[BUG] The policy FG_R00274 doesn't work with the new syntax (provider aws 4.x)
rsareth opened this issue · comments
Rasmey SARETH commented
Describe the bug
After upgrading the provider aws from the series 3.x to series 4.x, we observe that the policy FG_R00274 doesn't work anymore. In the code, we can clearly see that the resource aws_s3_bucket_logging is handled. We had to disable the policy and write our own code handling only the new tf resource.
How you're running Regula
- I'm using Regula >= v2.9.3
Operating System
Mac OS and Linux
Steps to reproduce
- Step 1 - Create the TF file with this content:
# OK
resource "aws_s3_bucket" "bucket_old_syntax" {
bucket = "bucket_old_syntax"
logging {
target_bucket = aws_s3_bucket.logbucket.id
target_prefix = "log/"
}
}
resource "aws_s3_bucket" "logbucket" {
bucket = "my-log-bucket"
acl = "log-delivery-write"
logging {
target_bucket = "my-log-bucket"
target_prefix = "log/"
}
}
# KO
resource "aws_s3_bucket" "bucket_new_syntax" {
bucket = "bucket_new_syntax"
}
resource "aws_s3_bucket_logging" "bucket_new_syntax" {
bucket = aws_s3_bucket.bucket_new_syntax.id
target_bucket = aws_s3_bucket.logbucket.id
target_prefix = "log/"
}
- Step 2 - Running regula
$ regula run .
[...]
FG_R00274: S3 bucket access logging should be enabled [Medium]
https://docs.fugue.co/FG_R00274.html
[1]: aws_s3_bucket.bucket_new_syntax
in s3.tf:21:1
[...]
We shouldn't see this alert.
Thank you in advance to look at that.
Rasmey