ROS Stack Notifications Disabled

  • Query id: 9ef08939-ea40-489c-8851-667870b2ef50
  • Query name: ROS Stack Notifications Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Observability
  • URL: Github

Description

The ROS Stack Notifications should be defined and populated to receive stack related events
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_ros_stack" "example" {
  stack_name        = "tf-testaccstack"
  notification_urls = []
  template_body     = <<EOF
    {
        "ROSTemplateFormatVersion": "2015-09-01"
    }
    EOF
  stack_policy_body = <<EOF
    {
        "Statement": [{
            "Action": "Update:Delete",
            "Resource": "*",
            "Effect": "Allow",
            "Principal": "*"
        }]
    }
    EOF
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_ros_stack" "example" {
  stack_name        = "tf-testaccstack"
  notification_urls = ["oss://ros/stack-notification/demo"]
  template_body     = <<EOF
    {
        "ROSTemplateFormatVersion": "2015-09-01"
    }
    EOF
  stack_policy_body = <<EOF
    {
        "Statement": [{
            "Action": "Update:Delete",
            "Resource": "*",
            "Effect": "Allow",
            "Principal": "*"
        }]
    }
    EOF
}