github.com/turbot/steampipe@v1.7.0-rc.0.0.20240517123944-7cef272d4458/pkg/control/testdata/aws_dummy/cis_v130/section2.sp

github.com/turbot/steampipe@v1.7.0-rc.0.0.20240517123944-7cef272d4458/pkg/control/testdata/aws_dummy/cis_v130/section2.sp (about)

     1  locals {
     2    cis_v130_2_common_tags = merge(local.cis_v130_common_tags, {
     3      cis_section_id = "2"
     4    })
     5  }
     6  
     7  locals {
     8    cis_v130_2_1_common_tags = merge(local.cis_v130_2_common_tags, {
     9      cis_section_id = "2.1"
    10    })
    11    cis_v130_2_2_common_tags = merge(local.cis_v130_2_common_tags, {
    12      cis_section_id = "2.2"
    13    })
    14  }
    15  
    16  benchmark "cis_v130_2" {
    17    title         = "2 Storage"
    18    documentation = file("./cis_v130/docs/cis_v130_2.md")
    19    children = [
    20      benchmark.cis_v130_2_1,
    21      benchmark.cis_v130_2_2
    22    ]
    23  
    24    tags          = local.cis_v130_2_common_tags
    25  }
    26  
    27  benchmark "cis_v130_2_1" {
    28    title         = "2.1 Simple Storage Service (S3)"
    29    documentation = file("./cis_v130/docs/cis_v130_2_1.md")
    30    children = [
    31      control.cis_v130_2_1_1,
    32      control.cis_v130_2_1_2
    33    ]
    34    tags          = local.cis_v130_2_1_common_tags
    35  }
    36  
    37  benchmark "cis_v130_2_2" {
    38    title         = "2.2 Elastic Compute Cloud (EC2)"
    39    documentation = file("./cis_v130/docs/cis_v130_2_2.md")
    40    children = [
    41      control.cis_v130_2_2_1
    42    ]
    43    tags          = local.cis_v130_2_2_common_tags
    44  }
    45  
    46  control "cis_v130_2_1_1" {
    47    title         = "2.1.1 Ensure all S3 buckets employ encryption-at-rest"
    48    description   = "Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest."
    49    documentation = file("./cis_v130/docs/cis_v130_2_1_1.md")
    50    sql           = query.ok.sql
    51  
    52    tags = merge(local.cis_v130_2_1_common_tags, {
    53      cis_item_id  = "2.1.1"
    54      cis_type     = "manual"
    55      cis_levels   = "1,2"
    56      cis_controls = "14.8"
    57    })
    58  }
    59  
    60  control "cis_v130_2_1_2" {
    61    title         = "2.1.2 Ensure S3 Bucket Policy allows HTTPS requests"
    62    description   = "At the Amazon S3 bucket level, you can configure permissions through a bucket policy making the objects accessible only through HTTPS."
    63    documentation = file("./cis_v130/docs/cis_v130_2_1_2.md")
    64    sql           = query.info.sql
    65  
    66    tags = merge(local.cis_v130_2_1_common_tags, {
    67      cis_item_id  = "2.1.2"
    68      cis_type     = "manual"
    69      cis_levels   = "1,2"
    70      cis_controls = "14.8"
    71    })
    72  }
    73  
    74  control "cis_v130_2_2_1" {
    75    title       = "2.2.1 Ensure EBS volume encryption is enabled"
    76    description = "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported."
    77    #documentation = file("./cis_v130/docs/cis_v130_2_2_1.md")
    78    sql = query.ok.sql
    79  
    80    tags = merge(local.cis_v130_2_2_common_tags, {
    81      cis_item_id  = "2.2.1"
    82      cis_type     = "manual"
    83      cis_levels   = "1,2"
    84      cis_controls = "14.8"
    85    })
    86  }