Experience Builder


Terraform

< Back

Repository
cloudposse / terraform-aws-ecs-alb-service-task
Description

Terraform module which implements an ECS service which exposes a web service via ALB.

Stars

 129

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:55:42,663 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:42,663 [MainThread  ] [WARNI]  Failed to download module cloudposse/vpc/aws:2.0.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:42,664 [MainThread  ] [WARNI]  Failed to download module cloudposse/dynamic-subnets/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:42,664 [MainThread  ] [WARNI]  Failed to download module cloudposse/ecs-container-definition/aws:0.58.2 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:42,664 [MainThread  ] [WARNI]  Failed to download module cloudposse/iam-policy/aws:0.4.0 (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 42, Failed checks: 2, Skipped checks: 1
    
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: module.ecs_alb_service_task.aws_iam_policy_document.ecs_service_policy
    	File: /main.tf:201-218
    	Calling File: /examples/complete/main.tf:79-105
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		201 | data "aws_iam_policy_document" "ecs_service_policy" {
    		202 |   count = local.enable_ecs_service_role && var.service_role_arn == null ? 1 : 0
    		203 | 
    		204 |   statement {
    		205 |     effect    = "Allow"
    		206 |     resources = ["*"]
    		207 | 
    		208 |     actions = [
    		209 |       "elasticloadbalancing:Describe*",
    		210 |       "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
    		211 |       "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
    		212 |       "ec2:Describe*",
    		213 |       "ec2:AuthorizeSecurityGroupIngress",
    		214 |       "elasticloadbalancing:RegisterTargets",
    		215 |       "elasticloadbalancing:DeregisterTargets"
    		216 |     ]
    		217 |   }
    		218 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.ecs_alb_service_task.aws_iam_policy_document.ecs_service_policy
    	File: /main.tf:201-218
    	Calling File: /examples/complete/main.tf:79-105
    
    		201 | data "aws_iam_policy_document" "ecs_service_policy" {
    		202 |   count = local.enable_ecs_service_role && var.service_role_arn == null ? 1 : 0
    		203 | 
    		204 |   statement {
    		205 |     effect    = "Allow"
    		206 |     resources = ["*"]
    		207 | 
    		208 |     actions = [
    		209 |       "elasticloadbalancing:Describe*",
    		210 |       "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
    		211 |       "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
    		212 |       "ec2:Describe*",
    		213 |       "ec2:AuthorizeSecurityGroupIngress",
    		214 |       "elasticloadbalancing:RegisterTargets",
    		215 |       "elasticloadbalancing:DeregisterTargets"
    		216 |     ]
    		217 |   }
    		218 | }
    
    github_actions scan results:
    
    Passed checks: 40, Failed checks: 0, Skipped checks: 0
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: