github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/encryption_customer_key.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/encryption_customer_key.tf.go (about)

     1  package s3
     2  
     3  var terraformCheckEncryptionCustomerKeyGoodExamples = []string{
     4  	`
     5  resource "aws_kms_key" "good_example" {
     6    enable_key_rotation = true
     7  }
     8  
     9  resource "aws_s3_bucket" "good_example" {
    10     bucket = "mybucket"
    11   
    12     server_side_encryption_configuration {
    13       rule {
    14         apply_server_side_encryption_by_default {
    15           kms_master_key_id = aws_kms_key.example.arn
    16           sse_algorithm     = "aws:kms"
    17         }
    18       }
    19     }
    20   }
    21   `,
    22  	`
    23  resource "aws_s3_bucket" "good_example" {
    24     bucket = "mybucket" 
    25     acl    = "log-delivery-write"
    26   
    27     server_side_encryption_configuration {
    28       rule {
    29         apply_server_side_encryption_by_default {
    30           sse_algorithm     = "AES256"
    31         }
    32       }
    33     }
    34   }
    35   `,
    36  }
    37  
    38  var terraformCheckEncryptionCustomerKeyBadExamples = []string{
    39  	`
    40  resource "aws_s3_bucket" "bad_exampl" {
    41     bucket = "mybucket"
    42  
    43    server_side_encryption_configuration {
    44      rule {
    45        apply_server_side_encryption_by_default {
    46          sse_algorithm     = "AES256"
    47        }
    48      }
    49    }
    50  }
    51   `,
    52  }
    53  
    54  var terraformCheckEncryptionCustomerKeyLinks = []string{
    55  	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption`,
    56  }
    57  
    58  var terraformCheckEncryptionCustomerKeyRemediationMarkdown = ``