2021-05-21 18:34:30 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
2021-10-20 09:57:41 +02:00
For https://aws.amazon.com/s3/[Amazon S3 access requests]:
2021-05-21 18:34:30 +02:00
----
resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive
bucket = "mynoncompliantbucketname"
}
----
2021-11-10 10:12:33 +01:00
For both Amazon https://aws.amazon.com/elasticloadbalancing/classic-load-balancer/[Classic Load Balancing] and https://aws.amazon.com/elasticloadbalancing/application-load-balancer/[Application Load Balancing]:
----
resource "aws_lb" "load_balancer" {
access_logs {
enabled = false # Sensitive
bucket = "mycompliantbucket"
bucket_prefix = "log/lb-"
}
}
----
2021-05-21 18:34:30 +02:00
== Compliant Solution
2021-10-20 09:57:41 +02:00
For https://aws.amazon.com/s3/[Amazon S3 access requests]:
2021-05-21 18:34:30 +02:00
----
resource "aws_s3_bucket" "myloggingbucket" {
bucket = "myloggingbucketname"
acl = "log-delivery-write"
}
resource "aws_s3_bucket" "mycompliantbucket" { # Compliant
bucket = "mycompliantbucketname"
logging {
target_bucket = "myloggingbucketname"
target_prefix = "log/mycompliantbucket"
}
}
----
2021-11-10 10:12:33 +01:00
For both Amazon https://aws.amazon.com/elasticloadbalancing/classic-load-balancer/[Classic Load Balancing] and https://aws.amazon.com/elasticloadbalancing/application-load-balancer/[Application Load Balancing]:
----
resource "aws_lb" "load_balancer" {
access_logs {
enabled = true
bucket = "mycompliantbucket"
bucket_prefix = "log/lb-"
}
}
----
2021-05-21 18:34:30 +02:00
include::../see.adoc[]
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
