infra-security-review

Security checklists and grep patterns for reviewing IaC code. Use these patterns when verifying infrastructure security.

| S3 bucket without encryption | Critical | encrypt = false or missing | | Missing state locking | High | No DynamoDB table configured | | Public bucket policy | Critical | blockpublic not all true | | Missing versioning | Medium | versioning not enabled |

| Hardcoded AWS keys | Critical | AKIA[0-9A-Z]{16} | | Hardcoded passwords | Critical | password\s=\s"[^"]+[^}]" | | Database credentials in code | Critical | DATABASEURL with password | | API keys in variables | High | apikey, secretkey defaults |

用于审查基础设施即代码的安全模式和清单。涵盖 Terraform/OpenTofu 状态、机密、网络、计算、数据库和存储安全。 来源：majesticlabs-dev/majestic-marketplace。