Reference
Recipes
Terraform
AWS
Design Partners
Best practices for AWS
** org.openrewrite.terraform.aws.AWSBestPractices** Securely operate on Amazon Web Services.

Tags

  • terraform
  • AWS

Source

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-terraform
  • version: 1.6.0

Usage

This recipe has no required configuration options and can be activated directly after taking a dependency on org.openrewrite.recipe:rewrite-terraform:1.6.0 in your build file:
Gradle
Maven
build.gradle
1
plugins {
2
id("org.openrewrite.rewrite") version("5.22.2")
3
}
4
5
rewrite {
6
activeRecipe("org.openrewrite.terraform.aws.AWSBestPractices")
7
}
8
9
repositories {
10
mavenCentral()
11
}
12
13
dependencies {
14
rewrite("org.openrewrite.recipe:rewrite-terraform:1.6.0")
15
}
Copied!
pom.xml
1
<project>
2
<build>
3
<plugins>
4
<plugin>
5
<groupId>org.openrewrite.maven</groupId>
6
<artifactId>rewrite-maven-plugin</artifactId>
7
<version>4.25.0</version>
8
<configuration>
9
<activeRecipes>
10
<recipe>org.openrewrite.terraform.aws.AWSBestPractices</recipe>
11
</activeRecipes>
12
</configuration>
13
<dependencies>
14
<dependency>
15
<groupId>org.openrewrite.recipe</groupId>
16
<artifactId>rewrite-terraform</artifactId>
17
<version>1.6.0</version>
18
</dependency>
19
</dependencies>
20
</plugin>
21
</plugins>
22
</build>
23
</project>
Copied!
Recipes can also be activated directly from the command line by adding the argument -Drewrite.activeRecipesorg.openrewrite.terraform.aws.AWSBestPractices

Definition

Recipe List
Yaml Recipe List
1
---
2
type: specs.openrewrite.org/v1beta/recipe
3
name: org.openrewrite.terraform.aws.AWSBestPractices
4
displayName: Best practices for AWS
5
description: Securely operate on Amazon Web Services.
6
tags:
7
- terraform
8
- AWS
9
recipeList:
10
- org.openrewrite.terraform.aws.EncryptEBSVolumes
11
- org.openrewrite.terraform.aws.EncryptEBSSnapshots
12
- org.openrewrite.terraform.aws.EnsureAWSElasticsearchDomainEncryptionForDataAtRestIsEnabled
13
- org.openrewrite.terraform.aws.EnsureAWSElasticsearchHasNodeToNodeEncryptionEnabled
14
- org.openrewrite.terraform.aws.EnsureAWSCMKRotationIsEnabled
15
- org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration
16
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyExpiresPasswordsWithin90DaysOrLess
17
- org.openrewrite.terraform.aws.EnsureAWSIAMPasswordPolicyHasAMinimumOf14Characters
18
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneLowercaseLetter
19
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneNumber
20
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyPreventsPasswordReuse
21
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneSymbol
22
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneUppercaseLetter
23
- org.openrewrite.terraform.aws.EncryptRDSClusters
24
- org.openrewrite.terraform.aws.EnsureAWSRDSDatabaseInstanceIsNotPubliclyAccessible
25
- org.openrewrite.terraform.aws.EnsureDataStoredInAnS3BucketIsSecurelyEncryptedAtRest
26
- org.openrewrite.terraform.aws.EnsureAWSS3ObjectVersioningIsEnabled
27
- org.openrewrite.terraform.aws.EnableDynamoDbPITR
28
- org.openrewrite.terraform.aws.EncryptElastiCacheRedisAtRest
29
- org.openrewrite.terraform.aws.EncryptElastiCacheRedisInTransit
30
- org.openrewrite.terraform.aws.EnableECRScanOnPush
31
- org.openrewrite.terraform.aws.UseHttpsForCloudfrontDistribution
32
- org.openrewrite.terraform.aws.EnsureCloudTrailLogFileValidationIsEnabled
33
- org.openrewrite.terraform.aws.EnsureAmazonEKSControlPlaneLoggingEnabledForAllLogTypes
34
- org.openrewrite.terraform.aws.EnsureAWSEKSClusterEndpointAccessIsPubliclyDisabled
35
- org.openrewrite.terraform.aws.EnsureAWSEFSWithEncryptionForDataAtRestIsEnabled
36
- org.openrewrite.terraform.aws.EnsureKinesisStreamIsSecurelyEncrypted
37
- org.openrewrite.terraform.aws.EncryptNeptuneStorage
38
- org.openrewrite.terraform.aws.EncryptDAXStorage
39
- org.openrewrite.terraform.aws.EnsureAWSLambdaFunctionsHaveTracingEnabled
40
- org.openrewrite.terraform.aws.ImmutableECRTags
41
- org.openrewrite.terraform.aws.EncryptRedshift
42
- org.openrewrite.terraform.aws.EncryptDocumentDB
43
- org.openrewrite.terraform.aws.DisableInstanceMetadataServiceV1
44
- org.openrewrite.terraform.aws.EnsureAWSElasticsearchDomainsHaveEnforceHTTPSEnabled
45
- org.openrewrite.terraform.aws.EncryptAuroraClusters
46
- org.openrewrite.terraform.aws.EncryptEFSVolumesInECSTaskDefinitionsInTransit
47
- org.openrewrite.terraform.aws.EnsureAWSLambdaFunctionIsConfiguredForFunctionLevelConcurrentExecutionLimit
48
- org.openrewrite.terraform.aws.EnsureEnhancedMonitoringForAmazonRDSInstancesIsEnabled
49
- org.openrewrite.terraform.aws.EnableApiGatewayCaching
50
- org.openrewrite.terraform.aws.EnsureDetailedMonitoringForEC2InstancesIsEnabled
51
- org.openrewrite.terraform.aws.EnsureRespectiveLogsOfAmazonRDSAreEnabled
52
- org.openrewrite.terraform.aws.EnsureVPCSubnetsDoNotAssignPublicIPByDefault
53
- org.openrewrite.terraform.aws.EnsureEC2IsEBSOptimized
54
- org.openrewrite.terraform.aws.EnsureECRRepositoriesAreEncrypted
55
- org.openrewrite.terraform.aws.EncryptCodeBuild
56
- org.openrewrite.terraform.aws.EnsureRDSInstancesHaveMultiAZEnabled
57
- org.openrewrite.terraform.aws.EnsureRDSDatabaseHasIAMAuthenticationEnabled
Copied!
Export as PDF
Copy link