github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/documentdb/encryption_customer_key.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/documentdb/encryption_customer_key.tf.go (about)

     1  package documentdb
     2  
     3  var terraformEncryptionCustomerKeyGoodExamples = []string{
     4  	`
     5   resource "aws_kms_key" "docdb_encryption" {
     6   	enable_key_rotation = true
     7   }
     8   			
     9   resource "aws_docdb_cluster" "docdb" {
    10     cluster_identifier      = "my-docdb-cluster"
    11     engine                  = "docdb"
    12     master_username         = "foo"
    13     master_password         = "mustbeeightchars"
    14     backup_retention_period = 5
    15     preferred_backup_window = "07:00-09:00"
    16     skip_final_snapshot     = true
    17     kms_key_id 			  = aws_kms_key.docdb_encryption.arn
    18   }
    19   `,
    20  }
    21  
    22  var terraformEncryptionCustomerKeyBadExamples = []string{
    23  	`
    24   resource "aws_docdb_cluster" "docdb" {
    25     cluster_identifier      = "my-docdb-cluster"
    26     engine                  = "docdb"
    27     master_username         = "foo"
    28     master_password         = "mustbeeightchars"
    29     backup_retention_period = 5
    30     preferred_backup_window = "07:00-09:00"
    31     skip_final_snapshot     = true
    32   }
    33   `,
    34  }
    35  
    36  var terraformEncryptionCustomerKeyLinks = []string{
    37  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id`,
    38  }
    39  
    40  var terraformEncryptionCustomerKeyRemediationMarkdown = ``