github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_log_validation.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/enable_log_validation.tf.go (about)

     1  package cloudtrail
     2  
     3  var terraformEnableLogValidationGoodExamples = []string{
     4  	`
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7     enable_log_file_validation = true
     8   
     9     event_selector {
    10       read_write_type           = "All"
    11       include_management_events = true
    12   
    13       data_resource {
    14         type = "AWS::S3::Object"
    15         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    16       }
    17     }
    18   }
    19   `,
    20  }
    21  
    22  var terraformEnableLogValidationBadExamples = []string{
    23  	`
    24   resource "aws_cloudtrail" "bad_example" {
    25     is_multi_region_trail = true
    26   
    27     event_selector {
    28       read_write_type           = "All"
    29       include_management_events = true
    30   
    31       data_resource {
    32         type = "AWS::S3::Object"
    33         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    34       }
    35     }
    36   }
    37   `,
    38  }
    39  
    40  var terraformEnableLogValidationLinks = []string{
    41  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#enable_log_file_validation`,
    42  }
    43  
    44  var terraformEnableLogValidationRemediationMarkdown = ``