terraform.aws.best-practice.missing-aws-qldb-deletion-protection.missing-aws-qldb-deletion-protection
semgrepAuthor
unknown
Download Count*
License
The AWS QLDB deletion protection is not enabled.
Run Locally
Run in CI
Defintion
rules:
- id: missing-aws-qldb-deletion-protection
patterns:
- pattern: |
resource "aws_qldb_ledger" $ANYTHING {
...
deletion_protection = false
...
}
message: The AWS QLDB deletion protection is not enabled.
languages:
- hcl
severity: WARNING
metadata:
category: best-practice
technology:
- terraform
- aws
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
missing-aws-qldb-deletion-protection.tf
# pass
resource "aws_qldb_ledger" "default" {
name = "ledger"
permissions_mode = "STANDARD"
}
resource "aws_qldb_ledger" "enabled" {
name = "ledger"
permissions_mode = "STANDARD"
deletion_protection = true
}
# failure
# ruleid: missing-aws-qldb-deletion-protection
resource "aws_qldb_ledger" "disabled" {
name = "ledger"
permissions_mode = "STANDARD"
deletion_protection = false
}
Short Link: https://sg.run/8gvy