example-policy-org-demo
diff --git a/‎infra/checkov/rds-should-be-encrypted/fail0.tf
Lines changed: 11 additions & 0 deletions b/‎infra/checkov/rds-should-be-encrypted/fail0.tf
Lines changed: 11 additions & 0 deletions
diff --git a/‎infra/checkov/rds-should-be-encrypted/fail1.tf
Lines changed: 9 additions & 0 deletions b/‎infra/checkov/rds-should-be-encrypted/fail1.tf
Lines changed: 9 additions & 0 deletions
diff --git a/‎infra/checkov/rds-should-be-encrypted/fail2.tf
Lines changed: 10 additions & 0 deletions b/‎infra/checkov/rds-should-be-encrypted/fail2.tf
Lines changed: 10 additions & 0 deletions
diff --git a/‎infra/checkov/rds-should-be-encrypted/pass0.tf
Lines changed: 12 additions & 0 deletions b/‎infra/checkov/rds-should-be-encrypted/pass0.tf
Lines changed: 12 additions & 0 deletions
diff --git a/‎infra/checkov/rds-should-be-encrypted/pass1.tf
Lines changed: 10 additions & 0 deletions b/‎infra/checkov/rds-should-be-encrypted/pass1.tf
Lines changed: 10 additions & 0 deletions
diff --git a/‎infra/checkov/rds-should-be-encrypted/policy.yaml
Lines changed: 14 additions & 0 deletions b/‎infra/checkov/rds-should-be-encrypted/policy.yaml
Lines changed: 14 additions & 0 deletions
diff --git a/‎infra/checkov/require-department-label/fail0.tf
Lines changed: 0 additions & 3 deletions b/‎infra/checkov/require-department-label/fail0.tf
Lines changed: 0 additions & 3 deletions
diff --git a/‎infra/checkov/require-department-label/fail1.tf
Lines changed: 0 additions & 15 deletions b/‎infra/checkov/require-department-label/fail1.tf
Lines changed: 0 additions & 15 deletions
diff --git a/‎infra/checkov/require-department-label/fail2.tf
Lines changed: 0 additions & 18 deletions b/‎infra/checkov/require-department-label/fail2.tf
Lines changed: 0 additions & 18 deletions
diff --git a/‎infra/checkov/require-department-label/pass0.tf
Lines changed: 0 additions & 6 deletions b/‎infra/checkov/require-department-label/pass0.tf
Lines changed: 0 additions & 6 deletions
@@ -0,0 +1,11 @@
+resource "aws_db_instance" "default" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  name                 = "mydb"
+  username             = "foo"
+  password             = "foobarbaz"
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+}
@@ -0,0 +1,9 @@
+resource "aws_db_instance" "default" {
+  allocated_storage    = 10
+  engine               = "postgresql"
+  instance_class       = "db.t3.micro"
+  name                 = "mydb"
+  username             = "foo"
+  password             = "foobarbaz"
+  skip_final_snapshot  = true
+}
@@ -0,0 +1,10 @@
+resource "aws_db_instance" "default" {
+  allocated_storage    = 10
+  engine               = "postgresql"
+  instance_class       = "db.t3.micro"
+  name                 = "mydb"
+  username             = "foo"
+  password             = "foobarbaz"
+  skip_final_snapshot  = true
+  storage_encrypted    = false
+}
@@ -0,0 +1,12 @@
+resource "aws_db_instance" "default" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  name                 = "mydb"
+  username             = "foo"
+  password             = "foobarbaz"
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+  storage_encrypted    = true
+}
@@ -0,0 +1,10 @@
+resource "aws_db_instance" "default" {
+  allocated_storage    = 10
+  engine               = "postgresql"
+  instance_class       = "db.t3.micro"
+  name                 = "mydb"
+  username             = "foo"
+  password             = "foobarbaz"
+  skip_final_snapshot  = true
+  storage_encrypted    = true
+}
@@ -0,0 +1,14 @@
+metadata:
+  name: "Check that databases are encrypted"
+  id: "CUSTOM_AWS_1"
+  category: "ENCRYPTION"
+scope:
+  provider: aws
+definition:
+  and:
+    - cond_type: "attribute"
+      resource_types: 
+      - "aws_db_instance"
+      attribute: "storage_encrypted"
+      operator: "equals"
+      value: "true"