79702fd1a7
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
91 lines
1.9 KiB
Plaintext
91 lines
1.9 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html[AWS Cloudwatch Logs]:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "aws_cloudwatch_log_group" "example" {
|
|
name = "example"
|
|
retention_in_days = 3 # Sensitive
|
|
}
|
|
----
|
|
|
|
For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_firewall_policy" "example" {
|
|
insights {
|
|
enabled = true
|
|
retention_in_days = 7 # Sensitive
|
|
}
|
|
}
|
|
----
|
|
|
|
For https://cloud.google.com/logging/docs/routing/overview#buckets[Google Cloud Logging buckets]:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "google_logging_project_bucket_config" "example" {
|
|
project = var.project
|
|
location = "global"
|
|
retention_days = 7 # Sensitive
|
|
bucket_id = "_Default"
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html[AWS Cloudwatch Logs]:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "aws_cloudwatch_log_group" "example" {
|
|
name = "example"
|
|
retention_in_days = 30
|
|
}
|
|
----
|
|
|
|
For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_firewall_policy" "example" {
|
|
insights {
|
|
enabled = true
|
|
retention_in_days = 30
|
|
}
|
|
}
|
|
----
|
|
|
|
For https://cloud.google.com/logging/docs/routing/overview#buckets[Google Cloud Logging buckets]:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "google_logging_project_bucket_config" "example" {
|
|
project = var.project
|
|
location = "global"
|
|
retention_days = 30
|
|
bucket_id = "_Default"
|
|
}
|
|
----
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|
|
|