github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/msk/enable_logging.tf.go (about) 1 package msk 2 3 var terraformEnableLoggingGoodExamples = []string{ 4 ` 5 resource "aws_msk_cluster" "example" { 6 cluster_name = "example" 7 kafka_version = "2.4.1" 8 number_of_broker_nodes = 3 9 10 broker_node_group_info { 11 instance_type = "kafka.m5.large" 12 ebs_volume_size = 1000 13 client_subnets = [ 14 aws_subnet.subnet_az1.id, 15 aws_subnet.subnet_az2.id, 16 aws_subnet.subnet_az3.id, 17 ] 18 security_groups = [aws_security_group.sg.id] 19 } 20 21 logging_info { 22 broker_logs { 23 firehose { 24 enabled = false 25 delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name 26 } 27 s3 { 28 enabled = true 29 bucket = aws_s3_bucket.bucket.id 30 prefix = "logs/msk-" 31 } 32 } 33 } 34 35 tags = { 36 foo = "bar" 37 } 38 } 39 `, ` 40 resource "aws_msk_cluster" "example" { 41 cluster_name = "example" 42 kafka_version = "2.4.1" 43 number_of_broker_nodes = 3 44 45 broker_node_group_info { 46 instance_type = "kafka.m5.large" 47 ebs_volume_size = 1000 48 client_subnets = [ 49 aws_subnet.subnet_az1.id, 50 aws_subnet.subnet_az2.id, 51 aws_subnet.subnet_az3.id, 52 ] 53 security_groups = [aws_security_group.sg.id] 54 } 55 56 logging_info { 57 broker_logs { 58 cloudwatch_logs { 59 enabled = false 60 log_group = aws_cloudwatch_log_group.test.name 61 } 62 firehose { 63 enabled = true 64 delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name 65 } 66 } 67 } 68 69 tags = { 70 foo = "bar" 71 } 72 } 73 `, ` 74 resource "aws_msk_cluster" "example" { 75 cluster_name = "example" 76 kafka_version = "2.4.1" 77 number_of_broker_nodes = 3 78 79 broker_node_group_info { 80 instance_type = "kafka.m5.large" 81 ebs_volume_size = 1000 82 client_subnets = [ 83 aws_subnet.subnet_az1.id, 84 aws_subnet.subnet_az2.id, 85 aws_subnet.subnet_az3.id, 86 ] 87 security_groups = [aws_security_group.sg.id] 88 } 89 90 logging_info { 91 broker_logs { 92 cloudwatch_logs { 93 enabled = true 94 log_group = aws_cloudwatch_log_group.test.name 95 } 96 firehose { 97 enabled = false 98 delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name 99 } 100 s3 { 101 enabled = true 102 bucket = aws_s3_bucket.bucket.id 103 prefix = "logs/msk-" 104 } 105 } 106 } 107 108 tags = { 109 foo = "bar" 110 } 111 } 112 `, 113 } 114 115 var terraformEnableLoggingBadExamples = []string{ 116 ` 117 resource "aws_msk_cluster" "example" { 118 cluster_name = "example" 119 kafka_version = "2.4.1" 120 number_of_broker_nodes = 3 121 122 broker_node_group_info { 123 instance_type = "kafka.m5.large" 124 ebs_volume_size = 1000 125 client_subnets = [ 126 aws_subnet.subnet_az1.id, 127 aws_subnet.subnet_az2.id, 128 aws_subnet.subnet_az3.id, 129 ] 130 security_groups = [aws_security_group.sg.id] 131 } 132 tags = { 133 foo = "bar" 134 } 135 } 136 `, 137 } 138 139 var terraformEnableLoggingLinks = []string{ 140 `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#`, 141 } 142 143 var terraformEnableLoggingRemediationMarkdown = ``