-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.infraspec.hcl
More file actions
43 lines (34 loc) · 1.06 KB
/
Copy path.infraspec.hcl
File metadata and controls
43 lines (34 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# InfraSpec Configuration
# This file configures InfraSpec Gatekeeper for this repository
config {
min_severity = "warning" # Report warnings and errors
format = "text" # Output format (text, json)
strict = false # Don't treat unknowns as violations
# no_builtin = false # Use built-in rules
}
# You can also define rules directly in this file
# These rules apply to all Terraform files in the repository
rule "REPO_001" {
name = "All S3 buckets must have tags"
description = "Repository policy: all S3 buckets must have at least one tag"
severity = "warning"
resource_type = "aws_s3_bucket"
condition {
check {
attribute = "tags"
operator = "exists"
}
}
message = "S3 bucket '{{.resource_name}}' has no tags defined"
remediation = <<-EOT
Add tags to your S3 bucket:
resource "aws_s3_bucket" "example" {
bucket = "my-bucket"
tags = {
Name = "my-bucket"
Environment = "production"
}
}
EOT
tags = ["tagging", "repository-policy"]
}