Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AWS provider version 4.0.0 #1152

Closed
HorizonNet opened this issue Feb 11, 2022 · 2 comments · Fixed by #1153
Closed

Support AWS provider version 4.0.0 #1152

HorizonNet opened this issue Feb 11, 2022 · 2 comments · Fixed by #1153
Assignees
@harkirat22
Labels
policy Issue concerning policy maintainers.

Comments

@HorizonNet
Copy link
Contributor

  • terrascan version: 1.12.0
  • Operating System: Ubuntu 20.04

Description

The latest AWS provider version 4.0.0 introduces multiple breaking changes, especially regarding the aws_s3_bucket resource (see the migration guide).

What I Did

The following snippet will mark these violations due to a change in the resource structure:

  • Ensure that S3 Buckets have server side encryption at rest enabled with KMS key to protect sensitive data.
  • Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
resource "aws_s3_bucket" "example" {
  bucket = "example"
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.example.id
  acl    = "private"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  bucket = aws_s3_bucket.example.id

  rule {
    apply_server_side_encryption_by_default {
      kms_master_key_id = aws_kms_key.example.arn
      sse_algorithm     = "aws:kms"
    }
  }
}

resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.example.id

  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_kms_key" "example" {
  description         = "example"
  enable_key_rotation = true
  multi_region        = false
}
@zanilgupta
Copy link

zanilgupta commented Feb 14, 2022
edited
Loading

Do we have any solution for this change ?

@cesar-rodriguez cesar-rodriguez added the policy Issue concerning policy maintainers. label Feb 15, 2022
@cesar-rodriguez
Copy link
Contributor

@zanilgupta not yet. We need to update the policies to account for this change.

@gaurav-gogia gaurav-gogia mentioned this issue Feb 16, 2022
Merged
@gaurav-gogia gaurav-gogia linked a pull request Feb 16, 2022 that will close this issue
Feature/s3 policy update #1153
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@harkirat22 harkirat22

Labels
policy Issue concerning policy maintainers.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature/s3 policy update gaurav-gogia/terrascan
4 participants
@HorizonNet @cesar-rodriguez @harkirat22 @zanilgupta