github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/athena/no_encryption_override.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/athena/no_encryption_override.tf.go (about)

     1  package athena
     2  
     3  var terraformNoEncryptionOverrideGoodExamples = []string{
     4  	`
     5   resource "aws_athena_workgroup" "good_example" {
     6     name = "example"
     7   
     8     configuration {
     9       enforce_workgroup_configuration    = true
    10       publish_cloudwatch_metrics_enabled = true
    11   
    12       result_configuration {
    13         output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
    14   
    15         encryption_configuration {
    16           encryption_option = "SSE_KMS"
    17           kms_key_arn       = aws_kms_key.example.arn
    18         }
    19       }
    20     }
    21   }
    22   `,
    23  }
    24  
    25  var terraformNoEncryptionOverrideBadExamples = []string{
    26  	`
    27   resource "aws_athena_workgroup" "bad_example" {
    28     name = "example"
    29   
    30     configuration {
    31       enforce_workgroup_configuration    = false
    32       publish_cloudwatch_metrics_enabled = true
    33   
    34       result_configuration {
    35         output_location = "s3://${aws_s3_bucket.example.bucket}/output/"
    36   
    37         encryption_configuration {
    38           encryption_option = "SSE_KMS"
    39           kms_key_arn       = aws_kms_key.example.arn
    40         }
    41       }
    42     }
    43   }
    44   
    45   resource "aws_athena_workgroup" "bad_example" {
    46     name = "example"
    47   
    48   }
    49   `,
    50  }
    51  
    52  var terraformNoEncryptionOverrideLinks = []string{
    53  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#configuration`,
    54  }
    55  
    56  var terraformNoEncryptionOverrideRemediationMarkdown = ``