Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDS Data Security policy incorrect policy description #538

Closed
cesar-rodriguez opened this issue Feb 4, 2021 · 1 comment
Closed

RDS Data Security policy incorrect policy description #538

cesar-rodriguez opened this issue Feb 4, 2021 · 1 comment
Labels
bug good first issue

Comments

@cesar-rodriguez
Copy link
Contributor

  • terrascan version: v1.3.2
  • Operating System: Any

Description

The description of AWS.RDS.DataSecurity.High.0414.json doesn't match what the associated rego policies does. This policy is checking weather the database instance has been encrypted, but the message is indicating that automated backups aren't enabled.

What I Did

Example terraform:

resource "aws_db_instance" "secureInstance" {
  allocated_storage                   = 20
  storage_type                        = "gp2"
  engine                              = "mysql"
  engine_version                      = "5.7"
  instance_class                      = "db.t2.micro"
  name                                = "mydb"
  backup_retention_period             = 90
  iam_database_authentication_enabled = true
  auto_minor_version_upgrade          = true
}

Here's the error message from Terrascan but as you can see above "backup_retention_period" was specified. What's missing is "kms_key_id".

$ terrascan scan -t aws .                


Violation Details -
    
        Description    :        Ensure that your RDS database instances have automated backups enabled for point-in-time recovery. To back up your database instances, AWS RDS take automatically a full daily snapshot of your data (with transactions logs) during the specified backup window and keeps the backups for a limited period of time (known as retention period) defined by the instance owner.
        File           :        aws_db_instance.tf
        Line           :        5
        Severity       :        HIGH
        -----------------------------------------------------------------------


Scan Summary -

        File/Folder         :   /Users/therasec/programming/test_dirs/success
        IaC Type            :   terraform
        Scanned At          :   2021-02-04 03:04:00.301155 +0000 UTC
        Policies Validated  :   149
        Violated Policies   :   1
        Low                 :   0
        Medium              :   0
        High                :   1
@alex-petrov-vt alex-petrov-vt mentioned this issue Feb 7, 2021
Merged
@cesar-rodriguez
Copy link
Contributor Author

Fixed in #542

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cesar-rodriguez