Experience Builder


Terraform

< Back

Repository
cloudposse / terraform-aws-eks-cluster
Description

Terraform module for provisioning an EKS cluster

Stars

 467

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:45:42,037 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:45:42,037 [MainThread  ] [WARNI]  Failed to download module cloudposse/vpc/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:45:42,037 [MainThread  ] [WARNI]  Failed to download module cloudposse/dynamic-subnets/aws:2.3.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:45:42,037 [MainThread  ] [WARNI]  Failed to download module cloudposse/eks-node-group/aws:2.4.0 (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 78, Failed checks: 2, Skipped checks: 5
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.eks_cluster.aws_iam_policy_document.cluster_elb_service_role
    	File: /iam.tf:48-74
    	Calling File: /examples/complete/main.tf:58-101
    
    		48 | data "aws_iam_policy_document" "cluster_elb_service_role" {
    		49 |   count = local.create_eks_service_role ? 1 : 0
    		50 | 
    		51 |   statement {
    		52 |     sid    = "AllowElasticLoadBalancer"
    		53 |     effect = "Allow"
    		54 |     #bridgecrew:skip=BC_AWS_IAM_57:There is no workable constraint to add to this policy
    		55 |     actions = [
    		56 |       "ec2:DescribeAccountAttributes",
    		57 |       "ec2:DescribeAddresses",
    		58 |       "ec2:DescribeInternetGateways",
    		59 |       "elasticloadbalancing:SetIpAddressType",
    		60 |       "elasticloadbalancing:SetSubnets"
    		61 |     ]
    		62 |     resources = ["*"]
    		63 |   }
    		64 |   # Adding a policy to cluster IAM role that deny permissions to logs:CreateLogGroup
    		65 |   # it is not needed since we create the log group elsewhere in this module, and it is causing trouble during "destroy"
    		66 |   statement {
    		67 |     sid    = "DenyCreateLogGroup"
    		68 |     effect = "Deny"
    		69 |     actions = [
    		70 |       "logs:CreateLogGroup"
    		71 |     ]
    		72 |     resources = ["*"]
    		73 |   }
    		74 | }
    
    Check: CKV_AWS_339: "Ensure EKS clusters run on a supported Kubernetes version"
    	FAILED for resource: module.eks_cluster.aws_eks_cluster.default
    	File: /main.tf:53-113
    	Calling File: /examples/complete/main.tf:58-101
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    github_actions scan results:
    
    Passed checks: 40, Failed checks: 0, Skipped checks: 0
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: