Skip to content

Commit

Permalink
fix: 🐛 s3 zone
Browse files Browse the repository at this point in the history
  • Loading branch information
StanGirard committed Aug 5, 2022
1 parent 448a9d6 commit 21ec0f0
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 3 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ Flags:

### AWS

- AWS_S3_001 S3 Encryption
- AWS_S3_002 S3 One Zone Only
- AWS_VOL_001 EC2 Volumes Encryption
- AWS_RDS_001 RDS Encryption
- AWS_RDS_002 RDS Backup
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.1.5
0.1.7
25 changes: 23 additions & 2 deletions internal/aws/s3/s3.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ func checkIfEncryptionEnabled(s *session.Session, buckets []*s3.Bucket, c *[]typ
svc := s3.New(s)
for _, bucket := range buckets {
if !CheckS3Location(s, *bucket.Name, *s.Config.Region) {
fmt.Println("S3 encryption is not enabled on " + *bucket.Name)
continue
}
params := &s3.GetBucketEncryptionInput{
Expand All @@ -58,6 +57,27 @@ func checkIfEncryptionEnabled(s *session.Session, buckets []*s3.Bucket, c *[]typ
*c = append(*c, check)
}

func CheckIfBucketInOneZone(s *session.Session, buckets []*s3.Bucket, c *[]types.Check) {
var check types.Check
check.Name = "S3 Bucket in one zone"
check.Id = "AWS_S3_002"
check.Description = "Check if S3 buckets are in one zone"
check.Status = "OK"
for _, bucket := range buckets {
if !CheckS3Location(s, *bucket.Name, *s.Config.Region) {
check.Status = "FAIL"
status := "FAIL"
Message := "S3 bucket " + *bucket.Name + " is not in the same zone as the account"
check.Results = append(check.Results, types.Result{Status: status, Message: Message})
} else {
status := "OK"
Message := "S3 bucket " + *bucket.Name + " is in the same zone as the account"
check.Results = append(check.Results, types.Result{Status: status, Message: Message})
}
}
*c = append(*c, check)
}

func CheckS3Location(s *session.Session, bucket, region string) bool {
logger.Debug("Getting S3 location")
svc := s3.New(s)
Expand All @@ -66,7 +86,7 @@ func CheckS3Location(s *session.Session, bucket, region string) bool {
Bucket: aws.String(bucket),
}
resp, err := svc.GetBucketLocation(params)
if resp.LocationConstraint != nil && err != nil {
if *resp.LocationConstraint != "" && err == nil {
if *resp.LocationConstraint == region {
return true
} else {
Expand All @@ -83,5 +103,6 @@ func RunS3Test(s *session.Session) []types.Check {
logger.Debug("Starting S3 tests")
buckets := GetListS3(s)
checkIfEncryptionEnabled(s, buckets, &checks)
CheckIfBucketInOneZone(s, buckets, &checks)
return checks
}

0 comments on commit 21ec0f0

Please sign in to comment.