OSS Bucket Logging Disabled
- Query id: 05db341e-de7d-4972-a106-3e2bd5ee53e1
- Query name: OSS Bucket Logging Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
OSS Bucket should have logging enabled, for better visibility of resources and objects.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_oss_bucket" "bucket_logging2" {
bucket = "bucket-170309-acl"
acl = "public-read"
}
Positive test num. 2 - tf file
resource "alicloud_oss_bucket" "bucket_logging1" {
bucket = "bucket-170309-logging"
logging_isenable = false
logging {
target_bucket = alicloud_oss_bucket.bucket-target.id
target_prefix = "log/"
}
}