130 lines
2.1 KiB
Plaintext
130 lines
2.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For AWS:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "aws_instance" "example" {
|
|
associate_public_ip_address = true # Sensitive
|
|
}
|
|
----
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "aws_dms_replication_instance" "example" {
|
|
publicly_accessible = true # Sensitive
|
|
}
|
|
----
|
|
|
|
For Azure:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_postgresql_server" "example" {
|
|
public_network_access_enabled = true # Sensitive
|
|
}
|
|
----
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_postgresql_server" "example" {
|
|
public_network_access_enabled = true # Sensitive
|
|
}
|
|
----
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_kubernetes_cluster" "production" {
|
|
api_server_authorized_ip_ranges = ["176.0.0.0/4"] # Sensitive
|
|
default_node_pool {
|
|
enable_node_public_ip = true # Sensitive
|
|
}
|
|
}
|
|
----
|
|
|
|
For GCP:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "google_compute_instance" "example" {
|
|
network_interface {
|
|
network = "default"
|
|
|
|
access_config { # Sensitive
|
|
# Ephemeral public IP
|
|
}
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For AWS:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "aws_instance" "example" {
|
|
associate_public_ip_address = false
|
|
}
|
|
----
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "aws_dms_replication_instance" "example" {
|
|
publicly_accessible = false
|
|
}
|
|
----
|
|
|
|
For Azure:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_postgresql_server" "example" {
|
|
public_network_access_enabled = false
|
|
}
|
|
----
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_kubernetes_cluster" "production" {
|
|
api_server_authorized_ip_ranges = ["192.168.0.0/16"]
|
|
default_node_pool {
|
|
enable_node_public_ip = false
|
|
}
|
|
}
|
|
----
|
|
|
|
For GCP:
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "google_compute_instance" "example" {
|
|
network_interface {
|
|
network = "default"
|
|
}
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::message.adoc[]
|
|
|
|
=== Highlighting
|
|
|
|
* If {parameter} is missing, highlight the resource.
|
|
* If the assignment is non-compliant, highlight the entire assignment
|
|
|
|
endif::env-github,rspecator-view[]
|