You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1 of:
Check: CKV_AWS_7: "Ensure rotation for customer created CMKs is enabled"
FAILED for resource: aws_kms_key.group_kms_keys
Guide: https://docs.bridgecrew.io/docs/logging_8
File: /catalog\aws\data-lake-users\main.tf:19-23
2 of:
Check: CKV_AWS_33: "Ensure ECR image scanning on push is enabled"
FAILED for resource: aws_ecr_repository.ecr_repo
Guide: https://docs.bridgecrew.io/docs/general_8
1 of:
Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
FAILED for resource: aws_lb_listener.listener
Guide: https://docs.bridgecrew.io/docs/networking_29
File: /components\aws\ecs-task\alb.tf:30-41
1 of:
Check: CKV_AWS_50: "X-ray tracing is enabled for Lambda"
FAILED for resource: aws_lambda_function.python_lambda
Guide: https://docs.bridgecrew.io/page/guideline-does-not-exist
File: /components\aws\lambda-python\main.tf:40-67
1 of:
Check: CKV_AWS_66: "Ensure cloudwatch log groups specify retention days"
FAILED for resource: aws_cloudwatch_log_group.lambda_log_group
File: /components\aws\lambda-python\main.tf:69-73
1 of:
Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
FAILED for resource: aws_db_instance.rds_db
Guide: https://docs.bridgecrew.io/docs/general_4
File: /components\aws\rds\main.tf:91-114
1 of:
Check: CKV_AWS_17: "Ensure all data stored in the RDS bucket is not public accessible"
FAILED for resource: aws_db_instance.rds_db
Guide: https://docs.bridgecrew.io/docs/public_2
File: /components\aws\rds\main.tf:91-114
Remediation:
I'd Address each issue, add secure default values that can be overridden, most of the S3 issues are of this type, if the warnings conflicts with your requirements/design then add a considered exclusion to your code.
Fix the encryption, https issues and Ensure that RDS is not public.
Happy to help you achieve this.
James
The text was updated successfully, but these errors were encountered:
Great repo.
I ran a Terraform Static Analysis Security tool over you modules:
Method
Checkov found these issues:
Nine instances of :
Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
FAILED for resource: aws_s3_bucket.s3_data_bucket
Guide: https://docs.bridgecrew.io/docs/s3_13-enable-logging
Nine instances of :
Check: CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
FAILED for resource: aws_s3_bucket.s3_data_bucket
Eight of :
Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
FAILED for resource: aws_s3_bucket.s3_data_bucket
Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning
1 of:
Check: CKV_AWS_7: "Ensure rotation for customer created CMKs is enabled"
FAILED for resource: aws_kms_key.group_kms_keys
Guide: https://docs.bridgecrew.io/docs/logging_8
File: /catalog\aws\data-lake-users\main.tf:19-23
2 of:
Check: CKV_AWS_33: "Ensure ECR image scanning on push is enabled"
FAILED for resource: aws_ecr_repository.ecr_repo
Guide: https://docs.bridgecrew.io/docs/general_8
2 of:
Check: CKV_AWS_51: "Ensure ECR Image Tags are immutable"
FAILED for resource: aws_ecr_repository.ecr_repo
Guide: https://docs.bridgecrew.io/docs/bc_aws_general_24
1 of:
Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
FAILED for resource: aws_lb_listener.listener
Guide: https://docs.bridgecrew.io/docs/networking_29
File: /components\aws\ecs-task\alb.tf:30-41
1 of:
Check: CKV_AWS_50: "X-ray tracing is enabled for Lambda"
FAILED for resource: aws_lambda_function.python_lambda
Guide: https://docs.bridgecrew.io/page/guideline-does-not-exist
File: /components\aws\lambda-python\main.tf:40-67
1 of:
Check: CKV_AWS_66: "Ensure cloudwatch log groups specify retention days"
FAILED for resource: aws_cloudwatch_log_group.lambda_log_group
File: /components\aws\lambda-python\main.tf:69-73
1 of:
Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
FAILED for resource: aws_db_instance.rds_db
Guide: https://docs.bridgecrew.io/docs/general_4
File: /components\aws\rds\main.tf:91-114
1 of:
Check: CKV_AWS_17: "Ensure all data stored in the RDS bucket is not public accessible"
FAILED for resource: aws_db_instance.rds_db
Guide: https://docs.bridgecrew.io/docs/public_2
File: /components\aws\rds\main.tf:91-114
I'd Address each issue, add secure default values that can be overridden, most of the S3 issues are of this type, if the warnings conflicts with your requirements/design then add a considered exclusion to your code.
Fix the encryption, https issues and Ensure that RDS is not public.
Happy to help you achieve this.
James
The text was updated successfully, but these errors were encountered: