Repository | cloudposse / terraform-aws-elasticache-redis |
Description | Terraform module to provision an ElastiCache Redis Cluster |
Stars | 129 |
---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkov
output found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:55:39,856 [MainThread ] [WARNI] Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:39,856 [MainThread ] [WARNI] Failed to download module cloudposse/security-group/aws:1.0.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:39,856 [MainThread ] [WARNI] Failed to download module cloudposse/route53-cluster-hostname/aws:0.12.2 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:39,856 [MainThread ] [WARNI] Failed to download module cloudposse/vpc/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:39,857 [MainThread ] [WARNI] Failed to download module cloudposse/dynamic-subnets/aws:2.3.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:39,857 [MainThread ] [WARNI] Failed to download module cloudposse/cloudwatch-logs/aws:0.6.5 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 5, Failed checks: 3, Skipped checks: 0
Check: CKV2_AWS_39: "Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones"
FAILED for resource: aws_route53_zone.private
File: /examples/complete/main.tf:29-35
29 | resource "aws_route53_zone" "private" {
30 | name = format("elasticache-redis-terratest-%s.testing.cloudposse.co", try(module.this.attributes[0], "default"))
31 |
32 | vpc {
33 | vpc_id = module.vpc.vpc_id
34 | }
35 | }
Check: CKV2_AWS_50: "Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled"
FAILED for resource: module.redis.aws_elasticache_replication_group.default
File: /main.tf:115-164
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-elasticache-redis-cluster-with-multi-az-automatic-failover-feature-set-to-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_38: "Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones"
FAILED for resource: aws_route53_zone.private
File: /examples/complete/main.tf:29-35
29 | resource "aws_route53_zone" "private" {
30 | name = format("elasticache-redis-terratest-%s.testing.cloudposse.co", try(module.this.attributes[0], "default"))
31 |
32 | vpc {
33 | vpc_id = module.vpc.vpc_id
34 | }
35 | }
github_actions scan results:
Passed checks: 40, Failed checks: 0, Skipped checks: 0
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools