github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/rds/no_classic_resources.go (about) 1 package rds 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckNoClassicResources = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AWS-0081", 14 Provider: providers.AWSProvider, 15 Service: "rds", 16 ShortCode: "no-classic-resources", 17 Summary: "AWS Classic resource usage.", 18 Impact: "Classic resources are running in a shared environment with other customers", 19 Resolution: "Switch to VPC resources", 20 Explanation: `AWS Classic resources run in a shared environment with infrastructure owned by other AWS customers. You should run 21 resources in a VPC instead.`, 22 Links: []string{ 23 "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-classic-platform.html", 24 }, 25 Terraform: &scan.EngineMetadata{ 26 GoodExamples: terraformNoClassicResourcesGoodExamples, 27 BadExamples: terraformNoClassicResourcesBadExamples, 28 Links: terraformNoClassicResourcesLinks, 29 RemediationMarkdown: terraformNoClassicResourcesRemediationMarkdown, 30 }, 31 CloudFormation: &scan.EngineMetadata{ 32 GoodExamples: cloudFormationNoClassicResourcesGoodExamples, 33 BadExamples: cloudFormationNoClassicResourcesBadExamples, 34 Links: cloudFormationNoClassicResourcesLinks, 35 RemediationMarkdown: cloudFormationNoClassicResourcesRemediationMarkdown, 36 }, 37 Severity: severity.Critical, 38 }, 39 func(s *state.State) (results scan.Results) { 40 for _, group := range s.AWS.RDS.Classic.DBSecurityGroups { 41 results.Add( 42 "Classic resources should not be used.", 43 &group, 44 ) 45 } 46 return 47 }, 48 )