-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Support creation of vpc flow logs #86
Comments
Some other changes that could be updated to make the Lacework modules more compliant with the various standards:
(Will be updating this list as and when I find some, and will create separate issues later) |
My understanding of this module is that it should give the consumers the possibility to "easily" create everything needed to make use of lacework agentless scanning. I see the use case, but hear me out. |
@theopolis Would you mind assigning someone to this issue and/or providing an update? As it stands, this results in the It's easy enough to add our own |
cc @afiune |
Unfortunately I do not have access to the Lacework platform any longer, so will be suppressing notifications for this issue. I trust the other participants on this thread can carry this forward as I can no longer add value. But I do agree that if Lacework provides a module, that module should not negatively impact the Lacework security ratings. Thanks |
Feature Request
Describe the Feature Request
We should ensure the modules provided are compliant, and will not result in new vulnerabilities being detected in the Lacework platform. As it stands, this module does not create VPC Flow Logs, so by deploying this module, the security scores are being decreased.
This fails the "CIS Amazon Web Services Foundations Benchmark v1.4.0" CIS 3.9 policy since it does not create any flow logs.
Describe Preferred Solution
Enable the option to create VPC Flow Logs to an S3 bucket or CloudWatch log group.
This should be disabled by default, until the next "breaking" release.
The text was updated successfully, but these errors were encountered: