https://docs.kics.io/latest/queries/terraform-queries/aws/3e34db4f-0ad9-4290-bfd0-4a9ee884acaf/
ELBv2 LB Access Log Disabled
Query id: 3e34db4f-0ad9-4290-bfd0-4a9ee884acaf
Query name: ELBv2 LB Access Log Disabled
Platform: Terraform
Severity: Medium
Category: Observability
CWE: 778
Risk score: 3.0
URL: GitHub
Expected Behavior
I expect that the following aws_lb resource should not be flagged by kics.io rule below.
resource "aws_lb" "test_nlb" {
name = "test-nlb"
subnets = [for subnet in aws_subnet.public : subnet.id]
internal = false
load_balancer_type = "network"
enable_deletion_protection = true
access_logs {
bucket = aws_s3_bucket.lb_logs.id
prefix = ""test-nlb""
enabled = true
}
tags = "development"
}
Actual Behavior
The kics.io rule flags this resource as a vulnerability.
Specifications
https://docs.kics.io/latest/queries/terraform-queries/aws/3e34db4f-0ad9-4290-bfd0-4a9ee884acaf/
ELBv2 LB Access Log Disabled
Query id: 3e34db4f-0ad9-4290-bfd0-4a9ee884acaf
Query name: ELBv2 LB Access Log Disabled
Platform: Terraform
Severity: Medium
Category: Observability
CWE: 778
Risk score: 3.0
URL: GitHub
Expected Behavior
I expect that the following aws_lb resource should not be flagged by kics.io rule below.
resource "aws_lb" "test_nlb" {
name = "test-nlb"
subnets = [for subnet in aws_subnet.public : subnet.id]
internal = false
load_balancer_type = "network"
enable_deletion_protection = true
access_logs {
bucket = aws_s3_bucket.lb_logs.id
prefix = ""test-nlb""
enabled = true
}
tags = "development"
}
Actual Behavior
The kics.io rule flags this resource as a vulnerability.
Specifications