rspec/rules/S6265/cloudformation/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

All users (ie: anyone in the world authenticated or not) have read and write permissions with the ``++PublicReadWrite++`` access control:

[source,yaml]
----
AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket' # Sensitive
    Properties: 
      BucketName: "mynoncompliantbucket"
      AccessControl: "PublicReadWrite"
----

== Compliant Solution

With the ``++private++`` access control (default), only the bucket owner has the read/write permissions on the buckets and its ACL.

[source,yaml]
----
AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket' # Compliant
    Properties:
      BucketName: "mycompliantbucket"
      AccessControl: "Private"
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]
Add new IAAS-related rules 2021-05-21 18:34:30 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			All users (ie: anyone in the world authenticated or not) have read and write permissions with the ``++PublicReadWrite++`` access control:

Add bicep and json for language support in code example (#1830) 2023-05-05 11:12:16 +02:00			`[source,yaml]`
Add new IAAS-related rules 2021-05-21 18:34:30 +02:00			`----`
			`AWSTemplateFormatVersion: 2010-09-09`
			`Resources:`
			`S3Bucket:`
			`Type: 'AWS::S3::Bucket' # Sensitive`
			`Properties:`
			`BucketName: "mynoncompliantbucket"`
			`AccessControl: "PublicReadWrite"`
			`----`

			`== Compliant Solution`

			With the ``++private++`` access control (default), only the bucket owner has the read/write permissions on the buckets and its ACL.

Add bicep and json for language support in code example (#1830) 2023-05-05 11:12:16 +02:00			`[source,yaml]`
Add new IAAS-related rules 2021-05-21 18:34:30 +02:00			`----`
			`AWSTemplateFormatVersion: 2010-09-09`
			`Resources:`
			`S3Bucket:`
			`Type: 'AWS::S3::Bucket' # Compliant`
			`Properties:`
			`BucketName: "mycompliantbucket"`
			`AccessControl: "Private"`
			`----`

			`include::../see.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`endif::env-github,rspecator-view[]`