Ensure QLDB ledger permissions mode is set to STANDARD

Error: QLDB ledger permissions mode is not set to STANDARD

Bridgecrew Policy ID: BC_AWS_GENERAL_93
Checkov Check ID: CKV_AWS_170
Severity: MEDIUM

QLDB ledger permissions mode is not set to STANDARD

Description

Amazon Quantum Ledger Database (Amazon QLDB) is a fully managed ledger database for cryptographically verifiable transaction logging. You can use the QLDB API or the AWS Command Line Interface (AWS CLI) to create, update, and delete ledgers in Amazon QLDB. You can also list all the ledgers in your account, or get information about a specific ledger.

Fix - Buildtime

Terraform

  • Resource: aws_qldb_ledger
  • Argument: permissions_mode
resource "aws_qldb_ledger" "standard" {
  ...
+ permissions_mode = "STANDARD"
}

CloudFormation

  • Resource: AWS::QLDB::Ledger
  • Argument: Properties.PermissionsMode
Resources:
  Default:
    Type: "AWS::QLDB::Ledger"
    Properties:
      ...
+     PermissionsMode: "STANDARD"