Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable access logs #41

Merged
merged 3 commits into from
Mar 19, 2025
Merged

Enable access logs #41

merged 3 commits into from
Mar 19, 2025

Conversation

kunduso
Copy link
Owner

@kunduso kunduso commented Mar 19, 2025

This pr closes #40

@kunduso kunduso self-assigned this Mar 19, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 19, 2025
View reviewed changes
loadbalancer.tf Outdated
Comment on lines 58 to 74
resource "aws_s3_bucket" "artifacts" {
bucket = "${data.aws_caller_identity.current.account_id}-${var.name}-artifacts"
force_destroy = true

#checkov:skip=CKV_AWS_18: AWS Access logging not enabled on S3 buckets
#checkov:skip=CKV2_AWS_61: An S3 bucket must have a lifecycle configuration
#Above rules are for deprecated properties.

#checkov:skip=CKV_AWS_144: S3 bucket cross-region replication disabled
#This bucket is used for storing access logs for the load balancer, and does not require another bucket to store this bucket's access logs.

#checkov:skip=CKV_AWS_21: AWS S3 Object Versioning is disabled
#The items in this S3 bucket do not require versioning.

#checkov:skip=CKV2_AWS_62: S3 buckets do not have event notifications enabled
#The items in this s3 bucket are access logs and do not require any event notifications to be sent anywhere.
}

Check warning

Code scanning / checkov

Ensure that S3 buckets are encrypted with KMS by default Warning

Ensure that S3 buckets are encrypted with KMS by default
loadbalancer.tf Outdated
Comment on lines 58 to 74
resource "aws_s3_bucket" "artifacts" {
bucket = "${data.aws_caller_identity.current.account_id}-${var.name}-artifacts"
force_destroy = true

#checkov:skip=CKV_AWS_18: AWS Access logging not enabled on S3 buckets
#checkov:skip=CKV2_AWS_61: An S3 bucket must have a lifecycle configuration
#Above rules are for deprecated properties.

#checkov:skip=CKV_AWS_144: S3 bucket cross-region replication disabled
#This bucket is used for storing access logs for the load balancer, and does not require another bucket to store this bucket's access logs.

#checkov:skip=CKV_AWS_21: AWS S3 Object Versioning is disabled
#The items in this S3 bucket do not require versioning.

#checkov:skip=CKV2_AWS_62: S3 buckets do not have event notifications enabled
#The items in this s3 bucket are access logs and do not require any event notifications to be sent anywhere.
}

Check warning

Code scanning / checkov

Ensure S3 buckets should have event notifications enabled Warning

Ensure S3 buckets should have event notifications enabled
loadbalancer.tf Outdated
Comment on lines 58 to 74
resource "aws_s3_bucket" "artifacts" {
bucket = "${data.aws_caller_identity.current.account_id}-${var.name}-artifacts"
force_destroy = true

#checkov:skip=CKV_AWS_18: AWS Access logging not enabled on S3 buckets
#checkov:skip=CKV2_AWS_61: An S3 bucket must have a lifecycle configuration
#Above rules are for deprecated properties.

#checkov:skip=CKV_AWS_144: S3 bucket cross-region replication disabled
#This bucket is used for storing access logs for the load balancer, and does not require another bucket to store this bucket's access logs.

#checkov:skip=CKV_AWS_21: AWS S3 Object Versioning is disabled
#The items in this S3 bucket do not require versioning.

#checkov:skip=CKV2_AWS_62: S3 buckets do not have event notifications enabled
#The items in this s3 bucket are access logs and do not require any event notifications to be sent anywhere.
}

Check warning

Code scanning / checkov

Ensure all data stored in the S3 bucket have versioning enabled Warning

Ensure all data stored in the S3 bucket have versioning enabled
loadbalancer.tf Outdated
Comment on lines 58 to 74
resource "aws_s3_bucket" "artifacts" {
bucket = "${data.aws_caller_identity.current.account_id}-${var.name}-artifacts"
force_destroy = true

#checkov:skip=CKV_AWS_18: AWS Access logging not enabled on S3 buckets
#checkov:skip=CKV2_AWS_61: An S3 bucket must have a lifecycle configuration
#Above rules are for deprecated properties.

#checkov:skip=CKV_AWS_144: S3 bucket cross-region replication disabled
#This bucket is used for storing access logs for the load balancer, and does not require another bucket to store this bucket's access logs.

#checkov:skip=CKV_AWS_21: AWS S3 Object Versioning is disabled
#The items in this S3 bucket do not require versioning.

#checkov:skip=CKV2_AWS_62: S3 buckets do not have event notifications enabled
#The items in this s3 bucket are access logs and do not require any event notifications to be sent anywhere.
}

Check warning

Code scanning / checkov

Ensure that S3 bucket has cross-region replication enabled Warning

Ensure that S3 bucket has cross-region replication enabled
loadbalancer.tf Outdated
Comment on lines 58 to 74
resource "aws_s3_bucket" "artifacts" {
bucket = "${data.aws_caller_identity.current.account_id}-${var.name}-artifacts"
force_destroy = true

#checkov:skip=CKV_AWS_18: AWS Access logging not enabled on S3 buckets
#checkov:skip=CKV2_AWS_61: An S3 bucket must have a lifecycle configuration
#Above rules are for deprecated properties.

#checkov:skip=CKV_AWS_144: S3 bucket cross-region replication disabled
#This bucket is used for storing access logs for the load balancer, and does not require another bucket to store this bucket's access logs.

#checkov:skip=CKV_AWS_21: AWS S3 Object Versioning is disabled
#The items in this S3 bucket do not require versioning.

#checkov:skip=CKV2_AWS_62: S3 buckets do not have event notifications enabled
#The items in this s3 bucket are access logs and do not require any event notifications to be sent anywhere.
}

Check warning

Code scanning / checkov

Ensure the S3 bucket has access logging enabled Warning

Ensure the S3 bucket has access logging enabled
loadbalancer.tf Outdated
Comment on lines 58 to 74
resource "aws_s3_bucket" "artifacts" {
bucket = "${data.aws_caller_identity.current.account_id}-${var.name}-artifacts"
force_destroy = true

#checkov:skip=CKV_AWS_18: AWS Access logging not enabled on S3 buckets
#checkov:skip=CKV2_AWS_61: An S3 bucket must have a lifecycle configuration
#Above rules are for deprecated properties.

#checkov:skip=CKV_AWS_144: S3 bucket cross-region replication disabled
#This bucket is used for storing access logs for the load balancer, and does not require another bucket to store this bucket's access logs.

#checkov:skip=CKV_AWS_21: AWS S3 Object Versioning is disabled
#The items in this S3 bucket do not require versioning.

#checkov:skip=CKV2_AWS_62: S3 buckets do not have event notifications enabled
#The items in this s3 bucket are access logs and do not require any event notifications to be sent anywhere.
}

Check warning

Code scanning / checkov

Ensure that an S3 bucket has a lifecycle configuration Warning

Ensure that an S3 bucket has a lifecycle configuration
@infracost Infracost
Copy link

infracost bot commented Mar 19, 2025
edited
Loading

💰 Infracost report

Monthly estimate generated

Changed project Baseline cost Usage cost* Total change New monthly cost
main +$0 - +$0 $207

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

Estimate details 
Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: main

+ aws_s3_bucket.artifacts
  Monthly cost depends on usage

    + Standard
    
        + Storage
          Monthly cost depends on usage
            +$0.023 per GB
    
        + PUT, COPY, POST, LIST requests
          Monthly cost depends on usage
            +$0.005 per 1k requests
    
        + GET, SELECT, and all other requests
          Monthly cost depends on usage
            +$0.0004 per 1k requests
    
        + Select data scanned
          Monthly cost depends on usage
            +$0.002 per GB
    
        + Select data returned
          Monthly cost depends on usage
            +$0.0007 per GB

Monthly cost change for main
Amount:  $0.00 ($207 → $207)
Percent: 0%

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

59 cloud resources were detected:
∙ 10 were estimated
∙ 49 were free
This comment will be updated when code changes.

@kunduso kunduso merged commit 0011ffa into main Mar 19, 2025
4 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kunduso kunduso

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

enabled access logging for load balancer
1 participant
@kunduso