rspec/rules/S6333/terraform/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

A public API that doesn't have access control implemented:

[source,terraform]
----
resource "aws_api_gateway_method" "noncompliantapi" {
  authorization = "NONE" # Sensitive
  http_method   = "GET"
}
----

== Compliant Solution

An API that implements AWS IAM permissions:

[source,terraform]
----
resource "aws_api_gateway_method" "compliantapi" {
  authorization = "AWS_IAM"
  http_method   = "GET"
}
----

include::../see.adoc[]