You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Violation Details -
Description : Launch configuration uses IMDSv1 which vulnerable to SSRF
File : git::https://github.com/hashicorp/terraform-aws-consul?ref=v0.11.0\modules\consul-cluster\main.tf
Module Name : consul_clients
Plan Root : AWS\DocumentDB
Line : 86
Severity : HIGH
-----------------------------------------------------------------------
Description : Launch configuration uses IMDSv1 which vulnerable to SSRF
File : git::https://github.com/hashicorp/terraform-aws-consul?ref=v0.11.0\modules\consul-cluster\main.tf
Module Name : consul_servers
Plan Root : AWS\DocumentDB
Line : 86
Severity : HIGH
-----------------------------------------------------------------------
Description : Enable AWS EBS Snapshot Encryption
File : AWS\EBS\create_ebs_volume.tf
Module Name : root
Plan Root : AWS\EBS
Line : 2
Severity : HIGH
-----------------------------------------------------------------------
Description : Enable encryption of your EFS file systems in order to protect your data and metadata from breaches or unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.
File : AWS\EFS\create_efs.tf
Module Name : root
Plan Root : AWS\EFS
Line : 1
Severity : HIGH
-----------------------------------------------------------------------
Description : ElastiCache for Memcached is not in use in AWS PCI DSS environments
File : AWS\ElastiCache\memcached_elasticache_cluster.tf
Module Name : root
Plan Root : AWS\ElastiCache
Line : 2
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure DocDb is encrypted at rest
File : AWS\DocumentDB\documentdb_cluster.tf
Module Name : root
Plan Root : AWS\DocumentDB
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure Kinesis Stream is encrypted
File : AWS\Kinesis\kinesis_stream.tf
Module Name : root
Plan Root : AWS\Kinesis
Line : 1
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure that your Amazon Simple Queue Service (SQS) queues are protecting the contents of their messages using Server-Side Encryption (SSE). The SQS service uses an AWS KMS Customer Master Key (CMK) to generate data keys required for the encryption/decryption process of SQS messages. There is no additional charge for using SQS Server-Side Encryption, however, there is a charge for using AWS KMS
File : AWS\SQS\create_sqs_queue.tf
Module Name : root
Plan Root : AWS\SQS
Line : 2
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure SecretsManager Secrets are Encrypted using KMS key
File : AWS\SecretsManager\create_secret.tf
Module Name : root
Plan Root : AWS\SecretsManager
Line : 1
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure Neptune Cluster is Encrypted
File : AWS\Neptune\neptune_cluster.tf
Module Name : root
Plan Root : AWS\Neptune
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure AWS Redshift cluster instances have logging enabled.
File : AWS\Redshift\create_redshift_cluster.tf
Module Name : root
Plan Root : AWS\Redshift
Line : 2
Severity : LOW
-----------------------------------------------------------------------
Description : Ensure VPC flow logging is enabled in all VPCs
File : AWS\VPC\vpc.tf
Module Name : root
Plan Root : AWS\VPC
Line : 2
Severity : LOW
-----------------------------------------------------------------------
Description : Ensure AWS Neptune clusters have logging enabled.
File : AWS\Neptune\neptune_cluster.tf
Module Name : root
Plan Root : AWS\Neptune
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Security Groups - Unrestricted Specific Ports - (SSH,22)
File : AWS\VPC\security_group.tf
Module Name : root
Plan Root : AWS\VPC
Line : 2
Severity : HIGH
-----------------------------------------------------------------------
Description : Security Groups - Unrestricted Specific Ports - (SSH,22)
File : git::https://github.com/hashicorp/terraform-aws-consul?ref=v0.11.0\modules\consul-cluster\main.tf
Module Name : consul_clients
Plan Root : AWS\DocumentDB
Line : 151
Severity : HIGH
-----------------------------------------------------------------------
Description : AWS ElastiCache Multi-AZ
File : AWS\ElastiCache\create_elasticache_cluster.tf
Module Name : root
Plan Root : AWS\ElastiCache
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure Redshift clusters are not publicly accessible to minimize security risks.
File : AWS\Redshift\create_redshift_cluster.tf
Module Name : root
Plan Root : AWS\Redshift
Line : 2
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure that your AWS application is not deployed within the default Virtual Private Cloud in order to follow security best practices
File : AWS\EC2\deploy_instance.tf
Module Name : root
Plan Root : AWS\EC2
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure that your RDS database has IAM Authentication enabled.
File : AWS\RDS\mysql_rds_instance.tf
Module Name : root
Plan Root : AWS\RDS
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure that your RDS database has IAM Authentication enabled.
File : AWS\RDS\postgres_rds_instance.tf
Module Name : root
Plan Root : AWS\RDS
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure CloudWatch logging is enabled for AWS DB instances
File : AWS\RDS\mysql_rds_instance.tf
Module Name : root
Plan Root : AWS\RDS
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Description : Ensure CloudWatch logging is enabled for AWS DB instances
File : AWS\RDS\postgres_rds_instance.tf
Module Name : root
Plan Root : AWS\RDS
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure SNS topic is Encrypted using KMS master key
File : AWS\SNS\create_sns_service.tf
Module Name : root
Plan Root : AWS\SNS
Line : 2
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure GKE Control Plane is not public.
File : GCP\main.tf
Module Name : root
Plan Root : GCP
Line : 226
Severity : HIGH
-----------------------------------------------------------------------
Scan Summary -
File/Folder : C:\Users\prajw\Projects\code-snippets\Terraform
IaC Type : terraform
Scanned At : 2022-11-23 23:11:25.8258763 +0000 UTC
Policies Validated : 409
Violated Policies : 24
Low : 2
Medium : 11
High : 11
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: