ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6329/terraform/rule.adoc

38 lines
812 B
Plaintext
Raw Normal View History

Create rule S6329: Assigning public IP address to an AWS resource is security-sensitive (#202)
2021-09-13 14:01:24 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Noncompliant Code Example
DMS and EC2 instances have a public IP address assigned to them:
RULEAPI-661: Add syntax coloring
2022-02-04 17:28:24 +01:00
[source,terraform]
Create rule S6329: Assigning public IP address to an AWS resource is security-sensitive (#202)
2021-09-13 14:01:24 +02:00
----
resource "aws_instance" "noncompliantec2" {
associate_public_ip_address = true # Sensitive, by default it's also set to true
}
resource "aws_dms_replication_instance" "noncompliantdms" {
publicly_accessible = true # Sensitive, by default it's also set to true
}
----
== Compliant Solution
DMS and EC2 instances doesn't have a public IP address:
RULEAPI-661: Add syntax coloring
2022-02-04 17:28:24 +01:00
[source,terraform]
Create rule S6329: Assigning public IP address to an AWS resource is security-sensitive (#202)
2021-09-13 14:01:24 +02:00
----
resource "aws_instance" "compliantec2" {
associate_public_ip_address = false
}
resource "aws_dms_replication_instance" "compliantdms" {
publicly_accessible = false
}
----
RULEAPI-661: Add syntax coloring
2022-02-04 17:28:24 +01:00
include::../see.adoc[]
Reference in New Issue Copy Permalink