horkos 0.2.0

Cloud infrastructure language where insecure code won't compile
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

//! Generated from s3_create_bucket.yaml
//! DO NOT EDIT - regenerate with `cargo run -p horkos-codegen`

use crate::resources::{Param, PreferredParam, ResourceDefinition, SecurityParam};
use crate::types::ResolvedType;

/// Create an S3 bucket with secure defaults
///
/// Terraform: `aws_s3_bucket`
/// Also generates: aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, aws_s3_bucket_public_access_block, aws_s3_bucket_logging
pub fn s3_create_bucket() -> ResourceDefinition {
    ResourceDefinition {
        module: "S3",
        function: "createBucket",
        required_params: vec![Param::string("name")],
        optional_params: vec![
            Param::string("sseAlgorithm"),
            Param::string("kmsKeyId"),
            Param::string("logPrefix"),
            Param::tags("tags"),
            Param::new("logBucket", ResolvedType::Bucket),
        ],
        preferred_params: vec![
            PreferredParam::bool("versioning", true), // Recommended but not security-critical
            PreferredParam::bool("logging", true),    // Recommended for auditing
        ],
        security_params: vec![
            SecurityParam::new("encryption", true, false), // Security-critical
            SecurityParam::new("publicAccess", false, true), // Security-critical
        ],
        returns: ResolvedType::Bucket,
    }
}

#[allow(dead_code)]
mod security_rules {
    pub const S3_001: &str = "S3 buckets must be encrypted at rest";
    pub const S3_002: &str = "Versioning protects against accidental deletion";
    pub const S3_003: &str = "Public buckets expose data to the internet";
    pub const S3_004: &str = "Access logging aids in security auditing";
}