Experience Builder


Terraform

< Back

Repository
cloudposse / terraform-aws-elastic-beanstalk-environment
Description

Terraform module to provision an AWS Elastic Beanstalk Environment

Stars

 293

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:50:32,786 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,786 [MainThread  ] [WARNI]  Failed to download module cloudposse/lb-s3-bucket/aws:0.19.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,787 [MainThread  ] [WARNI]  Failed to download module cloudposse/route53-cluster-hostname/aws:0.12.2 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,787 [MainThread  ] [WARNI]  Failed to download module cloudposse/security-group/aws:1.0.1 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,787 [MainThread  ] [WARNI]  Failed to download module cloudposse/vpc/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,787 [MainThread  ] [WARNI]  Failed to download module cloudposse/dynamic-subnets/aws:2.4.1 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,787 [MainThread  ] [WARNI]  Failed to download module cloudposse/elastic-beanstalk-application/aws:0.11.1 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:50:32,787 [MainThread  ] [WARNI]  Failed to download module cloudposse/alb/aws:1.10.0 (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 90, Failed checks: 6, Skipped checks: 9
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.minimal_s3_permissions
    	File: /examples/complete/main.tf:113-122
    
    		113 | data "aws_iam_policy_document" "minimal_s3_permissions" {
    		114 |   statement {
    		115 |     sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
    		116 |     actions = [
    		117 |       "s3:ListAllMyBuckets",
    		118 |       "s3:GetBucketLocation"
    		119 |     ]
    		120 |     resources = ["*"]
    		121 |   }
    		122 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.minimal_s3_permissions
    	File: /examples/nlb/main.tf:115-124
    
    		115 | data "aws_iam_policy_document" "minimal_s3_permissions" {
    		116 |   statement {
    		117 |     sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
    		118 |     actions = [
    		119 |       "s3:ListAllMyBuckets",
    		120 |       "s3:GetBucketLocation"
    		121 |     ]
    		122 |     resources = ["*"]
    		123 |   }
    		124 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.minimal_s3_permissions
    	File: /examples/shared-alb/main.tf:123-132
    
    		123 | data "aws_iam_policy_document" "minimal_s3_permissions" {
    		124 |   statement {
    		125 |     sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
    		126 |     actions = [
    		127 |       "s3:ListAllMyBuckets",
    		128 |       "s3:GetBucketLocation"
    		129 |     ]
    		130 |     resources = ["*"]
    		131 |   }
    		132 | }
    
    Check: CKV_AWS_340: "Ensure Elastic Beanstalk managed platform updates are enabled"
    	FAILED for resource: module.elastic_beanstalk_environment.aws_elastic_beanstalk_environment.default
    	File: /main.tf:602-1095
    	Calling File: /examples/shared-alb/main.tf:53-121
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_312: "Ensure Elastic Beanstalk environments have enhanced health reporting enabled"
    	FAILED for resource: module.elastic_beanstalk_environment.aws_elastic_beanstalk_environment.default
    	File: /main.tf:602-1095
    	Calling File: /examples/shared-alb/main.tf:53-121
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.elastic_beanstalk_environment.aws_iam_policy_document.default
    	File: /main.tf:168-345
    	Calling File: /examples/shared-alb/main.tf:53-121
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    github_actions scan results:
    
    Passed checks: 40, Failed checks: 0, Skipped checks: 0
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: