Fix: Use list(string) for var.policy
#124
Conversation
![bridgecrew[bot]](https://avatars.githubusercontent.com/in/52968?s=60&v=4){kind=small}
| @@ -9,6 +9,9 @@ locals { | |||
| s3_replication_rules = var.replication_rules == null ? var.s3_replication_rules : var.replication_rules | |||
|
|
|||
| public_access_block_enabled = var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets | |||
|
|
|||
| # Try to return the first element, if that doesn't work, try the tostring approach | |||
There was a problem hiding this comment.
Ensure CloudWatch logs are encrypted at rest using KMS CMKs
Resource: aws_cloudwatch_log_group.app | ID: BC_AWS_LOGGING_21
Description
AWS CloudWatch Logs is a web service that stores logs from various AWS services, including Lambda function runs and ECS tasks. AWS Key Management Service (KMS) is a managed service that helps create and control the encryption keys used to encrypt account data. It uses Hardware Security Modules (HSMs) to protect the security of encryption keys. CloudWatch logs can be configured to leverage server-side encryption (SSE) and KMS customer created master keys (CMK) to further protect log data.We recommend you configure CloudWatch log groups to use SSE-KMS to provide additional confidentiality controls on log data. A given user must have S3 read permission on the corresponding log bucket and must be granted decrypt permission by the CMK policy.
Dependent Resources
Calculating...
🎉 Fixed by commit 90366da - Use list(string) for var.policy.
| @@ -9,6 +9,9 @@ locals { | |||
| s3_replication_rules = var.replication_rules == null ? var.s3_replication_rules : var.replication_rules | |||
|
|
|||
| public_access_block_enabled = var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets | |||
|
|
|||
| # Try to return the first element, if that doesn't work, try the tostring approach | |||
There was a problem hiding this comment.
Ensure CloudWatch logs are encrypted at rest using KMS CMKs
Resource: aws_cloudwatch_log_group.app | ID: BC_AWS_LOGGING_21
Description
AWS CloudWatch Logs is a web service that stores logs from various AWS services, including Lambda function runs and ECS tasks. AWS Key Management Service (KMS) is a managed service that helps create and control the encryption keys used to encrypt account data. It uses Hardware Security Modules (HSMs) to protect the security of encryption keys. CloudWatch logs can be configured to leverage server-side encryption (SSE) and KMS customer created master keys (CMK) to further protect log data.We recommend you configure CloudWatch log groups to use SSE-KMS to provide additional confidentiality controls on log data. A given user must have S3 read permission on the corresponding log bucket and must be granted decrypt permission by the CMK policy.
🎉 Fixed by commit 90366da - Use list(string) for var.policy.
|
This pull request is now in conflict. Could you fix it @korenyoni? 🙏 |
|
Closing in favor of adding |
what
list(string)forvar.policy(in a backwards-compatible fashion).why
references