Add skip to checkov validations in replica bucket

binbashar · Oct 18, 2023 · 19a2db8 · 19a2db8
1 parent db071c4
commit 19a2db8
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/bucket_replication.tf b/bucket_replication.tf
@@ -4,6 +4,13 @@ resource "aws_s3_bucket" "replication_bucket" {
   # checkov:skip=CKV2_AWS_62:False Positive. This bucket is the replication destination
   # checkov:skip=CKV_AWS_144:False Positive. This bucket is the replication destination
 
+  ## Since we use the attribute 'count' to create an aws_s3_bucket, checkov has a known issue that results in
+  ## an error even though we are using the correct configurations. (Ref https://github.com/bridgecrewio/checkov/issues/3847)
+  # checkov:skip=CKV2_AWS_61:Skip due to above comment
+  # checkov:skip=CKV_AWS_145:Skip due to above comment  
+  # checkov:skip=CKV_AWS_21:Skip due to above comment
+  # checkov:skip=CKV2_AWS_6:Skip due to above comment
+
   provider = aws.secondary
   bucket   = format("%s-%s-%s-%s", var.namespace, var.stage, var.name, var.bucket_replication_name)
 

diff --git a/kms_encription.tf b/kms_encription.tf
@@ -175,6 +175,8 @@ data "aws_iam_policy_document" "secondary" {
 }
 
 resource "aws_kms_key" "primary" {
+  # checkov:skip=CKV2_AWS_64:Since we use the attribute 'count' to create an aws_kms_key, checkov has a known issue that results in
+  ## an error even though we are using the correct configurations. (Ref https://github.com/bridgecrewio/checkov/issues/3847)
   count    = var.create_kms_key ? 1 : 0
   provider = aws.primary
 

diff --git a/main.tf b/main.tf
@@ -29,6 +29,7 @@ resource "aws_s3_bucket_acl" "default" {
 }
 
 resource "aws_s3_bucket_ownership_controls" "default" {
+  # checkov:skip=CKV2_AWS_65: Skip this validation since we use ACL
   bucket = aws_s3_bucket.default.id
   rule {
     object_ownership = "BucketOwnerPreferred"