Improve rule S6249: fix Terraform code examples

SonarSource · Nov 14, 2024 · 6f73b3f · 6f73b3f
1 parent 007eef4
commit 6f73b3f
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/rules/S6249/terraform/rule.adoc b/rules/S6249/terraform/rule.adoc
@@ -8,6 +8,7 @@ include::../recommended.adoc[]
 
 No secure policy is attached to this bucket:
 
+[source,terraform]
 ----
 resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive 
   bucket = "mynoncompliantbucketname"
@@ -16,6 +17,7 @@ resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive
 
 A policy is defined but forces only HTTPs communication for some users:
 
+[source,terraform]
 ----
 resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive 
   bucket = "mynoncompliantbucketname"
@@ -31,9 +33,9 @@ resource "aws_s3_bucket_policy" "mynoncompliantbucketpolicy" {
       {
         Sid       = "HTTPSOnly"
         Effect    = "Deny"
-        Principal = [
-          "arn:aws:iam::123456789123:root"
-        ] # secondary location: only one principal is forced to use https
+        Principal = {
+          "AWS": "arn:aws:iam::123456789123:root"
+        } # secondary location: only one principal is forced to use https
         Action    = "s3:*"
         Resource = [
           aws_s3_bucket.mynoncompliantbucketpolicy.arn,
@@ -70,7 +72,9 @@ resource "aws_s3_bucket_policy" "mycompliantpolicy" {
       {
         Sid       = "HTTPSOnly"
         Effect    = "Deny"
-        Principal = "*"
+        Principal = {
+          "AWS": "*"
+        }
         Action    = "s3:*"
         Resource = [
           aws_s3_bucket.mycompliantbucket.arn,