github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go (about)

     1  package elasticsearch
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckEnableDomainLogging = rules.Register(
    12  	scan.Rule{
    13  		AVDID:      "AVD-AWS-0042",
    14  		Provider:   providers.AWSProvider,
    15  		Service:    "elastic-search",
    16  		ShortCode:  "enable-domain-logging",
    17  		Summary:    "Domain logging should be enabled for Elastic Search domains",
    18  		Impact:     "Logging provides vital information about access and usage",
    19  		Resolution: "Enable logging for ElasticSearch domains",
    20  		Explanation: `Amazon ES exposes four Elasticsearch logs through Amazon CloudWatch Logs: error logs, search slow logs, index slow logs, and audit logs. 
    21  
    22  Search slow logs, index slow logs, and error logs are useful for troubleshooting performance and stability issues. 
    23  
    24  Audit logs track user activity for compliance purposes. 
    25  
    26  All the logs are disabled by default.`,
    27  		Links: []string{
    28  			"https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createdomain-configure-slow-logs.html",
    29  		},
    30  		Terraform: &scan.EngineMetadata{
    31  			GoodExamples:        terraformEnableDomainLoggingGoodExamples,
    32  			BadExamples:         terraformEnableDomainLoggingBadExamples,
    33  			Links:               terraformEnableDomainLoggingLinks,
    34  			RemediationMarkdown: terraformEnableDomainLoggingRemediationMarkdown,
    35  		},
    36  		CloudFormation: &scan.EngineMetadata{
    37  			GoodExamples:        cloudFormationEnableDomainLoggingGoodExamples,
    38  			BadExamples:         cloudFormationEnableDomainLoggingBadExamples,
    39  			Links:               cloudFormationEnableDomainLoggingLinks,
    40  			RemediationMarkdown: cloudFormationEnableDomainLoggingRemediationMarkdown,
    41  		},
    42  		Severity: severity.Medium,
    43  	},
    44  	func(s *state.State) (results scan.Results) {
    45  		for _, domain := range s.AWS.Elasticsearch.Domains {
    46  			if domain.LogPublishing.AuditEnabled.IsFalse() {
    47  				results.Add(
    48  					"Domain audit logging is not enabled.",
    49  					domain.LogPublishing.AuditEnabled,
    50  				)
    51  			} else {
    52  				results.AddPassed(&domain)
    53  			}
    54  		}
    55  		return
    56  	},
    57  )