Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update s3.tf #67

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions s3.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ resource "aws_s3_bucket" "default" {
object_lock_enabled = "Enabled"
}
}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM   my policy
    Resource: aws_s3_bucket.default | ID: 927241494778216448_AWS_1663000409666

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Sep 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM   my yaml policy
    Resource: aws_s3_bucket.default | ID: 927241494778216448_AWS_1663002247933

Description

my policy guidelines

}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
}
}
resource "aws_s3_bucket" "default_log_bucket" {
bucket = "default-log-bucket"
}
resource "aws_s3_bucket_logging" "default" {
bucket = aws_s3_bucket.default.id
target_bucket = aws_s3_bucket.default_log_bucket.id
target_prefix = "log/"
}
MEDIUM   AWS Access logging not enabled on S3 buckets
    Resource: aws_s3_bucket.default | ID: BC_AWS_S3_13

Description

Access logging provides detailed audit logging for all objects and folders in an S3 bucket.

Benchmarks

  • HIPAA 164.312(B) Audit controls


resource "aws_s3_bucket_public_access_block" "default" {
Expand Down