forked from tenable/terrascan
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* fix cloudwatch log export policy * add backup retention policy
- Loading branch information
1 parent
730c83f
commit e289cc6
Showing
5 changed files
with
38 additions
and
20 deletions.
There are no files selected for viewing
17 changes: 17 additions & 0 deletions
17
pkg/policies/opa/rego/aws/aws_db_instance/AC_AWS_0052.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| { | ||
| "name": "rdsBackupDisabled", | ||
| "file": "rdsBackupDisabled.rego", | ||
| "policy_type": "aws", | ||
| "resource_type": "aws_db_instance", | ||
| "template_args": { | ||
| "prefix": "", | ||
| "name": "rdsBackupDisabled", | ||
| "suffix": "" | ||
| }, | ||
| "severity": "HIGH", | ||
| "description": "Ensure automated backups are enabled for AWS RDS instances", | ||
| "reference_id": "AC_AWS_0052", | ||
| "category": "Data Protection", | ||
| "id": "AC_AWS_0052", | ||
| "version": 2 | ||
| } |
10 changes: 6 additions & 4 deletions
10
pkg/policies/opa/rego/aws/aws_db_instance/AWS.ADI.LM.MEDIUM.0076.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 0 additions & 16 deletions
16
pkg/policies/opa/rego/aws/aws_db_instance/dbInstanceLoggingDisabled.rego
This file was deleted.
Oops, something went wrong.
9 changes: 9 additions & 0 deletions
9
pkg/policies/opa/rego/aws/aws_db_instance/rdsBackupDisabled.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| package accurics | ||
|
|
||
| {{.prefix}}{{.name}}{{.suffix}}[retVal] { | ||
| backup := input.aws_db_instance[_] | ||
| object.get(backup.config, "backup_retention_period", "undefined") == ["undefined", null, 0, []][_] | ||
|
|
||
| traverse = "backup_retention_period" | ||
| retVal := { "Id": backup.id, "ReplaceType": "add", "CodeType": "attribute", "Traverse": traverse, "Attribute": "backup_retention_period", "AttributeDataType": "int", "Expected": 30, "Actual": null } | ||
| } |
6 changes: 6 additions & 0 deletions
6
pkg/policies/opa/rego/aws/aws_db_instance/rdsLogExportDisabled.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| package accurics | ||
|
|
||
| {{.prefix}}{{.name}}{{.suffix}}[db_instance.id] { | ||
| db_instance := input.aws_db_instance[_] | ||
| object.get(db_instance.config, "enabled_cloudwatch_logs_exports", "undefined") == ["undefined", [], null][_] | ||
| } |