ROS Stack Notifications Disabled

• Query id: 9ef08939-ea40-489c-8851-667870b2ef50
• Query name: ROS Stack Notifications Disabled
• Platform: Terraform
• Severity: Medium
• Category: Observability
• URL: Github

Description

The ROS Stack Notifications should be defined and populated to receive stack related events
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "alicloud_ros_stack" "example" {
  stack_name        = "tf-testaccstack"
  notification_urls = []
  template_body     = <<EOF
    {
        "ROSTemplateFormatVersion": "2015-09-01"
    }
    EOF
  stack_policy_body = <<EOF
    {
        "Statement": [{
            "Action": "Update:Delete",
            "Resource": "*",
            "Effect": "Allow",
            "Principal": "*"
        }]
    }
    EOF
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "alicloud_ros_stack" "example" {
  stack_name        = "tf-testaccstack"
  notification_urls = ["oss://ros/stack-notification/demo"]
  template_body     = <<EOF
    {
        "ROSTemplateFormatVersion": "2015-09-01"
    }
    EOF
  stack_policy_body = <<EOF
    {
        "Statement": [{
            "Action": "Update:Delete",
            "Resource": "*",
            "Effect": "Allow",
            "Principal": "*"
        }]
    }
    EOF
}