IAM Audit Not Properly Configured

  • Query id: 89fe890f-b480-460c-8b6b-7d8b1468adb4
  • Query name: IAM Audit Not Properly Configured
  • Platform: Terraform
  • Severity: High
  • Category: Observability
  • URL: Github

Description

Audit Logging Configuration is defective
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "google_project_iam_audit_config" "positive1" {
  project = "your-project-id"
  service = "some_specific_service"
  audit_log_config {
    log_type = "ADMIN_READ"
  }
  audit_log_config {
    log_type = "DATA_READ"
    exempted_members = [
      "user:joebloggs@hashicorp.com"
    ]
  }
}

resource "google_project_iam_audit_config" "positive2" {
  project = "your-project-id"
  service = "allServices"
  audit_log_config {
    log_type = "INVALID_TYPE"
  }
  audit_log_config {
    log_type = "DATA_READ"
    exempted_members = [
        "user:joebloggs@hashicorp.com"
    ]
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "google_project_iam_audit_config" "negative1" {
  project = "your-project-id"
  service = "allServices"
  audit_log_config {
    log_type = "ADMIN_READ"
  }
  audit_log_config {
    log_type = "DATA_READ"
  }
}