github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudfront/enable_waf.tf.go (about) 1 package cloudfront 2 3 var terraformEnableWafGoodExamples = []string{ 4 ` 5 resource "aws_cloudfront_distribution" "good_example" { 6 7 origin { 8 domain_name = aws_s3_bucket.primary.bucket_regional_domain_name 9 origin_id = "primaryS3" 10 11 s3_origin_config { 12 origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path 13 } 14 } 15 16 origin { 17 domain_name = aws_s3_bucket.failover.bucket_regional_domain_name 18 origin_id = "failoverS3" 19 20 s3_origin_config { 21 origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path 22 } 23 } 24 25 default_cache_behavior { 26 target_origin_id = "groupS3" 27 } 28 29 web_acl_id = "waf_id" 30 } 31 `, 32 } 33 34 var terraformEnableWafBadExamples = []string{ 35 ` 36 resource "aws_cloudfront_distribution" "bad_example" { 37 origin_group { 38 origin_id = "groupS3" 39 40 failover_criteria { 41 status_codes = [403, 404, 500, 502] 42 } 43 44 member { 45 origin_id = "primaryS3" 46 } 47 } 48 49 origin { 50 domain_name = aws_s3_bucket.primary.bucket_regional_domain_name 51 origin_id = "primaryS3" 52 53 s3_origin_config { 54 origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path 55 } 56 } 57 58 origin { 59 domain_name = aws_s3_bucket.failover.bucket_regional_domain_name 60 origin_id = "failoverS3" 61 62 s3_origin_config { 63 origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path 64 } 65 } 66 67 default_cache_behavior { 68 target_origin_id = "groupS3" 69 } 70 } 71 `, 72 } 73 74 var terraformEnableWafLinks = []string{ 75 `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id`, 76 } 77 78 var terraformEnableWafRemediationMarkdown = ``