test change to s3 file

[jluevan13]

No description provided.

[prisma-cloud-devsecops]

Prisma Cloud has found errors in this PR ⬇️

[prisma-cloud-devsecops]

  Weibeler - Public S3 Buckets
    Resource: aws_s3_bucket.data | Bridgecrew ID: 1043237819080398848_AWS_1668813444422

[prisma-cloud-devsecops]

  Weib Test S3
    Resource: aws_s3_bucket.data | Bridgecrew ID: 1043237819080398848_AWS_1673630255979

Description

Remove public access

[prisma-cloud-devsecops]

  AWS S3 Object Versioning is disabled
    Resource: aws_s3_bucket.data | Bridgecrew ID: BC_AWS_S3_16 | Checkov ID: CKV_AWS_21

How to Fix

resource "aws_s3_bucket" "state_bucket" {
  bucket        = "${data.aws_caller_identity.current.account_id}-terraform-state"
  acl           = var.acl
  force_destroy = var.force_destroy

+  versioning {
+    enabled    = true
+  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = var.sse_algorithm
      }
    }
  }

  tags = var.common_tags
}

Description

S3 versioning is a managed data backup and recovery service provided by AWS. When enabled it allows users to retrieve and restore previous versions of their buckets.

S3 versioning can be used for data protection and retention scenarios such as recovering objects that have been accidentally/intentionally deleted or overwritten.

Benchmarks

• PCI-DSS V3.2.1 10.5.3
• FEDRAMP (MODERATE) CP-10, SI-12

[prisma-cloud-devsecops]

  AWS Access logging not enabled on S3 buckets
    Resource: aws_s3_bucket.data | Bridgecrew ID: BC_AWS_S3_13 | Checkov ID: CKV_AWS_18

How to Fix

resource "aws_s3_bucket" "bucket" {
  acl    = var.s3_bucket_acl
  bucket = var.s3_bucket_name
  policy = var.s3_bucket_policy

  force_destroy = var.s3_bucket_force_destroy
  versioning {
    enabled    = var.versioning
    mfa_delete = var.mfa_delete
  }

+  dynamic "logging" {
+    for_each = var.logging
+    content {
+      target_bucket = logging.value["target_bucket"]
+      target_prefix = "log/${var.s3_bucket_name}"
+    }
+  }
}

Description

Access logging provides detailed audit logging for all objects and folders in an S3 bucket.

Benchmarks

• HIPAA 164.312(B) Audit controls