Add the policy for checking AWS secret and access key in Instance User data. about terrascan HOT 6 OPEN

@cesar-rodriguez is there any guide on how to contribute to terrascan policies?. I wrote an OPA for the above misconfiguration. However, if there is any guide to contribute, I would love to know.

from terrascan.

Hi @harkirat22. We still need to add better documentation on how to contribute policies, but a good place to get started is this comment from @williepaul : #326 (comment)

Here's also a policy only PR that was recently merge you could use as a reference: #350

Feel free to comment here if you get stuck or have any questions. Looking forward to your contribution!

from terrascan.

@cesar-rodriguez. Yup sure, I will have a look at that. I have written OPA policies and ran them on terraform plan converted to JSON format. I will write the same as per terrascan format.

from terrascan.

@cesar-rodriguez @williepaul, I wrote the policy for this issue. Please have a look, afterwards, I will create a pull request
I war trying to create the same format as most of the policies have under aws. Some have rc with base64, which I checked is having a remidiation code, do I have to include it for this policy?

package accurics
EC2withSecrets[retVal] {
pattern := ["[A-Za-z0-9/+=]{40}","(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}","("|')?(AWS|aws|Aws)??(SECRET|secret|Secret)??(ACCESS|access|Access)??(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?"]
some i
instance := input.aws_instance[]
user_data := instance.config.user_data
regex.match(pattern[i],user_data)
retVal := { "Id": instance.id, "ReplaceType": "edit", "CodeType": "block", "Traverse": "", "Attribute": "", "AttributeDataType": "", "Expected": "No AWS Secrets in user data", "Actual": instance.config.user_data }

}

from terrascan.

Looks good @harkirat22! No need to include rc for this. Thanks!

from terrascan.

@harkirat22 , Can we close this issue? Is there any action pending on this one?

from terrascan.