Skip to content

Setting S3 ACL to private #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rbaccus wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Setting S3 ACL to private #5

rbaccus wants to merge 1 commit into from

Conversation

@rbaccus
Copy link
Owner

@rbaccus rbaccus commented Nov 6, 2024

No description provided.

prisma-cloud-devsecops[bot]
prisma-cloud-devsecops bot reviewed Nov 6, 2024
View reviewed changes
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prisma Cloud has found errors in this PR ⬇️

main.tf
bucket = "${local.resource_prefix.value}-data"
region = "us-west-2"
acl = "public-read"
acl = "private"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM  An S3 bucket must have a lifecycle configuration
    Resource: aws_s3_bucket.data | Checkov ID: CKV2_AWS_61

How to Fix

resource "aws_s3_bucket" "bucket" {
  bucket = "bucket"
  acl    = "private”

  lifecycle_rule {
    id      = "expire"
    status  = "Enabled"
    prefix  = "logs/"
    transition {
      days          = 30
      storage_class = "STANDARD_IA"
    }
    expiration {
      days = 90
    }
  }
}

Description

This policy detects whether an S3 bucket in AWS has a lifecycle configuration or not. A lifecycle configuration on an S3 bucket helps to manage objects so they can be automatically transitioned to other storage classes or expire after a certain period. This is crucial for cost effective data management and storage optimization.

main.tf
bucket = "${local.resource_prefix.value}-data"
region = "us-west-2"
acl = "public-read"
acl = "private"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM  S3 buckets missing data classification tag
    Resource: aws_s3_bucket.data | Policy ID: 1072680733040327680_AWS_1708016052717

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisma-cloud-devsecops prisma-cloud-devsecops[bot] prisma-cloud-devsecops[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rbaccus