github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/eks/enable_control_plane_logging.tf.go (about) 1 package eks 2 3 var terraformEnableControlPlaneLoggingGoodExamples = []string{ 4 ` 5 resource "aws_eks_cluster" "good_example" { 6 encryption_config { 7 resources = [ "secrets" ] 8 provider { 9 key_arn = var.kms_arn 10 } 11 } 12 13 enabled_cluster_log_types = ["api", "authenticator", "audit", "scheduler", "controllerManager"] 14 15 name = "good_example_cluster" 16 role_arn = var.cluster_arn 17 vpc_config { 18 endpoint_public_access = false 19 } 20 } 21 `, 22 } 23 24 var terraformEnableControlPlaneLoggingBadExamples = []string{ 25 ` 26 resource "aws_eks_cluster" "bad_example" { 27 encryption_config { 28 resources = [ "secrets" ] 29 provider { 30 key_arn = var.kms_arn 31 } 32 } 33 34 name = "bad_example_cluster" 35 role_arn = var.cluster_arn 36 vpc_config { 37 endpoint_public_access = false 38 } 39 } 40 `, 41 } 42 43 var terraformEnableControlPlaneLoggingLinks = []string{ 44 `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabled_cluster_log_types`, 45 } 46 47 var terraformEnableControlPlaneLoggingRemediationMarkdown = ``