Allow s3 logging from aws_s3_bucket_logging

fugue · Apr 25, 2024 · 1bc298e · 1bc298e
1 parent 1b66133
commit 1bc298e
Show file tree

Hide file tree

Showing 5 changed files with 983 additions and 0 deletions.
diff --git a/rego/rules/tf/aws/s3/bucket_access_logging.rego b/rego/rules/tf/aws/s3/bucket_access_logging.rego
@@ -29,10 +29,17 @@ resource_type := "MULTIPLE"
 
 buckets := fugue.resources("aws_s3_bucket")
 
+bucket_logging := fugue.resources("aws_s3_bucket_logging")
+
 bucket_has_logging(bucket) {
   _ = bucket.logging[_]
 }
 
+bucket_has_logging(bucket) {
+  bucket_logging_conf := bucket_logging[_]
+  bucket_logging_conf.bucket == bucket.id
+}
+
 bucket_has_logging(bucket) {
   _ = lib.bucket_logging_by_bucket[lib.bucket_name_or_id(bucket)]
 }