github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/enable_bucket_logging.cf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/enable_bucket_logging.cf.go (about)

     1  package s3
     2  
     3  var cloudFormationEnableBucketLoggingGoodExamples = []string{
     4  	`---
     5  Resources:
     6    GoodExample:
     7      Properties:
     8        LoggingConfiguration:
     9          DestinationBucketName: logging-bucket
    10          LogFilePrefix: accesslogs/
    11      Type: AWS::S3::Bucket
    12  `,
    13  	`---
    14  Resources:
    15    MyS3Bucket:
    16      Type: AWS::S3::Bucket
    17      DeletionPolicy: Retain
    18      UpdateReplacePolicy: Retain
    19      Properties:
    20        BucketName: !Sub my-s3-bucket-${BucketSuffix}
    21        LoggingConfiguration:
    22          DestinationBucketName: !FindInMap [EnvironmentMapping, s3, logging]
    23          LogFilePrefix: !Sub s3-logs/AWSLogs/${AWS::AccountId}/my-s3-bucket-${BucketSuffix}
    24        AccessControl: Private
    25        PublicAccessBlockConfiguration:
    26          BlockPublicAcls: true
    27          BlockPublicPolicy: true
    28          IgnorePublicAcls: true
    29          RestrictPublicBuckets: true
    30  `,
    31  }
    32  
    33  var cloudFormationEnableBucketLoggingBadExamples = []string{
    34  	`---
    35  Resources:
    36    DisabledEncryptionBucket:
    37      Properties:
    38      Type: AWS::S3::Bucket
    39  `,
    40  }
    41  
    42  var cloudFormationEnableBucketLoggingLinks = []string{}
    43  
    44  var cloudFormationEnableBucketLoggingRemediationMarkdown = ``