Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create kdfshfa.tf #13

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Update README.md

da208ff
Select commit
Loading
Failed to load commit list.
Open

Create kdfshfa.tf #13

Update README.md
da208ff
Select commit
Loading
Failed to load commit list.
Orca Security (US) / Orca Security - Infrastructure as Code succeeded Jan 8, 2024 in 45s

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 3   info 3 View in Orca

Annotations

Check warning on line 11 in kdfshfa.tf

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Infrastructure as Code

[LOW] AWS S3 Bucket Without "MFA Delete" Enabled

Details:
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure
that the S3 objects (files) cannot be accidentally or intentionally deleted by
the AWS users that have access to the buckets.

Recommendation:
'enabled' should be set to true

Check warning on line 12 in kdfshfa.tf

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Infrastructure as Code

[LOW] AWS S3 Bucket Without "MFA Delete" Enabled

Details:
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure
that the S3 objects (files) cannot be accidentally or intentionally deleted by
the AWS users that have access to the buckets.

Recommendation:
'mfa_delete' should be set to true

Check warning on line 11 in kdfshfa.tf

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Infrastructure as Code

[LOW] S3 Bucket Object Versioning not Enabled

Details:
Using versioning-enabled S3 buckets will allow you to preserve, retrieve, and
restore every version of an S3 object. S3 versioning can be used for data
protection and retention scenarios such as recovering objects that have been
accidentally/intentionally deleted or overwritten by AWS users or applications
and archiving previous versions of objects to AWS Glacier for long-term low-cost
storage.

Recommendation:
'versioning.enabled' should be true

Check warning on line 29 in kdfshfa.tf

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Infrastructure as Code

[INFO] Customer Master Key Rotation is Disabled

Details:
AWS Key Management Service (KMS) allows customers to rotate the backing key which
is key material stored within the KMS which is tied to the key ID of the Customer
Created customer master key (CMK). It is the backing key that is used to perform
cryptographic operations such as encryption and decryption. Automated key
rotation currently retains all prior backing keys so that decryption of encrypted
data can take place transparently.

Recommendation:
aws_kms_key[testkey].enable_key_rotation should be set to true

Check warning on line 1 in kdfshfa.tf

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Infrastructure as Code

[INFO] IAM Access Analyzer Is Not Enabled

Details:
Enable IAM Access analyzer for IAM policies about all resources. IAM Access
Analyzer is a technology introduced at AWS reinvent 2019. After the Analyzer is
enabled in IAM, scan results are displayed on the console showing the accessible
resources. Scans show resources that other accounts and federated users can
access, such as KMS keys and IAM roles. So the results allow you to determine if
an unintended user is allowed, making it easier for administrators to monitor
least privileges access.

Recommendation:
'aws_accessanalyzer_analyzer' should be set

Check warning on line 1 in kdfshfa.tf

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Infrastructure as Code

[INFO] S3 Bucket Server Access Logging is Disabled

Details:
Ensure that AWS S3 Server Access Logging feature is enabled in order to record
access requests useful for security audits. By default, server access logging is
not enabled for S3 buckets.

Recommendation:
'logging' should be defined and not null