Cloud Concierge Report - 2023-10-03-17-36

[cloud-concierge]

Cloud Concierge Report - State of Scanned Cloud Resources

How to Read this Report

'Cloud Concierge Report' has run. Of the resources the execution scans, at least one resource was identified to have drifted or be outside of Terraform control. While code has been generated of the Terraform code and corresponding import statements needed to bring these resources under Terraform control, below you will find a summary of the gaps identified in your current IaC posture.

Identified Security Risks

Instance ID: arn:aws:elasticloadbalancing:us-east-1:682649898103:listener/app/tf-managed-demo-alb/4c89e21113613302/14f215be0e2d5e4d

Rule Description	Severity	Resolution	Doc Links
Use of plain HTTP.	CRITICAL	Switch to HTTPS to benefit from TLS security features	Rule, Tf Doc

Instance ID: arn:aws:elasticloadbalancing:us-east-1:682649898103:loadbalancer/app/tf-managed-demo-alb/4c89e21113613302

Rule Description	Severity	Resolution	Doc Links
Load balancer is exposed to the internet.	HIGH	Switch to an internal load balancer or add a tfsec ignore	Rule, Tf Doc
Load balancers should drop invalid headers	HIGH	Set drop_invalid_header_fields to true	Rule, Tf Doc

Instance ID: arn:aws:rds:us-east-1:682649898103:db:devops-days-buffalo

Rule Description	Severity	Resolution	Doc Links
RDS Deletion Protection Disabled	MEDIUM	Modify the RDS instances to enable deletion protection.	Rule
RDS IAM Database Authentication Disabled	MEDIUM	Modify the PostgreSQL and MySQL type RDS instances to enable IAM database authentication.	Rule
Enable Performance Insights to detect potential problems	LOW	Enable performance insights	Rule, Tf Doc
A database resource is marked as publicly accessible.	CRITICAL	Set the database to not be publicly accessible	Rule, Tf Doc
RDS Cluster and RDS instance should have backup retention longer than default 1 day	MEDIUM	Explicitly set the retention period to greater than the default	Rule, Tf Doc

Calculable Cloud Costs (Monthly)

Uncontrolled Resources Cost	Terraform Controlled Resources Cost
$15.54	$22.26

Resources Outside of Terraform Control

Type	# Resources	Cost Components	Monthly Cost	Usage Based*
aws_db_subnet_group	1	No Charge	No Charge	No Charge
aws_lb_listener	1	No Charge	No Charge	No Charge
aws_db_instance	1	3	$15.54	False
aws_db_snapshot	3	No Charge	No Charge	No Charge

Deleted Resources

No deleted resources found!

Drifted Resources Managed By Terraform

State File aws-networking-dev

Resource: root (module) "aws_lb" "example_lb"

Instance ID: arn:aws:elasticloadbalancing:us-east-1:682649898103:loadbalancer/app/tf-managed-demo-alb/4c89e21113613302

Most Recent Non-Terraform Actor: root
Most Recent Action Date: 2023-08-09

• Completed

Attribute	Terraform Value	Cloud Value
enable_tls_version_and_cipher_suite_headers	false	true

Root Causes of Drift

Cloud Actors Causing Changes

Actor	Action	Count
root	Create Resource	3
root	Modify Resource	1

Disclaimer

*Indicates that a resource's cost is usage based. Since we currently do not infer/have knowledge of usage, costs may be material although indicated as 0 here.

This report presents information on the state of your cloud at a point in time and as best Cloud Concierge is able to determine. Cloud Concierge does not currently scan every cloud resource for every cloud provider. For a list of supported resources, please see our documentation.

Created by Cloud Concierge at 17:36 UTC on 2023-10-03