Stack notifications disabled

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Stack notifications disabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

Id: b72d0026-f649-4c91-a9ea-15d8f681ac09

Cloud Provider: aws

Framework: Terraform

Severity: Medium

Category: Observability

Learn More

Provider Reference

Description

Enabling stack notifications in AWS CloudFormation ensures that administrators are promptly informed about critical events such as stack creation, updates, or failures. Without specifying the notification_arns attribute in the Terraform resource, as shown below, important operational or security changes may go unnoticed, potentially delaying response to incidents or failures:

resource "aws_cloudformation_stack" "example" {
  name = "networking-stack"
  parameters = {
    VPCCidr = "10.0.0.0/16"
  }
  notification_arns = ["arn:aws:sns:us-east-1:123456789012:my-sns-topic"]
}

Missing notifications can lead to undetected application outages or misconfigurations, increasing the risk to your cloud infrastructure.

Compliant Code Examples

resource "aws_cloudformation_stack" "negative1" {

  name = "networking-stack"

  parameters = {
    VPCCidr = "10.0.0.0/16"
  }


  notification_arns = ["a","b"]

}

Non-Compliant Code Examples

resource "aws_cloudformation_stack" "positive1" {

  name = "networking-stack"

  parameters = {
    VPCCidr = "10.0.0.0/16"
  }


}