Global Accelerator Flow Logs Disabled
- Query id: 96e8183b-e985-457b-90cd-61c0503a3369
- Query name: Global Accelerator Flow Logs Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Global Accelerator should have flow logs enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_globalaccelerator_accelerator" "positive1" {
name = "Example"
ip_address_type = "IPV4"
enabled = true
}
Positive test num. 2 - tf file
resource "aws_globalaccelerator_accelerator" "positive2" {
name = "Example"
ip_address_type = "IPV4"
enabled = true
attributes {
flow_logs_s3_bucket = "example-bucket"
flow_logs_s3_prefix = "flow-logs/"
}
}
Positive test num. 3 - tf file
resource "aws_globalaccelerator_accelerator" "positive3" {
name = "Example"
ip_address_type = "IPV4"
enabled = true
attributes {
flow_logs_enabled = false
}
}