github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ecs/no_plaintext_secrets.cf.go (about) 1 package ecs 2 3 var cloudFormationNoPlaintextSecretsGoodExamples = []string{ 4 `--- 5 Resources: 6 GoodExample: 7 Type: 'AWS::ECS::Cluster' 8 Properties: 9 ClusterName: MyCluster 10 ClusterSettings: 11 - Name: containerInsights 12 Value: enabled 13 GoodTask: 14 Type: AWS::ECS::TaskDefinition 15 Properties: 16 Family: "CFSec scan" 17 Cpu: 512 18 Memory: 1024 19 NetworkMode: awsvpc 20 RequiresCompatibilities: 21 - FARGATE 22 - EC2 23 ContainerDefinitions: 24 - Name: cfsec 25 Image: cfsec/cfsec:latest 26 MountPoints: 27 - SourceVolume: src 28 ContainerPath: /src 29 LogConfiguration: 30 LogDriver: awslogs 31 Options: 32 awslogs-group: "cfsec-logs" 33 awslogs-region: !Ref AWS::Region 34 awslogs-stream-prefix: "cfsec" 35 Volumes: 36 - Name: jenkins-home 37 EFSVolumeConfiguration: 38 FilesystemId: "fs1" 39 TransitEncryption: ENABLED 40 `, 41 } 42 43 var cloudFormationNoPlaintextSecretsBadExamples = []string{ 44 `--- 45 Resources: 46 BadExample: 47 Type: 'AWS::ECS::Cluster' 48 Properties: 49 ClusterName: MyCluster 50 ClusterSettings: 51 - Name: containerInsights 52 Value: enabled 53 BadTask: 54 Type: AWS::ECS::TaskDefinition 55 Properties: 56 Family: "CFSec scan" 57 Cpu: 512 58 Memory: 1024 59 NetworkMode: awsvpc 60 RequiresCompatibilities: 61 - FARGATE 62 - EC2 63 ContainerDefinitions: 64 - Name: cfsec 65 Image: cfsec/cfsec:latest 66 Environment: 67 - Name: AWS_ACCESS_KEY_ID 68 Value: AIPA8YOHGIS58IBFDU3E 69 MountPoints: 70 - SourceVolume: src 71 ContainerPath: /src 72 LogConfiguration: 73 LogDriver: awslogs 74 Options: 75 awslogs-group: "cfsec-logs" 76 awslogs-region: !Ref AWS::Region 77 awslogs-stream-prefix: "cfsec" 78 Volumes: 79 - Name: jenkins-home 80 EFSVolumeConfiguration: 81 FilesystemId: "fs1" 82 TransitEncryption: DISABLED 83 `, 84 } 85 86 var cloudFormationNoPlaintextSecretsLinks = []string{} 87 88 var cloudFormationNoPlaintextSecretsRemediationMarkdown = ``