Ensure the S3 bucket has access logging enabled org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled
Ensure the S3 bucket has access logging enabled.
Tags
Recipe source
GitHub , Issue Tracker , Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-terraform
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-terraform:2.2.0
in your build file or by running a shell command (in which case no build changes are needed):
Gradle Gradle init script Maven POM Maven Command Line Moderne CLI
Add the following to your build.gradle
file:
Copy plugins {
id( "org.openrewrite.rewrite" ) version( "6.12.0" )
}
rewrite {
activeRecipe( "org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled" )
}
repositories {
mavenCentral()
}
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-terraform:2.2.0" )
}
Run gradle rewriteRun
to run the recipe.
Create a file named init.gradle
in the root of your project.
Copy initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath( "org.openrewrite:plugin:6.12.0" ) }
}
rootProject {
plugins . apply( org.openrewrite.gradle.RewritePlugin )
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-terraform:2.2.0" )
}
rewrite {
activeRecipe( "org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled" )
}
afterEvaluate {
if (repositories . isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
Run gradle --init-script init.gradle rewriteRun
to run the recipe.
Add the following to your pom.xml
file:
Copy < project >
< build >
< plugins >
< plugin >
< groupId >org.openrewrite.maven</ groupId >
< artifactId >rewrite-maven-plugin</ artifactId >
< version >5.29.0</ version >
< configuration >
< activeRecipes >
< recipe >org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled</ recipe >
</ activeRecipes >
</ configuration >
< dependencies >
< dependency >
< groupId >org.openrewrite.recipe</ groupId >
< artifactId >rewrite-terraform</ artifactId >
< version >2.2.0</ version >
</ dependency >
</ dependencies >
</ plugin >
</ plugins >
</ build >
</ project >
Run mvn rewrite:run
to run the recipe.
Copy mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE -Drewrite.activeRecipes=org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled
You will need to have configured the Moderne CLI on your machine before you can run the following command.
Copy mod run . --recipe EnsureTheS3BucketHasAccessLoggingEnabled
Definition
Recipe List Yaml Recipe List
Add Terraform configuration
resourceName: aws_s3_bucket
content: logging { target_bucket = var.target_bucket target_prefix = "log/${var.s3_bucket_name}" }
Copy ---
type : specs.openrewrite.org/v1beta/recipe
name : org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled
displayName : Ensure the S3 bucket has access logging enabled
description : Ensure the S3 bucket has access logging enabled.
tags :
- terraform
- CKV_AWS_18
- AWS
recipeList :
- org.openrewrite.terraform.AddConfiguration :
resourceName : aws_s3_bucket
content : logging {
target_bucket = var.target_bucket
target_prefix = "log/${var.s3_bucket_name}"
}
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Jonathan Schneider , Aaron Gershman , pocan101 , Kun Li , Knut Wannheden , Sam Snyder