github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/rules/aws/s3/dns_compliant_name.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/rules/aws/s3/dns_compliant_name.rego (about)

     1  # METADATA
     2  # title: "S3 DNS Compliant Bucket Names"
     3  # description: "Ensures that S3 buckets have DNS complaint bucket names."
     4  # scope: package
     5  # schemas:
     6  # - input: schema["cloud"]
     7  # related_resources:
     8  # - https://docs.aws.amazon.com/AmazonS3/latest./dev/transfer-acceleration.html
     9  # custom:
    10  #   avd_id: AVD-AWS-0320
    11  #   provider: aws
    12  #   service: s3
    13  #   severity: MEDIUM
    14  #   short_code: dns-compliant-name
    15  #   recommended_action: "Recreate S3 bucket to use - instead of . in S3 bucket names"
    16  #   input:
    17  #     selector:
    18  #     - type: cloud
    19  #       subtypes:
    20  #         - service: s3
    21  #           provider: aws
    22  package builtin.aws.s3.aws0320
    23  
    24  deny[res] {
    25  	bucket := input.aws.s3.buckets[_]
    26  	indexof(bucket.name.value, ".") != -1
    27  	res := result.new("S3 bucket name is not compliant with DNS naming requirements", bucket.name)
    28  }