github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_all_regions.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_all_regions.tf.go (about)

     1  package cloudtrail
     2  
     3  var terraformEnableAllRegionsGoodExamples = []string{
     4  	`
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7   
     8     event_selector {
     9       read_write_type           = "All"
    10       include_management_events = true
    11   
    12       data_resource {
    13         type = "AWS::S3::Object"
    14         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    15       }
    16     }
    17   }
    18   `,
    19  }
    20  
    21  var terraformEnableAllRegionsBadExamples = []string{
    22  	`
    23   resource "aws_cloudtrail" "bad_example" {
    24     event_selector {
    25       read_write_type           = "All"
    26       include_management_events = true
    27   
    28       data_resource {
    29         type = "AWS::S3::Object"
    30         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    31       }
    32     }
    33   }
    34   `,
    35  }
    36  
    37  var terraformEnableAllRegionsLinks = []string{
    38  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail`,
    39  }
    40  
    41  var terraformEnableAllRegionsRemediationMarkdown = ``