BOM - AWS EFS
- Query id: f53f16d6-46a9-4277-9fbe-617b1e24cdca
- Query name: BOM - AWS EFS
- Platform: Terraform
- Severity: Trace
- Category: Bill Of Materials
- CWE: 532
- URL: Github
Description¶
A list of EFS resources found. Amazon Elastic File System (Amazon EFS) automatically grows and shrinks as you add and remove files with no need for management or provisioning.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_efs_file_system" "positive1" {
creation_token = "my-product"
encrypted = true
tags = {
Name = "MyProduct"
}
}
Positive test num. 2 - tf file
resource "aws_efs_file_system" "positive2" {
creation_token = "my-product"
encrypted = true
tags = {
Name = "MyProduct"
}
}
resource "aws_efs_file_system_policy" "policy" {
file_system_id = aws_efs_file_system.positive2.id
bypass_policy_lockout_safety_check = true
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
{
"Sid": "ExampleStatement01",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Resource": "${aws_efs_file_system.test.arn}",
"Action": [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}
POLICY
}