Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

[BUG] The policy FG_R00274 doesn't work with the new syntax (provider aws 4.x) #374

Open
rsareth opened this issue Nov 14, 2022 · 0 comments · May be fixed by #421
Open

[BUG] The policy FG_R00274 doesn't work with the new syntax (provider aws 4.x) #374

rsareth opened this issue Nov 14, 2022 · 0 comments · May be fixed by #421

Comments

@rsareth
Copy link

rsareth commented Nov 14, 2022
edited
Loading

Describe the bug
After upgrading the provider aws from the series 3.x to series 4.x, we observe that the policy FG_R00274 doesn't work anymore. In the code, we can clearly see that the resource aws_s3_bucket_logging is handled. We had to disable the policy and write our own code handling only the new tf resource.

How you're running Regula

  • I'm using Regula >= v2.9.3

Operating System
Mac OS and Linux

Steps to reproduce

  • Step 1 - Create the TF file with this content:
# OK
resource "aws_s3_bucket" "bucket_old_syntax" {
  bucket = "bucket_old_syntax"
  logging {
    target_bucket = aws_s3_bucket.logbucket.id
    target_prefix = "log/"
  }
}

resource "aws_s3_bucket" "logbucket" {
  bucket        = "my-log-bucket"
  acl           = "log-delivery-write"

  logging {
    target_bucket = "my-log-bucket"
    target_prefix = "log/"
  }
}

# KO
resource "aws_s3_bucket" "bucket_new_syntax" {
  bucket = "bucket_new_syntax"
}

resource "aws_s3_bucket_logging" "bucket_new_syntax" {
  bucket = aws_s3_bucket.bucket_new_syntax.id

  target_bucket = aws_s3_bucket.logbucket.id
  target_prefix = "log/"
}
  • Step 2 - Running regula
$ regula run .
[...]
FG_R00274: S3 bucket access logging should be enabled [Medium]
           https://docs.fugue.co/FG_R00274.html

  [1]: aws_s3_bucket.bucket_new_syntax
       in s3.tf:21:1
[...]

We shouldn't see this alert.

Thank you in advance to look at that.

Rasmey
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow s3 logging from aws_s3_bucket_logging pguinard-public-com/regula
1 participant
@rsareth