github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/athena/enable_at_rest_encryption.tf.go (about) 1 package athena 2 3 var terraformEnableAtRestEncryptionGoodExamples = []string{ 4 ` 5 resource "aws_athena_database" "good_example" { 6 name = "database_name" 7 bucket = aws_s3_bucket.hoge.bucket 8 9 encryption_configuration { 10 encryption_option = "SSE_KMS" 11 kms_key_arn = aws_kms_key.example.arn 12 } 13 } 14 15 resource "aws_athena_workgroup" "good_example" { 16 name = "example" 17 18 configuration { 19 enforce_workgroup_configuration = true 20 publish_cloudwatch_metrics_enabled = true 21 22 result_configuration { 23 output_location = "s3://${aws_s3_bucket.example.bucket}/output/" 24 25 encryption_configuration { 26 encryption_option = "SSE_KMS" 27 kms_key_arn = aws_kms_key.example.arn 28 } 29 } 30 } 31 } 32 `, 33 } 34 35 var terraformEnableAtRestEncryptionBadExamples = []string{ 36 ` 37 resource "aws_athena_database" "bad_example" { 38 name = "database_name" 39 bucket = aws_s3_bucket.hoge.bucket 40 } 41 42 resource "aws_athena_workgroup" "bad_example" { 43 name = "example" 44 45 configuration { 46 enforce_workgroup_configuration = true 47 publish_cloudwatch_metrics_enabled = true 48 49 result_configuration { 50 output_location = "s3://${aws_s3_bucket.example.bucket}/output/" 51 } 52 } 53 } 54 `, 55 } 56 57 var terraformEnableAtRestEncryptionLinks = []string{ 58 `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#encryption_configuration`, `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration`, 59 } 60 61 var terraformEnableAtRestEncryptionRemediationMarkdown = ``