Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Dynamically using retention policy for SFTP's log group. #38

Merged
merged 2 commits into from
Jan 10, 2024
Merged

Feat: Dynamically using retention policy for SFTP's log group. #38

merged 2 commits into from
Jan 10, 2024

Conversation

nileshgadgi
Copy link
Member

what

  • Using dynamic retention policy allocation for SFTP's Cloudwatch Log group.

why

  • Default value for 30 Das and static, having dependency of retention in i-sec so did dynamic changes.

@nileshgadgi nileshgadgi added the bug Something isn't working label Jan 10, 2024
@nileshgadgi nileshgadgi self-assigned this Jan 10, 2024
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = var.retention_in_days
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             114.285µs
  parsing              65.123344ms
  adaptation           122.279µs
  checks               4.209587ms
  total                69.569495ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     46
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

themaniskshah
themaniskshah previously approved these changes Jan 10, 2024
View reviewed changes
vaibhav7797
vaibhav7797 approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@vaibhav7797 vaibhav7797 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = var.retention_in_days
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             86.951µs
  parsing              136.732242ms
  adaptation           120.524µs
  checks               3.168633ms
  total                140.10835ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     46
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@themaniskshah themaniskshah merged commit a24cf94 into master Jan 10, 2024
21 checks passed
@delete-merged-branch delete-merged-branch bot deleted the feat/retention branch January 10, 2024 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@themaniskshah themaniskshah themaniskshah approved these changes

@vaibhav7797 vaibhav7797 vaibhav7797 approved these changes

@theprashantyadav theprashantyadav Awaiting requested review from theprashantyadav

@h1manshu98 h1manshu98 Awaiting requested review from h1manshu98

@d4kverma d4kverma Awaiting requested review from d4kverma

@anmolnagpal anmolnagpal Awaiting requested review from anmolnagpal anmolnagpal is a code owner

@clouddrove-ci clouddrove-ci Awaiting requested review from clouddrove-ci clouddrove-ci is a code owner

Assignees

@nileshgadgi nileshgadgi

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nileshgadgi @clouddrove-ci @themaniskshah @vaibhav7797 @anmolnagpal