rspec/rules/S6333/terraform/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

A public API that doesn't have access control implemented:

[source,terraform]
----
resource "aws_api_gateway_method" "noncompliantapi" {
  authorization = "NONE" # Sensitive
  http_method   = "GET"
}
----

== Compliant Solution

An API that implements AWS IAM permissions:

[source,terraform]
----
resource "aws_api_gateway_method" "compliantapi" {
  authorization = "AWS_IAM"
  http_method   = "GET"
}
----

include::../see.adoc[]
Create rule S6333: Creating public APIs is security sensitive (#216) * Create rule S6333 * init s6333 Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com> 2021-09-14 12:47:22 +00:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Sensitive Code Example`
Create rule S6333: Creating public APIs is security sensitive (#216) * Create rule S6333 * init s6333 Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com> 2021-09-14 12:47:22 +00:00
			`A public API that doesn't have access control implemented:`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,terraform]`
Create rule S6333: Creating public APIs is security sensitive (#216) * Create rule S6333 * init s6333 Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com> 2021-09-14 12:47:22 +00:00			`----`
			`resource "aws_api_gateway_method" "noncompliantapi" {`
			`authorization = "NONE" # Sensitive`
			`http_method = "GET"`
			`}`
			`----`

			`== Compliant Solution`

			`An API that implements AWS IAM permissions:`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,terraform]`
Create rule S6333: Creating public APIs is security sensitive (#216) * Create rule S6333 * init s6333 Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com> 2021-09-14 12:47:22 +00:00			`----`
			`resource "aws_api_gateway_method" "compliantapi" {`
			`authorization = "AWS_IAM"`
			`http_method = "GET"`
			`}`
			`----`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`include::../see.adoc[]`