Create bbb.tf #15
Create bbb.tf #15
Orca Security Scan Summary
| Status | Check | Issues by priority | |
|---|---|---|---|
 Passed |
Infrastructure as Code |  0  0  3  3 |
View in Orca |
🛡️ The following IaC misconfigurations have been detected
| NAME | FILE | ||
|---|---|---|---|
|
AWS S3 Bucket Without "MFA Delete" Enabled | bbb.tf | View in code |
|
AWS S3 Bucket Without "MFA Delete" Enabled | bbb.tf | View in code |
|
S3 Bucket Object Versioning not Enabled | bbb.tf | View in code |
|
Customer Master Key Rotation is Disabled | bbb.tf | View in code |
|
IAM Access Analyzer Is Not Enabled | bbb.tf | View in code |
|
S3 Bucket Server Access Logging is Disabled | bbb.tf | View in code |
Annotations
Check warning on line 29 in bbb.tf
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Customer Master Key Rotation is Disabled
Details:
AWS Key Management Service (KMS) allows customers to rotate the backing key which
is key material stored within the KMS which is tied to the key ID of the Customer
Created customer master key (CMK). It is the backing key that is used to perform
cryptographic operations such as encryption and decryption. Automated key
rotation currently retains all prior backing keys so that decryption of encrypted
data can take place transparently.
Recommendation:
aws_kms_key[testkey].enable_key_rotation should be set to true
Check warning on line 1 in bbb.tf
orca-security-us / Orca Security - Infrastructure as Code
[INFO] IAM Access Analyzer Is Not Enabled
Details:
Enable IAM Access analyzer for IAM policies about all resources. IAM Access
Analyzer is a technology introduced at AWS reinvent 2019. After the Analyzer is
enabled in IAM, scan results are displayed on the console showing the accessible
resources. Scans show resources that other accounts and federated users can
access, such as KMS keys and IAM roles. So the results allow you to determine if
an unintended user is allowed, making it easier for administrators to monitor
least privileges access.
Recommendation:
'aws_accessanalyzer_analyzer' should be set
Check warning on line 1 in bbb.tf
orca-security-us / Orca Security - Infrastructure as Code
[INFO] S3 Bucket Server Access Logging is Disabled
Details:
Ensure that AWS S3 Server Access Logging feature is enabled in order to record
access requests useful for security audits. By default, server access logging is
not enabled for S3 buckets.
Recommendation:
'logging' should be defined and not null
Check warning on line 11 in bbb.tf
orca-security-us / Orca Security - Infrastructure as Code
[LOW] AWS S3 Bucket Without "MFA Delete" Enabled
Details:
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure
that the S3 objects (files) cannot be accidentally or intentionally deleted by
the AWS users that have access to the buckets.
Recommendation:
'enabled' should be set to true
Check warning on line 12 in bbb.tf
orca-security-us / Orca Security - Infrastructure as Code
[LOW] AWS S3 Bucket Without "MFA Delete" Enabled
Details:
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure
that the S3 objects (files) cannot be accidentally or intentionally deleted by
the AWS users that have access to the buckets.
Recommendation:
'mfa_delete' should be set to true
Check warning on line 11 in bbb.tf
orca-security-us / Orca Security - Infrastructure as Code
[LOW] S3 Bucket Object Versioning not Enabled
Details:
Using versioning-enabled S3 buckets will allow you to preserve, retrieve, and
restore every version of an S3 object. S3 versioning can be used for data
protection and retention scenarios such as recovering objects that have been
accidentally/intentionally deleted or overwritten by AWS users or applications
and archiving previous versions of objects to AWS Glacier for long-term low-cost
storage.
Recommendation:
'versioning.enabled' should be true