Sign in
Categories
Migration Mapping Assistant Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

cfn_nag

Mphasis Stelligent | 0.4.47

Linux/Unix, Amazon Linux 2 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

1 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 1
  • 1 star
    0

    DevOpsGuru

Disappointing quality control

  • December 11, 2019
  • Review verified by AWS Marketplace

AMI (launched 2 days after announcement) had 7 system packages that needed to be updated for security vulnerabilities

cfn_nag was configured to use a custom built Ruby 2.5.1 installation (which has many, many CVEs compared to current 2.5.7 or 2.6.5 releases), instead of the amazon-linux-extras 2.6 ruby install.

Custom Ruby was set as a system installation but cfn_nag was installed as a local gem for the ec2-user unix user

This Marketplace AMI is not configured for high performance EC2 node types

The AWS_REGION environment variable is inexplicably set to "US_EAST_1" (not a valid designation for us-east-1 as far as I know)

The EULA for this AMI is buggy and I'm not sure it's been proofread or run by a lawyer.

I don't know who this AMI is targeted at (people with trouble installing ruby and cfn-nag?) but as-is the attention to detail is such that I would never suggest that anyone run it.


showing 1 - 1