Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: 🐛 Fixed S3 bucket and Coludtaril Naming #34

Merged
merged 1 commit into from
May 16, 2024
Merged

Conversation

nileshgadgi
Copy link
Contributor

Merge this this PR before merging this

what

  • There was a conflict with 2 S3 Buckets, 2 S3 buckets was creating with the same name without any condition passed.
  • There was no format used in the cloudtrail naming convention.
  • Was getting continuous changes in the infrastructure due to multiple policy used in the s3 bucket.

why

  • Removed additional s3 bucket to fix the conflict.
  • Used single policy for the Cloudtrail s3 bucket.
  • Was not able to dynamically choose the cloudtrail name and pass it in the policy. so used module.labels.id in the policy where cloudtrail name was required and same in the cloudtrail name.

Will create new release of this module and will be used in the i-sec project

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:55-60
────────────────────────────────────────────────────────────────────────────────
   55    resource "aws_cloudwatch_log_group" "cloudtrail_events" {
   56      count             = var.enabled ? 1 : 0
   57      name              = var.cloudwatch_logs_group_name
   58      retention_in_days = var.cloudwatch_logs_retention_in_days
   59      tags              = module.labels.tags
   60    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             81.523µs
  parsing              192.54984ms
  adaptation           157.024µs
  checks               6.241792ms
  total                199.030179ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     52
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci clouddrove-ci merged commit a623a99 into master May 16, 2024
12 of 18 checks passed
@delete-merged-branch delete-merged-branch bot deleted the fix/trail branch May 16, 2024 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants