github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.cf.go (about) 1 package elasticsearch 2 3 var cloudFormationEnableInTransitEncryptionGoodExamples = []string{ 4 `--- 5 Resources: 6 GoodExample: 7 Type: AWS::Elasticsearch::Domain 8 Properties: 9 DomainName: 'test' 10 ElasticsearchVersion: '7.10' 11 EncryptionAtRestOptions: 12 Enabled: true 13 KmsKeyId: alias/kmskey 14 ElasticsearchClusterConfig: 15 DedicatedMasterEnabled: true 16 InstanceCount: '2' 17 ZoneAwarenessEnabled: true 18 InstanceType: 'm3.medium.elasticsearch' 19 DedicatedMasterType: 'm3.medium.elasticsearch' 20 DedicatedMasterCount: '3' 21 EBSOptions: 22 EBSEnabled: true 23 Iops: '0' 24 VolumeSize: '20' 25 VolumeType: 'gp2' 26 NodeToNodeEncryptionOptions: 27 Enabled: true 28 `, 29 } 30 31 var cloudFormationEnableInTransitEncryptionBadExamples = []string{ 32 `--- 33 Resources: 34 BadExample: 35 Type: AWS::Elasticsearch::Domain 36 Properties: 37 DomainName: 'test' 38 ElasticsearchVersion: '7.10' 39 ElasticsearchClusterConfig: 40 DedicatedMasterEnabled: true 41 InstanceCount: '2' 42 ZoneAwarenessEnabled: true 43 InstanceType: 'm3.medium.elasticsearch' 44 DedicatedMasterType: 'm3.medium.elasticsearch' 45 DedicatedMasterCount: '3' 46 EBSOptions: 47 EBSEnabled: true 48 Iops: '0' 49 VolumeSize: '20' 50 VolumeType: 'gp2' 51 `, 52 } 53 54 var cloudFormationEnableInTransitEncryptionLinks = []string{} 55 56 var cloudFormationEnableInTransitEncryptionRemediationMarkdown = ``