Skip to content

Commit

Permalink
Fix checkov warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@fabasoad
fabasoad committed Aug 14, 2021
1 parent 182567a commit c9055b0
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 5 deletions.
3 changes: 0 additions & 3 deletions .github/workflows/terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ on:
- 'bugfix/**'
- 'dependabot/*'
- 'feature/**'
- 'test-*'

jobs:
terraform:
Expand All @@ -20,8 +19,6 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Prepare bundle
run: ./build_bundle.sh
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/tf-lint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@ jobs:
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Lint
run: cd terraform && terraform fmt -check
run: terraform fmt -check
26 changes: 25 additions & 1 deletion s3.tf
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,36 @@
locals {
bucket_name = "business-card-bucket"
payload_path = "${path.module}/${var.app}-payload.zip"
}

resource "aws_s3_bucket_public_access_block" "business_card_bucket_access" {
bucket = aws_s3_bucket.business_card_bucket.id

block_public_acls = true
block_public_policy = true
}

resource "aws_s3_bucket" "business_card_bucket" {
bucket = "business-card-bucket"
bucket = local.bucket_name
versioning {
enabled = true
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
dynamic "logging" {
for_each = []
content {
target_bucket = logging.value["target_bucket"]
target_prefix = "logs/${local.bucket_name}"
}
}
#checkov:skip=CKV_AWS_144:No need to have cross-region replication
#checkov:skip=CKV_AWS_145:No need to encrypt with KMS
}

resource "aws_s3_bucket_object" "business_card_payload" {
Expand Down

0 comments on commit c9055b0

Please sign in to comment.