Experience Builder


Terraform

< Back

Repository
ari-hacks / terraform-study-guide
Description

📚 Study Guide for the Terraform Associate Certification

Stars

 117

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      terraform scan results:
    
    Passed checks: 4, Failed checks: 10, Skipped checks: 0, Parsing errors: 8
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /provisioners.hcl:13-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		13 | resource "aws_instance" "web" {
    		14 |   # ...
    		15 | 
    		16 |   provisioner "remote-exec" {
    		17 |     inline = [
    		18 |       "puppet apply",
    		19 |       "consul join ${aws_instance.web.private_ip}",
    		20 |     ]
    		21 |   }
    		22 | }
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /provisioners.hcl:13-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		13 | resource "aws_instance" "web" {
    		14 |   # ...
    		15 | 
    		16 |   provisioner "remote-exec" {
    		17 |     inline = [
    		18 |       "puppet apply",
    		19 |       "consul join ${aws_instance.web.private_ip}",
    		20 |     ]
    		21 |   }
    		22 | }
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /provisioners.hcl:13-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		13 | resource "aws_instance" "web" {
    		14 |   # ...
    		15 | 
    		16 |   provisioner "remote-exec" {
    		17 |     inline = [
    		18 |       "puppet apply",
    		19 |       "consul join ${aws_instance.web.private_ip}",
    		20 |     ]
    		21 |   }
    		22 | }
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /provisioners.hcl:13-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		13 | resource "aws_instance" "web" {
    		14 |   # ...
    		15 | 
    		16 |   provisioner "remote-exec" {
    		17 |     inline = [
    		18 |       "puppet apply",
    		19 |       "consul join ${aws_instance.web.private_ip}",
    		20 |     ]
    		21 |   }
    		22 | }
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /resources.hcl:2-5
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		2 | resource "aws_instance" "web" {
    		3 |   ami           = "ami-a1b2c3d4"
    		4 |   instance_type = "t2.micro"
    		5 | }
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /resources.hcl:2-5
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		2 | resource "aws_instance" "web" {
    		3 |   ami           = "ami-a1b2c3d4"
    		4 |   instance_type = "t2.micro"
    		5 | }
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /resources.hcl:2-5
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		2 | resource "aws_instance" "web" {
    		3 |   ami           = "ami-a1b2c3d4"
    		4 |   instance_type = "t2.micro"
    		5 | }
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /resources.hcl:2-5
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		2 | resource "aws_instance" "web" {
    		3 |   ami           = "ami-a1b2c3d4"
    		4 |   instance_type = "t2.micro"
    		5 | }
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /provisioners.hcl:13-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		13 | resource "aws_instance" "web" {
    		14 |   # ...
    		15 | 
    		16 |   provisioner "remote-exec" {
    		17 |     inline = [
    		18 |       "puppet apply",
    		19 |       "consul join ${aws_instance.web.private_ip}",
    		20 |     ]
    		21 |   }
    		22 | }
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.web
    	File: /Terraform code examples /resources.hcl:2-5
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		2 | resource "aws_instance" "web" {
    		3 |   ami           = "ami-a1b2c3d4"
    		4 |   instance_type = "t2.micro"
    		5 | }
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: