-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create bla.tf #12
base: master
Are you sure you want to change the base?
Create bla.tf #12
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
resource "aws_s3_bucket" "example" { | ||
Check warning on line 1 in bla.tf Orca Security (US) / Orca Security - Infrastructure as Code[INFO] IAM Access Analyzer Is Not Enabled
Check warning on line 1 in bla.tf Orca Security (US) / Orca Security - Infrastructure as Code[INFO] S3 Bucket Server Access Logging is Disabled
|
||
bucket = "my-tf-test-bucket" | ||
acl = "private" | ||
|
||
tags = { | ||
Name = "My Test Bucket" | ||
Environment = "Dev" | ||
} | ||
|
||
versioning { | ||
enabled = false | ||
Check warning on line 11 in bla.tf Orca Security (US) / Orca Security - Infrastructure as Code[LOW] AWS S3 Bucket Without "MFA Delete" Enabled
Check warning on line 11 in bla.tf Orca Security (US) / Orca Security - Infrastructure as Code[LOW] S3 Bucket Object Versioning not Enabled
|
||
mfa_delete = false | ||
Check warning on line 12 in bla.tf Orca Security (US) / Orca Security - Infrastructure as Code[LOW] AWS S3 Bucket Without "MFA Delete" Enabled
|
||
} | ||
} | ||
|
||
|
||
# Server Side Encryption | ||
resource "aws_s3_bucket_server_side_encryption_configuration" "sse_example" { | ||
bucket = aws_s3_bucket.example.bucket | ||
|
||
rule { | ||
apply_server_side_encryption_by_default { | ||
kms_master_key_id = aws_kms_key.testkey.arn | ||
sse_algorithm = "aws:kms" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_kms_key" "testkey" { | ||
Check warning on line 29 in bla.tf Orca Security (US) / Orca Security - Infrastructure as Code[INFO] Customer Master Key Rotation is Disabled
|
||
description = "This is a test key that is used to encrypt bucket objects" | ||
deletion_window_in_days = 10 | ||
|
||
tags = { | ||
Name = "my_kms_key" | ||
TestTag = "Value" | ||
} | ||
|
||
policy = <<EOF | ||
{ | ||
"Id": "key-123", | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "Enable IAM User Permissions", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"AWS": "arn:aws:iam::111111:user/test-user" | ||
}, | ||
"Resource": [ | ||
"arn:aws:kms:us-west-2:1111111:key/1234abcd-12ab-34cd-56ef-1234567890ab", | ||
"arn:aws:kms:us-east-2:1111111:key/0987dcba-09fe-87dc-65ba-ab0987654321" | ||
] | ||
"Action": "kms:*", | ||
} | ||
] | ||
} | ||
EOF | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security control: Iac Misconfig Detection Terraform
Type: Customer Master Keys (Cmk) Must Have Rotation Enabled, Which Means The Attribute 'Enable Key Rotation' Must Be Set To 'True' When The Key Is Enabled.
Description: Customer Master Keys (CMK) must have rotation enabled, which means the attribute 'enable_key_rotation' must be set to 'true' when the key is enabled.
Severity: HIGH
Learn more about this issue
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fp
Ignore and mark this specific single instance of finding as “False Positive”#jit_ignore_accept
Ignore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignore
Undo ignore command