-
-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove lifecycle args on dynamodb #96
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bridgecrew has found 3 infrastructure configuration errors in this PR ⬇️
write_capacity, | ||
] | ||
} | ||
|
||
attribute { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DynamoDB Tables do not have Auto Scaling enabled
Resource: aws_dynamodb_table.with_server_side_encryption | ID: BC_AWS_GENERAL_44
How to Fix
resource "aws_dynamodb_table" "pass" {
name = "user"
hash_key = "user-id"
billing_mode = "PROVISIONED"
read_capacity = 10
write_capacity = 10
attribute {
name = "user-id"
type = "S"
}
}
resource "aws_appautoscaling_target" "pass" {
resource_id = "table/${aws_dynamodb_table.pass.name}"
scalable_dimension = "dynamodb:table:ReadCapacityUnits"
service_namespace = "dynamodb"
min_capacity = 1
max_capacity = 15
}
resource "aws_appautoscaling_policy" "pass" {
name = "rcu-auto-scaling"
service_namespace = aws_appautoscaling_target.pass.service_namespace
scalable_dimension = aws_appautoscaling_target.pass.scalable_dimension
resource_id = aws_appautoscaling_target.pass.resource_id
policy_type = "TargetTrackingScaling"
target_tracking_scaling_policy_configuration {
predefined_metric_specification {
predefined_metric_type = "RDSReaderAverageCPUUtilization"
predefined_metric_type = "DynamoDBReadCapacityUtilization"
}
// or:
resource "aws_dynamodb_table" "pass_on_demand" {
name = "user"
hash_key = "user-id"
billing_mode = "PAY_PER_REQUEST"
attribute {
name = "user-id"
type = "S"
}
}
Description
Checks if DynamoDB tables have autoscaling configuration. Note that for tables with billing_mode = "PAY_PER_REQUEST" such configuration is embedded by default.write_capacity, | ||
] | ||
} | ||
|
||
attribute { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unencrypted DynamoDB Tables
Resource: aws_dynamodb_table.without_server_side_encryption | ID: BC_AWS_GENERAL_52
How to Fix
resource "aws_dynamodb_table" "basic-dynamodb-table" {
name = "GameScores"
billing_mode = "PROVISIONED"
read_capacity = 20
write_capacity = 20
hash_key = "UserId"
range_key = "UserId"
attribute {
name = "UserId"
type = "S"
}
server_side_encryption {
enabled = true
}
}
Description
Checks if the Amazon DynamoDB tables are encrypted.write_capacity, | ||
] | ||
} | ||
|
||
attribute { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DynamoDB Tables do not have Auto Scaling enabled
Resource: aws_dynamodb_table.without_server_side_encryption | ID: BC_AWS_GENERAL_44
How to Fix
resource "aws_dynamodb_table" "pass" {
name = "user"
hash_key = "user-id"
billing_mode = "PROVISIONED"
read_capacity = 10
write_capacity = 10
attribute {
name = "user-id"
type = "S"
}
}
resource "aws_appautoscaling_target" "pass" {
resource_id = "table/${aws_dynamodb_table.pass.name}"
scalable_dimension = "dynamodb:table:ReadCapacityUnits"
service_namespace = "dynamodb"
min_capacity = 1
max_capacity = 15
}
resource "aws_appautoscaling_policy" "pass" {
name = "rcu-auto-scaling"
service_namespace = aws_appautoscaling_target.pass.service_namespace
scalable_dimension = aws_appautoscaling_target.pass.scalable_dimension
resource_id = aws_appautoscaling_target.pass.resource_id
policy_type = "TargetTrackingScaling"
target_tracking_scaling_policy_configuration {
predefined_metric_specification {
predefined_metric_type = "RDSReaderAverageCPUUtilization"
predefined_metric_type = "DynamoDBReadCapacityUtilization"
}
// or:
resource "aws_dynamodb_table" "pass_on_demand" {
name = "user"
hash_key = "user-id"
billing_mode = "PAY_PER_REQUEST"
attribute {
name = "user-id"
type = "S"
}
}
Description
Checks if DynamoDB tables have autoscaling configuration. Note that for tables with billing_mode = "PAY_PER_REQUEST" such configuration is embedded by default.
/test all |
I checked with @mcalhoun and there is no reason to keep this here for compliance. |
what
why
references
read_capacity
andwrite_capacity
from lifecycle change ignore #89