Repository | cloudposse / terraform-aws-elastic-beanstalk-environment |
Description | Terraform module to provision an AWS Elastic Beanstalk Environment |
Stars | 293 |
---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkov
output found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:50:32,786 [MainThread ] [WARNI] Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,786 [MainThread ] [WARNI] Failed to download module cloudposse/lb-s3-bucket/aws:0.19.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,787 [MainThread ] [WARNI] Failed to download module cloudposse/route53-cluster-hostname/aws:0.12.2 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,787 [MainThread ] [WARNI] Failed to download module cloudposse/security-group/aws:1.0.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,787 [MainThread ] [WARNI] Failed to download module cloudposse/vpc/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,787 [MainThread ] [WARNI] Failed to download module cloudposse/dynamic-subnets/aws:2.4.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,787 [MainThread ] [WARNI] Failed to download module cloudposse/elastic-beanstalk-application/aws:0.11.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:50:32,787 [MainThread ] [WARNI] Failed to download module cloudposse/alb/aws:1.10.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 90, Failed checks: 6, Skipped checks: 9
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
FAILED for resource: aws_iam_policy_document.minimal_s3_permissions
File: /examples/complete/main.tf:113-122
113 | data "aws_iam_policy_document" "minimal_s3_permissions" {
114 | statement {
115 | sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
116 | actions = [
117 | "s3:ListAllMyBuckets",
118 | "s3:GetBucketLocation"
119 | ]
120 | resources = ["*"]
121 | }
122 | }
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
FAILED for resource: aws_iam_policy_document.minimal_s3_permissions
File: /examples/nlb/main.tf:115-124
115 | data "aws_iam_policy_document" "minimal_s3_permissions" {
116 | statement {
117 | sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
118 | actions = [
119 | "s3:ListAllMyBuckets",
120 | "s3:GetBucketLocation"
121 | ]
122 | resources = ["*"]
123 | }
124 | }
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
FAILED for resource: aws_iam_policy_document.minimal_s3_permissions
File: /examples/shared-alb/main.tf:123-132
123 | data "aws_iam_policy_document" "minimal_s3_permissions" {
124 | statement {
125 | sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
126 | actions = [
127 | "s3:ListAllMyBuckets",
128 | "s3:GetBucketLocation"
129 | ]
130 | resources = ["*"]
131 | }
132 | }
Check: CKV_AWS_340: "Ensure Elastic Beanstalk managed platform updates are enabled"
FAILED for resource: module.elastic_beanstalk_environment.aws_elastic_beanstalk_environment.default
File: /main.tf:602-1095
Calling File: /examples/shared-alb/main.tf:53-121
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_312: "Ensure Elastic Beanstalk environments have enhanced health reporting enabled"
FAILED for resource: module.elastic_beanstalk_environment.aws_elastic_beanstalk_environment.default
File: /main.tf:602-1095
Calling File: /examples/shared-alb/main.tf:53-121
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
FAILED for resource: module.elastic_beanstalk_environment.aws_iam_policy_document.default
File: /main.tf:168-345
Calling File: /examples/shared-alb/main.tf:53-121
Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:
Passed checks: 40, Failed checks: 0, Skipped checks: 0
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools