From d593e662f23b397df42ecd0269180a3ec7c7951e Mon Sep 17 00:00:00 2001 From: joeyrogo <67221823+joeyrogo@users.noreply.github.com> Date: Thu, 14 Dec 2023 13:18:47 -0500 Subject: [PATCH 1/6] Update ec2.tf --- terraform/aws/ec2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws/ec2.tf b/terraform/aws/ec2.tf index 00e0ba940f..29daf24e84 100644 --- a/terraform/aws/ec2.tf +++ b/terraform/aws/ec2.tf @@ -11,7 +11,7 @@ resource "aws_instance" "web_host" { sudo apt-get update sudo apt-get install -y apache2 sudo systemctl start apache2 -sudo systemctl enable apache2 +sudo systemctl enable apache2 export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMAAA export AWS_SECRET_ACCESS_KEY=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 export AWS_DEFAULT_REGION=us-west-2 From a7a034a5fc3ed7239e4726d0bf852ee74f038923 Mon Sep 17 00:00:00 2001 From: joeyrogo <67221823+joeyrogo@users.noreply.github.com> Date: Thu, 14 Dec 2023 13:30:55 -0500 Subject: [PATCH 2/6] Update ec2.tf --- terraform/aws/ec2.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/terraform/aws/ec2.tf b/terraform/aws/ec2.tf index 29daf24e84..8ed0d178ea 100644 --- a/terraform/aws/ec2.tf +++ b/terraform/aws/ec2.tf @@ -31,6 +31,9 @@ EOF }) } + + + resource "aws_ebs_volume" "web_host_storage" { # unencrypted volume availability_zone = "${var.region}a" From 17d1962665bf6378cefaf10a3defcfd9df8712ae Mon Sep 17 00:00:00 2001 From: "prisma-cloud-devsecops[bot]" <89982750+prisma-cloud-devsecops[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 18:33:52 +0000 Subject: [PATCH 3/6] Prisma Cloud has found BC_AWS_GENERAL_38 --- terraform/aws/rds.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/aws/rds.tf b/terraform/aws/rds.tf index b9d5b5aebe..8e3b245c08 100644 --- a/terraform/aws/rds.tf +++ b/terraform/aws/rds.tf @@ -92,6 +92,7 @@ resource "aws_rds_cluster" "app6-rds-cluster" { git_repo = "terragoat" yor_trace = "fcffb961-d859-4be5-997f-d51b50665ada" } + storage_encrypted = true } resource "aws_rds_cluster" "app7-rds-cluster" { From 77f8c88cd4884057fed25091ce90cad73ec45fc8 Mon Sep 17 00:00:00 2001 From: panwjoe <99195980+panwjoe@users.noreply.github.com> Date: Tue, 17 Sep 2024 11:28:38 -0700 Subject: [PATCH 4/6] comit --- terraform/aws/main.tf | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 terraform/aws/main.tf diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf new file mode 100644 index 0000000000..03acad6819 --- /dev/null +++ b/terraform/aws/main.tf @@ -0,0 +1,32 @@ +provider "aws" { + region = "us-east-1" +} + +resource "aws_instance" "example" { + ami = "ami-0c94855ba95c71c99" # Amazon Linux 2 AMI + instance_type = "t2.micro" + security_groups = [aws_security_group.open_sg.name] + + tags = { + Name = "ExampleInstance" + } +} + +resource "aws_security_group" "open_sg" { + name = "open_security_group" + description = "Security group with all ports open" + + ingress { + from_port = 0 + to_port = 65535 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Open to the entire internet + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} From 5f1ea1a6526cb26d18bbfcffb1c8328a166cdca6 Mon Sep 17 00:00:00 2001 From: joeyrogo <67221823+joeyrogo@users.noreply.github.com> Date: Fri, 7 Mar 2025 13:59:49 -0500 Subject: [PATCH 5/6] commit --- terraform/aws/ec2.tf | 2 ++ terraform/aws/s3.tf | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/terraform/aws/ec2.tf b/terraform/aws/ec2.tf index 8ed0d178ea..021f0a91f5 100644 --- a/terraform/aws/ec2.tf +++ b/terraform/aws/ec2.tf @@ -51,8 +51,10 @@ resource "aws_ebs_volume" "web_host_storage" { git_repo = "terragoat" yor_trace = "c5509daf-10f0-46af-9e03-41989212521d" }) + encrypted = false } + resource "aws_ebs_snapshot" "example_snapshot" { # ebs snapshot without encryption volume_id = "${aws_ebs_volume.web_host_storage.id}" diff --git a/terraform/aws/s3.tf b/terraform/aws/s3.tf index a2a2ed78fe..6273dcc7cc 100644 --- a/terraform/aws/s3.tf +++ b/terraform/aws/s3.tf @@ -20,6 +20,18 @@ resource "aws_s3_bucket" "data" { }) } + +resource "aws_s3_bucket_versioning" "data" { + bucket = aws_s3_bucket.data.id + + versioning_configuration { + status = "Enabled" + } +} + + + + resource "aws_s3_bucket_object" "data_object" { bucket = aws_s3_bucket.data.id key = "customer-master.xlsx" @@ -139,3 +151,15 @@ resource "aws_s3_bucket" "logs" { yor_trace = "01946fe9-aae2-4c99-a975-e9b0d3a4696c" }) } + + +resource "aws_s3_bucket" "logs_log_bucket" { + bucket = "logs-log-bucket" +} + +resource "aws_s3_bucket_logging" "logs" { + bucket = aws_s3_bucket.logs.id + + target_bucket = aws_s3_bucket.logs_log_bucket.id + target_prefix = "log/" +} From bcf242619113e5b6eabf6eb1fbbdf8c07e0abe20 Mon Sep 17 00:00:00 2001 From: joeyrogo <67221823+joeyrogo@users.noreply.github.com> Date: Fri, 7 Mar 2025 14:36:20 -0500 Subject: [PATCH 6/6] commit --- terraform/aws/ec2.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/aws/ec2.tf b/terraform/aws/ec2.tf index 021f0a91f5..6e28371f61 100644 --- a/terraform/aws/ec2.tf +++ b/terraform/aws/ec2.tf @@ -52,6 +52,7 @@ resource "aws_ebs_volume" "web_host_storage" { yor_trace = "c5509daf-10f0-46af-9e03-41989212521d" }) encrypted = false + # Joe }