Skip to content

ausmartway/aws-s3-security-best-practice-sentinel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

110 Commits
.github/workflows
.github/workflows
 
 
example
example
 
 
mocks
mocks
 
 
pictures
pictures
 
 
test
test
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
allow-s3-private-only.sentinel
allow-s3-private-only.sentinel
 
 
disallow-s3-acl-public-read-write.sentinel
disallow-s3-acl-public-read-write.sentinel
 
 
disallow-s3-acl-public-read.sentinel
disallow-s3-acl-public-read.sentinel
 
 
enforce-s3-logging-true.sentinel
enforce-s3-logging-true.sentinel
 
 
enforce-s3-server-side-encryption-enabled-true.sentinel
enforce-s3-server-side-encryption-enabled-true.sentinel
 
 
enforce-s3-versioning-enabled-true.sentinel
enforce-s3-versioning-enabled-true.sentinel
 
 
enforce-s3-versioning-mfa-delete-enabled-true.sentinel
enforce-s3-versioning-mfa-delete-enabled-true.sentinel
 
 
sentinel.hcl
sentinel.hcl
 
 
sentinel.json
sentinel.json
 
 

Repository files navigation

asw-s3-security-best-practice-sentinel

sentinel test status:

This is a repo containing a set of Sentinel policies that make sure your s3 is inline with AWS S3 security best practices.

The repo will be updated and expanded.

How to use this repo

Register a free TFC account and apply for Governance trial.

You can apply a free Terraform Cloud account from here.

Once you get a free acount, you can apply Terraform Cloud Governance trial in the Plan and Billing setting of your orgnization. Setting up TFC trial step 1

Setting up TFC trial step 2

Connect to this repo as a policy set and select workspaces that you want to govern.

You can connect to this repo directly from Terraform Cloud or Terraform Enterprise following this link.

Connecting a policy set

You can also fork into your own repo and edit sentinel.hcl to select the policies you want to use and enforcement level.

Create a pull request into the repo that's connected to your workspace and see sentinel in action

For example below Terraform code:

resource "aws_s3_bucket" "bucket-public-read-write-acl" {
  bucket = "bucket-public-read-write-acl"
  acl    = "public-read-write"


  tags = {
    owner = "yulei"
  }
}

Will result in: Failed to pass Sentinel Policy Set

How to contribute

Please raise any issues you have via this link.

You can create pull request to add more policies into this repo, it is expected that each of your policy should have at least one pass and one fail test case, and their corresponding mocks.

You can find the test cases in the test directory and mocks in mocks directory.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

5 stars

Watchers

4 watching

Forks

24 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages