data Optional[KmsKey]

The actual KMS key data used for encryption.

arn str

This resource's ARN.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process