terraform.aws.best-practice.aws-qldb-inadequate-ledger-permissions-mode.aws-qldb-inadequate-ledger-permissions-mode
semgrep
Author
unknown
Download Count*
License
The AWS QLDB ledger permissions are too permissive. Consider using "'STANDARD'" permissions mode if possible.
Run Locally
Run in CI
Defintion
rules:
- id: aws-qldb-inadequate-ledger-permissions-mode
patterns:
- pattern: |
resource "aws_qldb_ledger" $ANYTHING {
...
permissions_mode = "ALLOW_ALL"
...
}
message: The AWS QLDB ledger permissions are too permissive. Consider using
"'STANDARD'" permissions mode if possible.
languages:
- hcl
severity: WARNING
metadata:
category: best-practice
technology:
- terraform
- aws
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
aws-qldb-inadequate-ledger-permissions-mode.tf
# pass
resource "aws_qldb_ledger" "standard" {
name = "ledger"
permissions_mode = "STANDARD"
}
# failure
# ruleid: aws-qldb-inadequate-ledger-permissions-mode
resource "aws_qldb_ledger" "allow_all" {
name = "ledger"
permissions_mode = "ALLOW_ALL"
}
Short Link: https://sg.run/OyDB