emr

package

v0.88.0 Latest Latest Go to latest Published: May 4, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/defsec

Links

Open Source Insights

Documentation ¶

Index ¶

Variables

Constants ¶

This section is empty.

Variables ¶

View Source

var CheckEnableAtRestEncryption = rules.Register(
	scan.Rule{
		AVDID:       "AVD-AWS-0137",
		Provider:    providers.AWSProvider,
		Service:     "emr",
		ShortCode:   "enable-at-rest-encryption",
		Summary:     "Enable at-rest encryption for EMR clusters.",
		Impact:      "At-rest data in the EMR cluster could be compromised if accessed.",
		Resolution:  "Enable at-rest encryption for EMR cluster",
		Explanation: `Data stored within an EMR cluster should be encrypted to ensure sensitive data is kept private.`,
		Links: []string{
			"https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-171.html",
		},
		Terraform: &scan.EngineMetadata{
			GoodExamples:        terraformEnableAtRestEncryptionGoodExamples,
			BadExamples:         terraformEnableAtRestEncryptionBadExamples,
			Links:               terraformEnableAtRestEncryptionLinks,
			RemediationMarkdown: terraformEnableAtRestEncryptionRemediationMarkdown,
		},
		Severity: severity.High,
	},
	func(s *state.State) (results scan.Results) {
		for _, conf := range s.AWS.EMR.SecurityConfiguration {
			vars, err := readVarsFromConfigurationAtRest(conf.Configuration.Value())
			if err != nil {
				continue
			}

			if !vars.EncryptionConfiguration.EnableAtRestEncryption {
				results.Add(
					"EMR cluster does not have at-rest encryption enabled.",
					conf.Configuration,
				)
			} else {
				results.AddPassed(&conf)
			}

		}
		return
	},
)

View Source

var CheckEnableInTransitEncryption = rules.Register(
	scan.Rule{
		AVDID:       "AVD-AWS-0138",
		Provider:    providers.AWSProvider,
		Service:     "emr",
		ShortCode:   "enable-in-transit-encryption",
		Summary:     "Enable in-transit encryption for EMR clusters.",
		Impact:      "In-transit data in the EMR cluster could be compromised if accessed.",
		Resolution:  "Enable in-transit encryption for EMR cluster",
		Explanation: `Data stored within an EMR cluster should be encrypted to ensure sensitive data is kept private.`,
		Links: []string{
			"https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-171.html",
		},
		Terraform: &scan.EngineMetadata{
			GoodExamples:        terraformEnableInTransitEncryptionGoodExamples,
			BadExamples:         terraformEnableInTransitEncryptionBadExamples,
			Links:               terraformEnableInTransitEncryptionLinks,
			RemediationMarkdown: terraformEnableInTransitEncryptionRemediationMarkdown,
		},
		Severity: severity.High,
	},
	func(s *state.State) (results scan.Results) {
		for _, conf := range s.AWS.EMR.SecurityConfiguration {
			vars, err := readVarsFromConfigurationInTransit(conf.Configuration.Value())
			if err != nil {
				continue
			}

			if !vars.EncryptionConfiguration.EnableInTransitEncryption {
				results.Add(
					"EMR cluster does not have in-transit encryption enabled.",
					conf.Configuration,
				)
			} else {
				results.AddPassed(&conf)
			}

		}
		return
	},
)

View Source

var CheckEnableLocalDiskEncryption = rules.Register(
	scan.Rule{
		AVDID:       "AVD-AWS-0139",
		Provider:    providers.AWSProvider,
		Service:     "emr",
		ShortCode:   "enable-local-disk-encryption",
		Summary:     "Enable local-disk encryption for EMR clusters.",
		Impact:      "Local-disk data in the EMR cluster could be compromised if accessed.",
		Resolution:  "Enable local-disk encryption for EMR cluster",
		Explanation: `Data stored within an EMR instances should be encrypted to ensure sensitive data is kept private.`,
		Links: []string{
			"https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-171.html",
		},
		Terraform: &scan.EngineMetadata{
			GoodExamples:        terraformEnableLocalDiskEncryptionGoodExamples,
			BadExamples:         terraformEnableLocalDiskEncryptionBadExamples,
			Links:               terraformEnableLocalDiskEncryptionLinks,
			RemediationMarkdown: terraformEnableLocalDiskEncryptionRemediationMarkdown,
		},
		Severity: severity.High,
	},
	func(s *state.State) (results scan.Results) {
		for _, conf := range s.AWS.EMR.SecurityConfiguration {
			vars, err := readVarsFromConfigurationLocalDisk(conf.Configuration.Value())
			if err != nil {
				continue
			}

			if vars.EncryptionConfiguration.AtRestEncryptionConfiguration.LocalDiskEncryptionConfiguration.EncryptionKeyProviderType == "" {
				results.Add(
					"EMR cluster does not have local-disk encryption enabled.",
					conf.Configuration,
				)
			} else {
				results.AddPassed(&conf)
			}

		}
		return
	},
)

Functions ¶

This section is empty.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL