github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ecr/repository_customer_key.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ecr/repository_customer_key.tf.go (about)

     1  package ecr
     2  
     3  var terraformRepositoryCustomerKeyGoodExamples = []string{
     4  	`
     5   resource "aws_kms_key" "ecr_kms" {
     6   	enable_key_rotation = true
     7   }
     8   
     9   resource "aws_ecr_repository" "good_example" {
    10   	name                 = "bar"
    11   	image_tag_mutability = "MUTABLE"
    12     
    13   	image_scanning_configuration {
    14   	  scan_on_push = true
    15   	}
    16   
    17   	encryption_configuration {
    18   		encryption_type = "KMS"
    19   		kms_key = aws_kms_key.ecr_kms.key_id
    20   	}
    21     }
    22   `,
    23  }
    24  
    25  var terraformRepositoryCustomerKeyBadExamples = []string{
    26  	`
    27   resource "aws_ecr_repository" "bad_example" {
    28   	name                 = "bar"
    29   	image_tag_mutability = "MUTABLE"
    30     
    31   	image_scanning_configuration {
    32   	  scan_on_push = true
    33   	}
    34     }
    35   `,
    36  }
    37  
    38  var terraformRepositoryCustomerKeyLinks = []string{
    39  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#encryption_configuration`,
    40  }
    41  
    42  var terraformRepositoryCustomerKeyRemediationMarkdown = ``