github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/no_user_attached_policies.tf.go (about) 1 package iam 2 3 var terraformNoUserAttachedPoliciesGoodExamples = []string{ 4 ` 5 resource "aws_iam_group" "developers" { 6 name = "developers" 7 path = "/users/" 8 } 9 10 resource "aws_iam_user" "jim" { 11 name = "jim" 12 } 13 14 resource "aws_iam_group_membership" "devteam" { 15 name = "developers-team" 16 17 users = [ 18 aws_iam_user.jim.name, 19 ] 20 21 group = aws_iam_group.developers.name 22 } 23 24 resource "aws_iam_group_policy" "ec2policy" { 25 name = "test" 26 group = aws_iam_group.developers.name 27 28 policy = <<EOF 29 { 30 "Version": "2012-10-17", 31 "Statement": [ 32 { 33 "Action": [ 34 "ec2:Describe*" 35 ], 36 "Effect": "Allow", 37 "Resource": "*" 38 } 39 ] 40 } 41 EOF 42 } 43 `, 44 } 45 46 var terraformNoUserAttachedPoliciesBadExamples = []string{ 47 ` 48 resource "aws_iam_user" "jim" { 49 name = "jim" 50 } 51 52 resource "aws_iam_user_policy" "ec2policy" { 53 name = "test" 54 user = aws_iam_user.jim.name 55 56 policy = <<EOF 57 { 58 "Version": "2012-10-17", 59 "Statement": [ 60 { 61 "Action": [ 62 "ec2:Describe*" 63 ], 64 "Effect": "Allow", 65 "Resource": "*" 66 } 67 ] 68 } 69 EOF 70 } 71 `, 72 } 73 74 var terraformNoUserAttachedPoliciesLinks = []string{ 75 `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user`, 76 } 77 78 var terraformNoUserAttachedPoliciesRemediationMarkdown = ``