github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.tf.go (about)

     1  package cloudtrail
     2  
     3  var terraformBucketAccessLoggingRequiredGoodExamples = []string{
     4  	`
     5   resource "aws_cloudtrail" "good_example" {
     6     is_multi_region_trail = true
     7     s3_bucket_name = "abcdefgh"
     8   
     9     event_selector {
    10       read_write_type           = "All"
    11       include_management_events = true
    12   
    13       data_resource {
    14         type = "AWS::S3::Object"
    15         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    16       }
    17     }
    18   }
    19  
    20  resource "aws_s3_bucket" "good_example" {
    21  	bucket = "abcdefgh"
    22  	logging {
    23  		target_bucket = "target-bucket"
    24  	}
    25  }
    26   `,
    27  }
    28  
    29  var terraformBucketAccessLoggingRequiredBadExamples = []string{
    30  	`
    31  resource "aws_cloudtrail" "bad_example" {
    32     s3_bucket_name = "abcdefgh"
    33     event_selector {
    34       read_write_type           = "All"
    35       include_management_events = true
    36   
    37       data_resource {
    38         type = "AWS::S3::Object"
    39         values = ["${data.aws_s3_bucket.important-bucket.arn}/"]
    40       }
    41     }
    42  }
    43  
    44  resource "aws_s3_bucket" "good_example" {
    45  	bucket = "abcdefgh"
    46  	
    47  }
    48   `,
    49  }
    50  
    51  var terraformBucketAccessLoggingRequiredLinks = []string{
    52  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#is_multi_region_trail`,
    53  }
    54  
    55  var terraformBucketAccessLoggingRequiredRemediationMarkdown = ``