False positive with AWS provider >=4.x style bucket resources

[wyardley]

• terrascan version: 1.14.0
• Operating System: OS X

Description

Using the >=4.0 AWS provider, bucket encryption / versioning is now specified like so: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade#s3-bucket-refactor

With a config like this:

resource "aws_s3_bucket" "foo" {
  bucket = "foo"

  lifecycle {
    prevent_destroy = true
  }
}

resource "aws_s3_bucket_versioning" "foo" {
  bucket = aws_s3_bucket.foo.id

  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_s3_bucket_server_side_encryption_configuration" "foo" {
  bucket = aws_s3_bucket.foo.id

  rule {
    bucket_key_enabled = false

    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}

Rules AC_AWS_0497,AC_AWS_0214, and AC_AWS_0207 all get triggered

What I Did

% terrascan scan -t aws       

Scan Errors - 

    IaC Type            :   arm
    Directory           :   /Users/wby/test_tfscan
    Error Message       :   ARM files not found in the directory /Users/wby/test_tfscan

    -----------------------------------------------------------------------

    IaC Type            :   docker
    Directory           :   /Users/wby/test_tfscan
    Error Message       :   Dockerfile not found in the directory /Users/wby/test_tfscan

    -----------------------------------------------------------------------

    IaC Type            :   cft
    Directory           :   /Users/wby/test_tfscan
    Error Message       :   cft files not found in the directory /Users/wby/test_tfscan

    -----------------------------------------------------------------------

    IaC Type            :   k8s
    Directory           :   /Users/wby/test_tfscan
    Error Message       :   kubernetes files not found in the directory /Users/wby/test_tfscan

    -----------------------------------------------------------------------

    IaC Type            :   kustomize
    Directory           :   /Users/wby/test_tfscan
    Error Message       :   kustomization.y(a)ml file not found in the directory /Users/wby/test_tfscan

    -----------------------------------------------------------------------

    IaC Type            :   helm
    Directory           :   /Users/wby/test_tfscan
    Error Message       :   no helm charts found in directory /Users/wby/test_tfscan

    -----------------------------------------------------------------------

Violation Details -

    Description    :    Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
    File           :    s3.tf
    Module Name    :    root
    Plan Root      :    ./
    Line           :    1
    Severity       :    HIGH
    -----------------------------------------------------------------------

    Description    :    Ensure that S3 Buckets have server side encryption at rest enabled with KMS key to protect sensitive data.
    File           :    s3.tf
    Module Name    :    root
    Plan Root      :    ./
    Line           :    1
    Severity       :    HIGH
    -----------------------------------------------------------------------

    Description    :    Ensure S3 buckets have access logging enabled.
    File           :    s3.tf
    Module Name    :    root
    Plan Root      :    ./
    Line           :    1
    Severity       :    MEDIUM
    -----------------------------------------------------------------------

Scan Summary -

    File/Folder         :   /Users/wby/test_tfscan
    IaC Type            :   terraform
    Scanned At          :   2022-04-15 01:16:39.200675 +0000 UTC
    Policies Validated  :   10
    Violated Policies   :   3
    Low                 :   0
    Medium              :   1
    High                :   2

[wyardley]

Appears to be resolved now.