github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/rds/disable_public_access.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/rds/disable_public_access.rego (about)

     1  # METADATA
     2  # title: "RDS Publicly Accessible"
     3  # description: "Ensures RDS instances are not launched into the public cloud."
     4  # scope: package
     5  # schemas:
     6  # - input: schema["cloud"]
     7  # related_resources:
     8  # - http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html
     9  # custom:
    10  #   avd_id: AVD-AWS-0180
    11  #   provider: aws
    12  #   service: rds
    13  #   severity: HIGH
    14  #   short_code: enable-public-access
    15  #   recommended_action: "Remove the public endpoint from the RDS instance'"
    16  #   input:
    17  #     selector:
    18  #     - type: cloud
    19  #       subtypes:
    20  #         - service: rds
    21  #           provider: aws
    22  #   terraform:
    23  #       good_examples: "rules/cloud/policies/aws/rds/no_public_db_access.tf.go"
    24  #   cloud_formation:
    25  #       good_examples: "rules/cloud/policies/aws/rds/no_public_db_access.cf.go"
    26  
    27  package builtin.aws.rds.aws0180
    28  
    29  deny[res] {
    30  	instance := input.aws.rds.instances[_]
    31  	instance.publicaccess.value
    32  	res := result.new("Instance has Public Access enabled", instance.publicaccess)
    33  }