github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go (about)

     1  package cloudtrail
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/framework"
     6  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     7  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     8  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     9  	"github.com/khulnasoft-lab/defsec/pkg/state"
    10  )
    11  
    12  var CheckEnableAllRegions = rules.Register(
    13  	scan.Rule{
    14  		AVDID:     "AVD-AWS-0014",
    15  		Provider:  providers.AWSProvider,
    16  		Service:   "cloudtrail",
    17  		ShortCode: "enable-all-regions",
    18  		Frameworks: map[framework.Framework][]string{
    19  			framework.Default:     nil,
    20  			framework.CIS_AWS_1_2: {"2.5"},
    21  		},
    22  		Summary:     "Cloudtrail should be enabled in all regions regardless of where your AWS resources are generally homed",
    23  		Impact:      "Activity could be happening in your account in a different region",
    24  		Resolution:  "Enable Cloudtrail in all regions",
    25  		Explanation: `When creating Cloudtrail in the AWS Management Console the trail is configured by default to be multi-region, this isn't the case with the Terraform resource. Cloudtrail should cover the full AWS account to ensure you can track changes in regions you are not actively operting in.`,
    26  		Links: []string{
    27  			"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html",
    28  		},
    29  		Terraform: &scan.EngineMetadata{
    30  			GoodExamples:        terraformEnableAllRegionsGoodExamples,
    31  			BadExamples:         terraformEnableAllRegionsBadExamples,
    32  			Links:               terraformEnableAllRegionsLinks,
    33  			RemediationMarkdown: terraformEnableAllRegionsRemediationMarkdown,
    34  		},
    35  		CloudFormation: &scan.EngineMetadata{
    36  			GoodExamples:        cloudFormationEnableAllRegionsGoodExamples,
    37  			BadExamples:         cloudFormationEnableAllRegionsBadExamples,
    38  			Links:               cloudFormationEnableAllRegionsLinks,
    39  			RemediationMarkdown: cloudFormationEnableAllRegionsRemediationMarkdown,
    40  		},
    41  		Severity: severity.Medium,
    42  	},
    43  	func(s *state.State) (results scan.Results) {
    44  		for _, trail := range s.AWS.CloudTrail.Trails {
    45  			if trail.IsMultiRegion.IsFalse() {
    46  				results.Add(
    47  					"Trail is not enabled across all regions.",
    48  					trail.IsMultiRegion,
    49  				)
    50  			} else {
    51  				results.AddPassed(&trail)
    52  			}
    53  		}
    54  		return
    55  	},
    56  )