This repository has been archived by the owner on Sep 3, 2024. It is now read-only.
[BUG] FG_R00068 fails if a data.aws_kms_key is set in the cloudwatch log group #299
Labels
bug
Something isn't working
Describe the bug
The rule is incomplete. If the attribute kms_keys_id is set with a data.aws_kms_key.A.id instead of aws_kms_key.A.id, it fails.
We don't create the KMS Key in the same repository. It is created in another repository. So we need to fetch it with a data.aws_kms_key resource.
How you're running Regula
Please include versions of all relevant tools. Some examples:
IaC Configuration
Here it is the rego code in encrypted_logs.rego :
I'm a complete newbie in rego. So, in my test, I copied/pasted your rego rule in another file and added this:
What do you think? And if I'm right, you might need to add the same kind of logic in every rule that exists.
Regards,
Rasmey
The text was updated successfully, but these errors were encountered: