github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/rules/aws/s3/enable_logging.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/rules/aws/s3/enable_logging.rego (about)

     1  # METADATA
     2  # title: "S3 Bucket Logging"
     3  # description: "Ensures S3 bucket logging is enabled for S3 buckets."
     4  # scope: package
     5  # schemas:
     6  # - input: schema["cloud"]
     7  # related_resources:
     8  # - http://docs.aws.amazon.com/AmazonS3/latest/dev/Logging.html
     9  # custom:
    10  #   avd_id: AVD-AWS-0321
    11  #   provider: aws
    12  #   service: s3
    13  #   severity: LOW
    14  #   short_code: enable-logging
    15  #   recommended_action: "Enable bucket logging for each S3 bucket."
    16  #   input:
    17  #     selector:
    18  #     - type: cloud
    19  #       subtypes:
    20  #         - service: s3
    21  #           provider: aws
    22  package builtin.aws.s3.aws0321
    23  
    24  deny[res] {
    25  	bucket := input.aws.s3.buckets[_]
    26  	not bucket.logging.enabled.value
    27  	res := result.new("Bucket has logging disabled", bucket.logging.enabled)
    28  }