Create f1.tf#50
Conversation
![jit-ci[bot]](https://avatars.githubusercontent.com/in/142441?s=60&v=4){kind=small}
| @@ -0,0 +1,9 @@ | |||
| module "s3_bucket" { | |||
There was a problem hiding this comment.
Security control: Iac Misconfig Detection
Type: S3 Bucket Without Restriction Of Public Bucket
Description: S3 bucket without restriction of public bucket
Severity: HIGH
Fix suggestion:
This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.
Suggestion guidelines
Issue Type: MissingAttribute
Expected value: 'restrict_public_buckets' is equal 'true'
Actual value: 'restrict_public_buckets' is missing
| module "s3_bucket" { | |
| module "s3_bucket" { | |
| restrict_public_buckets = true |
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
| version = "3.7.0" | ||
| bucket = "my-s3-bucket" | ||
| acl = "public-read-write" | ||
| versioning = { |
There was a problem hiding this comment.
Security control: Iac Misconfig Detection
Type: S3 Bucket Without Enabled Mfa Delete
Description: S3 bucket without MFA Delete Enabled. MFA delete cannot be enabled through Terraform, it can be done by adding a MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable.html) and enabling versioning and MFA delete by using AWS CLI: 'aws s3api put-bucket-versioning --versioning-configuration=Status=Enabled,MFADelete=Enabled --bucket=<BUCKET_NAME> --mfa=<MFA_SERIAL_NUMBER>'. Please, also notice that MFA delete can not be used with lifecycle configurations
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
| source = "terraform-aws-modules/s3-bucket/aws" | ||
| version = "3.7.0" | ||
| bucket = "my-s3-bucket" | ||
| acl = "public-read-write" |
There was a problem hiding this comment.
Security control: Iac Misconfig Detection
Type: S3 Bucket Acl Allows Read Or Write To All Users
Description: S3 Buckets should not be readable and writable to all users
Severity: HIGH
Fix suggestion:
This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.
Suggestion guidelines
Consider changing the permissions to private
| acl = "public-read-write" | |
| acl = "private" |
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
| source = "terraform-aws-modules/s3-bucket/aws" | ||
| version = "3.7.0" | ||
| bucket = "my-s3-bucket" | ||
| acl = "public-read-write" |
There was a problem hiding this comment.
Security control: Iac Misconfig Detection
Type: Cloudtrail Log Files S3 Bucket Is Publicly Accessible
Description: CloudTrail Log Files S3 Bucket should not be publicly accessible
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
| @@ -0,0 +1,9 @@ | |||
| module "s3_bucket" { | |||
There was a problem hiding this comment.
Security control: Iac Misconfig Detection
Type: S3 Bucket Sse Disabled
Description: If algorithm is AES256 then the master key is null, empty or undefined, otherwise the master key is required
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
| @@ -0,0 +1,9 @@ | |||
| module "s3_bucket" { | |||
There was a problem hiding this comment.
Security control: Iac Misconfig Detection
Type: S3 Bucket Allows Public Policy
Description: S3 bucket allows public policy
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
![jit-ci-birds[bot]](https://avatars.githubusercontent.com/in/162019?s=60&v=4){kind=small}
There was a problem hiding this comment.
❌ Jit has detected important findings in this PR that you should review.
Click here to view these findings on Jit.
1 participant
No description provided.