Repository | cloudposse / terraform-aws-rds |
Description | Terraform module to provision AWS RDS instances |
Stars | 134 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:55:17,573 [MainThread ] [WARNI] Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:17,574 [MainThread ] [WARNI] Failed to download module cloudposse/route53-cluster-hostname/aws:0.12.2 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:17,574 [MainThread ] [WARNI] Failed to download module git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.7.0:None (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:17,574 [MainThread ] [WARNI] Failed to download module git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.0:None (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:17,574 [MainThread ] [WARNI] Failed to download module cloudposse/vpc/aws:0.28.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:17,574 [MainThread ] [WARNI] Failed to download module cloudposse/dynamic-subnets/aws:0.40.1 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 21, Failed checks: 6, Skipped checks: 0
Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
FAILED for resource: module.rds_instance.aws_db_instance.default
File: /main.tf:27-105
Calling File: /examples/mssql/main.tf:26-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
FAILED for resource: module.rds_instance.aws_db_instance.default
File: /main.tf:27-105
Calling File: /examples/mssql/main.tf:26-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: module.rds_instance.aws_db_instance.default
File: /main.tf:27-105
Calling File: /examples/mssql/main.tf:26-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: module.rds_instance.aws_db_instance.default
File: /main.tf:27-105
Calling File: /examples/mssql/main.tf:26-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: module.rds_instance.aws_db_instance.default
File: /main.tf:27-105
Calling File: /examples/mssql/main.tf:26-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_133: "Ensure that RDS instances has backup policy"
FAILED for resource: module.rds_instance.aws_db_instance.default
File: /main.tf:27-105
Calling File: /examples/mssql/main.tf:26-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-instances-have-backup-policy.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:
Passed checks: 40, Failed checks: 0, Skipped checks: 0
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools