ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5332/terraform/rule.adoc
github-actions[bot] 65ca2afdbb
Create rule S5332[terraform] (#464) 
* Add terraform to rule S5332

* add base vuln rspec

* add details about msk in desc

* add highlighting rules

* mistaken : encryption clauses missing = defaults are secure

* Update rules/S5332/terraform/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* Update rules/S5332/terraform/rule.adoc

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* removed template rule leftovers

* added mention about msk secure defaults

* fixed generalization mistake

* improved conciseness

* improved internal highlighting docs

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Karim El Ouerghemmi <64004037+karim-ouerghemmi-sonarsource@users.noreply.github.com>
2021-11-08 10:49:47 +00:00

47 lines
1.1 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
For https://aws.amazon.com/msk/[Amazon MSK] communications between clients and brokers:
----
resource "aws_msk_cluster" "sensitive_data_cluster" {
encryption_info {
encryption_in_transit {
client_broker = "TLS_PLAINTEXT" # Sensitive
in_cluster = false # Sensitive
}
}
}
----
== Compliant Solution
For https://aws.amazon.com/msk/[Amazon MSK] communications between clients and brokers, data in transit is encrypted by default, allowing you to omit writing the `encryption_in_transit` configuration. However, if you need to configure it explicitly, this configuration is compliant:
----
resource "aws_msk_cluster" "sensitive_data_cluster" {
encryption_info {
encryption_in_transit {
client_broker = "TLS"
in_cluster = true
}
}
}
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink