ROS Stack Without Template

• Query id: 92d65c51-5d82-4507-a2a1-d252e9706855
• Query name: ROS Stack Without Template
• Platform: Terraform
• Severity: Medium
• Category: Build Process
• CWE: 20
• URL: Github

Description

Alicloud ROS Stack should have a template defined through the attribute template_url or attribute template_body
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "alicloud_ros_stack" "example" {
  stack_name        = "tf-testaccstack"

  stack_policy_body = <<EOF
    {
        "Statement": [{
            "Action": "Update:Delete",
            "Resource": "*",
            "Effect": "Allow",
            "Principal": "*"
        }]
    }
    EOF
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "alicloud_ros_stack" "example1" {
  stack_name        = "tf-testaccstack1"
  template_body     = <<EOF
    {
        "ROSTemplateFormatVersion": "2015-09-01"
    }
    EOF
  stack_policy_body = <<EOF
    {
        "Statement": [{
            "Action": "Update:Delete",
            "Resource": "*",
            "Effect": "Allow",
            "Principal": "*"
        }]
    }
    EOF
}