MQ Broker Logging Disabled
- Query id: 31245f98-a6a9-4182-9fc1-45482b9d030a
- Query name: MQ Broker Logging Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Check if MQ Brokers don't have logging enabled in any of the two options possible (audit and general).
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_mq_broker" "positive1" {
broker_name = "no-logging"
}
resource "aws_mq_broker" "positive2" {
broker_name = "partial-logging"
logs {
general = true
}
}
resource "aws_mq_broker" "positive3" {
broker_name = "disabled-logging"
logs {
general = false
audit = true
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_mq_broker" "negative1" {
broker_name = "example"
configuration {
id = aws_mq_configuration.test.id
revision = aws_mq_configuration.test.latest_revision
}
engine_type = "ActiveMQ"
engine_version = "5.15.0"
host_instance_type = "mq.t2.micro"
security_groups = [aws_security_group.test.id]
user {
username = "ExampleUser"
password = "MindTheGap"
}
logs {
general = true
audit = true
}
}