From 56457a441948dfdb0512ff7af4ddcc8bba7311ee Mon Sep 17 00:00:00 2001 From: "bridgecrew-dev[bot]" <83754225+bridgecrew-dev[bot]@users.noreply.github.com> Date: Thu, 9 Feb 2023 13:07:43 +0000 Subject: [PATCH] Bridgecrew has found BC_AWS_GENERAL_56 and 4 other error(s) --- terraform/aws/s3.tf | 92 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/terraform/aws/s3.tf b/terraform/aws/s3.tf index 0a0dbb1299..aa706c359b 100644 --- a/terraform/aws/s3.tf +++ b/terraform/aws/s3.tf @@ -20,6 +20,98 @@ resource "aws_s3_bucket" "data" { }) } + +resource "aws_s3_bucket_server_side_encryption_configuration" "data" { + bucket = aws_s3_bucket.data.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + } +} + + + +resource "aws_s3_bucket" "data_log_bucket" { + bucket = "data-log-bucket" +} + +resource "aws_s3_bucket_logging" "data" { + bucket = aws_s3_bucket.data.id + + target_bucket = aws_s3_bucket.data_log_bucket.id + target_prefix = "log/" +} + + +resource "aws_s3_bucket_versioning" "data" { + bucket = aws_s3_bucket.data.id + + versioning_configuration { + status = "Enabled" + } +} + + +resource "aws_s3_bucket_server_side_encryption_configuration" "data" { + bucket = aws_s3_bucket.data.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + + +resource "aws_s3_bucket_versioning" "data" { + bucket = aws_s3_bucket.data.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket" "destination" { + bucket = aws_s3_bucket.data.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_iam_role" "replication" { + name = "aws-iam-role" + assume_role_policy = <