DocDB Logging Is Disabled
- Query id: 2ca87964-fe7e-4cdc-899c-427f0f3525f8
- Query name: DocDB Logging Is Disabled
- Platform: Pulumi
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
DocDB logging should be enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
name: my-pulumi-project
runtime: nodejs
config:
aws:region: us-east-1
resources:
aws:docdb/cluster:
type: aws:docdb:Cluster
properties:
backupRetentionPeriod: 5
clusterIdentifier: my-docdb-cluster
engine: docdb
masterPassword: mustbeeightchars
masterUsername: foo
preferredBackupWindow: 07:00-09:00
skipFinalSnapshot: true
Positive test num. 2 - yaml file
name: my-pulumi-project
runtime: nodejs
config:
aws:region: us-east-1
resources:
aws:docdb/cluster:
type: aws:docdb:Cluster
properties:
backupRetentionPeriod: 5
clusterIdentifier: my-docdb-cluster
engine: docdb
masterPassword: mustbeeightchars
masterUsername: foo
preferredBackupWindow: 07:00-09:00
skipFinalSnapshot: true
enabledCloudwatchLogsExports: []
Positive test num. 3 - yaml file
name: my-pulumi-project
runtime: nodejs
config:
aws:region: us-east-1
resources:
aws:docdb/cluster:
type: aws:docdb:Cluster
properties:
backupRetentionPeriod: 5
clusterIdentifier: my-docdb-cluster
engine: docdb
masterPassword: mustbeeightchars
masterUsername: foo
preferredBackupWindow: 07:00-09:00
skipFinalSnapshot: true
enabledCloudwatchLogsExports:
- audit
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
name: my-pulumi-project
runtime: nodejs
config:
aws:region: us-east-1
resources:
aws:docdb/cluster:
type: aws:docdb:Cluster
properties:
backupRetentionPeriod: 5
clusterIdentifier: my-docdb-cluster
engine: docdb
masterPassword: mustbeeightchars
masterUsername: foo
preferredBackupWindow: 07:00-09:00
skipFinalSnapshot: true
enabledCloudwatchLogsExports:
- audit
- profiler