github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.tf.go (about)

     1  package cloudtrail
     2  
     3  var terraformEnableAtRestEncryptionGoodExamples = []string{
     4  	`
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7     enable_log_file_validation = true
     8     kms_key_id = var.kms_id
     9   
    10     event_selector {
    11       read_write_type           = "All"
    12       include_management_events = true
    13   
    14       data_resource {
    15         type = "AWS::S3::Object"
    16         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    17       }
    18     }
    19   }
    20   `,
    21  }
    22  
    23  var terraformEnableAtRestEncryptionBadExamples = []string{
    24  	`
    25   resource "aws_cloudtrail" "bad_example" {
    26     is_multi_region_trail = true
    27   
    28     event_selector {
    29       read_write_type           = "All"
    30       include_management_events = true
    31   
    32       data_resource {
    33         type = "AWS::S3::Object"
    34         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    35       }
    36     }
    37   }
    38   `,
    39  }
    40  
    41  var terraformEnableAtRestEncryptionLinks = []string{
    42  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#kms_key_id`,
    43  }
    44  
    45  var terraformEnableAtRestEncryptionRemediationMarkdown = ``