github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/no_public_log_access.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/no_public_log_access.tf.go (about)

     1  package cloudtrail
     2  
     3  var terraformNoPublicLogAccessGoodExamples = []string{
     4  	`
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7     s3_bucket_name = "abcdefgh"
     8   
     9     event_selector {
    10       read_write_type           = "All"
    11       include_management_events = true
    12   
    13       data_resource {
    14         type = "AWS::S3::Object"
    15         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    16       }
    17     }
    18   }
    19  
    20  resource "aws_s3_bucket" "good_example" {
    21  	bucket = "abcdefgh"
    22  	acl = "private"
    23  }
    24   `,
    25  }
    26  
    27  var terraformNoPublicLogAccessBadExamples = []string{
    28  	`
    29  resource "aws_cloudtrail" "bad_example" {
    30     s3_bucket_name = "abcdefgh"
    31     event_selector {
    32       read_write_type           = "All"
    33       include_management_events = true
    34   
    35       data_resource {
    36         type = "AWS::S3::Object"
    37         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    38       }
    39     }
    40  }
    41  
    42  resource "aws_s3_bucket" "good_example" {
    43  	bucket = "abcdefgh"
    44  	acl = "public-read"
    45  }
    46   `,
    47  }
    48  
    49  var terraformNoPublicLogAccessLinks = []string{
    50  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail`,
    51  }
    52  
    53  var terraformNoPublicLogAccessRemediationMarkdown = ``