Skip to content

bug(terraform): ELBv2 LB Access Log Disabled - false positves #8036

Description

@david-mnz

https://docs.kics.io/latest/queries/terraform-queries/aws/3e34db4f-0ad9-4290-bfd0-4a9ee884acaf/

ELBv2 LB Access Log Disabled
Query id: 3e34db4f-0ad9-4290-bfd0-4a9ee884acaf
Query name: ELBv2 LB Access Log Disabled
Platform: Terraform
Severity: Medium
Category: Observability
CWE: 778
Risk score: 3.0
URL: GitHub

Expected Behavior

I expect that the following aws_lb resource should not be flagged by kics.io rule below.

resource "aws_lb" "test_nlb" {
name = "test-nlb"
subnets = [for subnet in aws_subnet.public : subnet.id]
internal = false
load_balancer_type = "network"

enable_deletion_protection = true

access_logs {
bucket = aws_s3_bucket.lb_logs.id
prefix = ""test-nlb""
enabled = true
}

tags = "development"
}

Actual Behavior

The kics.io rule flags this resource as a vulnerability.

Specifications

  • Platform: AWS/Terraform

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcommunityCommunity contribution

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions