Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terrascan does not resolve env var for aws_rds_cluster attribute storage_encrypted #678

Closed
possani opened this issue Apr 19, 2021 · 2 comments
Closed

Terrascan does not resolve env var for aws_rds_cluster attribute storage_encrypted #678

possani opened this issue Apr 19, 2021 · 2 comments
Assignees
@gaurav-gogia @harkirat22
Labels
policy Issue concerning policy maintainers.

Comments

@possani
Copy link

possani commented Apr 19, 2021

Terrascan running in ghcr.io/github/super-linter:v3.15.5

Description

When trying to validate the aws_rds_cluster resource, it does not get the value from the environment variable.

What I Did

variable "pgsql" {
  type = map(any)
  default = {
    "encryption" = true
  }
}

resource "aws_rds_cluster" "pgsql" {
  ...
  storage_encrypted = var.pgsql.encryption
}

Error:

2021-04-19 11:55:45 [ERROR]   Found errors in [terrascan] linter!
2021-04-19 11:55:45 [ERROR]   Error code: 3. Command output:
------
results:
    violations:
        - rule_name: storageNotEncrypted
          description: Encrypt Amazon RDS instances and snapshots at rest, by enabling the encryption option for your Amazon RDS DB instance
          rule_id: AWS.RDS.EncryptionandKeyManagement.High.0414
          severity: HIGH
          category: Data Protection
          resource_name: pgsql
          resource_type: aws_rds_cluster
          file: main.tf
          line: 79
    count:
        low: 0
        medium: 0
        high: 1
        total: 1
------
@amirbenv amirbenv added the policy Issue concerning policy maintainers. label Apr 20, 2021
@gaurav-gogia
Copy link
Contributor

Hi @possani, so sorry for late response, are you still facing this issue? I've tried re-creating it, but it looks like I'm unable to do so. I don't see any violation if storage_encrypted parameter is set.

I'm using following terraform configuration

provider "aws" {
  region = "us-east-1"
}

variable "pgsql" {
  type = map(any)
  default = {
    "encryption" = true
  }
}

resource "aws_rds_cluster" "yesEncrypted" {
  cluster_identifier = "aurora-cluster-demo"
  engine             = "aurora-mysql"
  engine_version     = "5.7.mysql_aurora.2.03.2"
  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name      = "mydb"
  storage_encrypted  = var.pgsql.encryption
}

resource "aws_rds_cluster" "noEncrypted" {
  cluster_identifier = "aurora-cluster-demo"
  engine             = "aurora-mysql"
  engine_version     = "5.7.mysql_aurora.2.03.2"
  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name      = "mydb"
  storage_encrypted  = false
}

@possani
Copy link
Author

possani commented Jun 1, 2021

Hi @gaurav-gogia, I just tested it and do not see the errors anymore. Thank you.

@haodeon haodeon mentioned this issue May 31, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gaurav-gogia gaurav-gogia

@harkirat22 harkirat22

Labels
policy Issue concerning policy maintainers.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@possani @gaurav-gogia @harkirat22 @amirbenv