rspec/rules/S6245/terraform/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

Server-side encryption is not used:

[source,terraform]
----
resource "aws_s3_bucket" "example" { # Sensitive
  bucket = "example"
}
----

== Compliant Solution

Server-side encryption with Amazon S3-managed keys is used for AWS provider version 3 or below:

[source,terraform]
----
resource "aws_s3_bucket" "example" {
  bucket = "example"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }
}
----

Server-side encryption with Amazon S3-managed keys is used for AWS provider version 4 or above:

[source,terraform]
----
resource "aws_s3_bucket" "example" {
  bucket = "example"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  bucket = aws_s3_bucket.example.bucket

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`Server-side encryption is not used:`

Modify rule S6245: Add new Terraform code sample (#1380) 2022-11-07 11:43:43 +01:00			`[source,terraform]`
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`----`
Modify rule S6245: Add new Terraform code sample (#1380) 2022-11-07 11:43:43 +01:00			`resource "aws_s3_bucket" "example" { # Sensitive`
			`bucket = "example"`
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`}`
			`----`

			`== Compliant Solution`

Modify rule S6245: Add new Terraform code sample (#1380) 2022-11-07 11:43:43 +01:00			`Server-side encryption with Amazon S3-managed keys is used for AWS provider version 3 or below:`
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,terraform]`
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`----`
Modify rule S6245: Add new Terraform code sample (#1380) 2022-11-07 11:43:43 +01:00			`resource "aws_s3_bucket" "example" {`
			`bucket = "example"`
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00
			`server_side_encryption_configuration {`
			`rule {`
			`apply_server_side_encryption_by_default {`
Modify rule S6245: Add new Terraform code sample (#1380) 2022-11-07 11:43:43 +01:00			`sse_algorithm = "AES256"`
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`}`
			`}`
			`}`
			`}`
			`----`

Modify rule S6245: Add new Terraform code sample (#1380) 2022-11-07 11:43:43 +01:00			`Server-side encryption with Amazon S3-managed keys is used for AWS provider version 4 or above:`

			`[source,terraform]`
			`----`
			`resource "aws_s3_bucket" "example" {`
			`bucket = "example"`
			`}`

			`resource "aws_s3_bucket_server_side_encryption_configuration" "example" {`
			`bucket = aws_s3_bucket.example.bucket`

			`rule {`
			`apply_server_side_encryption_by_default {`
			`sse_algorithm = "AES256"`
			`}`
			`}`
			`}`
			`----`

Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`include::../see.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`endif::env-github,rspecator-view[]`