github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.tf.go (about)

     1  package cloudtrail
     2  
     3  var terraformEnsureCloudwatchIntegrationGoodExamples = []string{
     4  	`
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7     cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.example.arn}:*" 
     8  
     9   
    10     event_selector {
    11       read_write_type           = "All"
    12       include_management_events = true
    13   
    14       data_resource {
    15         type = "AWS::S3::Object"
    16         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    17       }
    18     }
    19   }
    20  
    21  resource "aws_cloudwatch_log_group" "example" {
    22    name = "Example"
    23  }
    24   `,
    25  }
    26  
    27  var terraformEnsureCloudwatchIntegrationBadExamples = []string{
    28  	`
    29  resource "aws_cloudtrail" "bad_example" {
    30     event_selector {
    31       read_write_type           = "All"
    32       include_management_events = true
    33   
    34       data_resource {
    35         type = "AWS::S3::Object"
    36         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    37       }
    38     }
    39  }
    40   `,
    41  }
    42  
    43  var terraformEnsureCloudwatchIntegrationLinks = []string{
    44  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail`,
    45  }
    46  
    47  var terraformEnsureCloudwatchIntegrationRemediationMarkdown = ``