github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/redshift/no_classic_resources.go (about) 1 package redshift 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckNoClassicResources = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AWS-0085", 14 Provider: providers.AWSProvider, 15 Service: "redshift", 16 ShortCode: "no-classic-resources", 17 Summary: "AWS Classic resource usage.", 18 Impact: "Classic resources are running in a shared environment with other customers", 19 Resolution: "Switch to VPC resources", 20 Explanation: `AWS Classic resources run in a shared environment with infrastructure owned by other AWS customers. You should run 21 resources in a VPC instead.`, 22 Links: []string{ 23 "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-classic-platform.html", 24 }, 25 CloudFormation: &scan.EngineMetadata{ 26 GoodExamples: cloudFormationNoClassicResourcesGoodExamples, 27 BadExamples: cloudFormationNoClassicResourcesBadExamples, 28 Links: cloudFormationNoClassicResourcesLinks, 29 RemediationMarkdown: cloudFormationNoClassicResourcesRemediationMarkdown, 30 }, 31 Severity: severity.Critical, 32 }, 33 func(s *state.State) (results scan.Results) { 34 for _, group := range s.AWS.Redshift.SecurityGroups { 35 results.Add( 36 "Classic resources should not be used.", 37 &group, 38 ) 39 } 40 return 41 }, 42 )