github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/lambda/enable_tracing.tf.go (about)

     1  package lambda
     2  
     3  var terraformEnableTracingGoodExamples = []string{
     4  	`
     5   resource "aws_iam_role" "iam_for_lambda" {
     6     name = "iam_for_lambda"
     7   
     8     assume_role_policy = <<EOF
     9   {
    10     "Version": "2012-10-17",
    11     "Statement": [
    12       {
    13         "Action": "sts:AssumeRole",
    14         "Principal": {
    15           "Service": "lambda.amazonaws.com"
    16         },
    17         "Effect": "Allow",
    18         "Sid": ""
    19       }
    20     ]
    21   }
    22   EOF
    23   }
    24   
    25   resource "aws_lambda_function" "good_example" {
    26     filename      = "lambda_function_payload.zip"
    27     function_name = "lambda_function_name"
    28     role          = aws_iam_role.iam_for_lambda.arn
    29     handler       = "exports.test"
    30   
    31     # The filebase64sha256() function is available in Terraform 0.11.12 and later
    32     # For Terraform 0.11.11 and earlier, use the base64sha256() function and the file() function:
    33     # source_code_hash = "${base64sha256(file("lambda_function_payload.zip"))}"
    34     source_code_hash = filebase64sha256("lambda_function_payload.zip")
    35   
    36     runtime = "nodejs12.x"
    37   
    38     environment {
    39       variables = {
    40         foo = "bar"
    41       }
    42     }
    43     tracing_config {
    44       mode = "Active"
    45     }
    46   }
    47   `,
    48  }
    49  
    50  var terraformEnableTracingBadExamples = []string{
    51  	`
    52   resource "aws_iam_role" "iam_for_lambda" {
    53     name = "iam_for_lambda"
    54   
    55     assume_role_policy = <<EOF
    56   {
    57     "Version": "2012-10-17",
    58     "Statement": [
    59       {
    60         "Action": "sts:AssumeRole",
    61         "Principal": {
    62           "Service": "lambda.amazonaws.com"
    63         },
    64         "Effect": "Allow",
    65         "Sid": ""
    66       }
    67     ]
    68   }
    69   EOF
    70   }
    71   
    72   resource "aws_lambda_function" "bad_example" {
    73     filename      = "lambda_function_payload.zip"
    74     function_name = "lambda_function_name"
    75     role          = aws_iam_role.iam_for_lambda.arn
    76     handler       = "exports.test"
    77   
    78     # The filebase64sha256() function is available in Terraform 0.11.12 and later
    79     # For Terraform 0.11.11 and earlier, use the base64sha256() function and the file() function:
    80     # source_code_hash = "${base64sha256(file("lambda_function_payload.zip"))}"
    81     source_code_hash = filebase64sha256("lambda_function_payload.zip")
    82   
    83     runtime = "nodejs12.x"
    84   
    85     environment {
    86       variables = {
    87         foo = "bar"
    88       }
    89     }
    90     tracing_config {
    91       mode = "Passthrough"
    92     }
    93   }
    94   `,
    95  }
    96  
    97  var terraformEnableTracingLinks = []string{
    98  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#mode`,
    99  }
   100  
   101  var terraformEnableTracingRemediationMarkdown = ``