Repository | cloudposse / terraform-aws-rds-cluster |
Description | Terraform module to provision an RDS Aurora cluster for MySQL or Postgres |
Stars | 128 |
---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkov
output found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:55:45,679 [MainThread ] [WARNI] Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:45,679 [MainThread ] [WARNI] Failed to download module cloudposse/route53-cluster-hostname/aws:0.12.2 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:45,680 [MainThread ] [WARNI] Failed to download module cloudposse/vpc/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:45,680 [MainThread ] [WARNI] Failed to download module cloudposse/dynamic-subnets/aws:2.4.1 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 143, Failed checks: 85, Skipped checks: 0
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/enhanced_monitoring/main.tf:35-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/basic/main.tf:7-24
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/enhanced_monitoring/main.tf:35-58
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/enhanced_monitoring/main.tf:35-58
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/postgres/main.tf:28-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/postgres/main.tf:28-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/postgres/main.tf:28-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/postgres/main.tf:28-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/postgres/main.tf:28-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/postgres/main.tf:28-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/postgres/main.tf:28-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/postgres/main.tf:28-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/postgres/main.tf:28-51
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/postgres/main.tf:28-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: module.rds_cluster.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/postgres/main.tf:28-51
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/postgres/main.tf:28-51
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: module.rds_cluster.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/postgres/main.tf:28-51
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverless_mysql57/main.tf:9-38
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverless_mysql57/main.tf:9-38
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverless_mysql57/main.tf:9-38
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverless_mysql57/main.tf:9-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverless_mysql57/main.tf:9-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverless_mysql57/main.tf:9-38
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverless_mysql57/main.tf:9-38
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverless_mysql57/main.tf:9-38
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverless_mysql57/main.tf:9-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverless_mysql57/main.tf:9-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/serverless_mysql57/main.tf:9-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/serverless_mysql57/main.tf:9-38
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/serverless_mysql57/main.tf:9-38
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/serverlessv2_postgres/main.tf:28-50
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/with_cluster_parameters/main.tf:7-71
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/with_cluster_parameters/main.tf:7-71
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster_instance.default
File: /main.tf:241-284
Calling File: /examples/with_cluster_parameters/main.tf:7-71
241 | resource "aws_rds_cluster_instance" "default" {
242 | count = local.cluster_instance_count
243 | identifier = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
244 | cluster_identifier = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
245 | instance_class = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
246 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name)
247 | db_parameter_group_name = join("", aws_db_parameter_group.default[*].name)
248 | publicly_accessible = var.publicly_accessible
249 | tags = module.this.tags
250 | engine = var.engine
251 | engine_version = var.engine_version
252 | auto_minor_version_upgrade = var.auto_minor_version_upgrade
253 | monitoring_interval = var.rds_monitoring_interval
254 | monitoring_role_arn = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
255 | performance_insights_enabled = var.performance_insights_enabled
256 | performance_insights_kms_key_id = var.performance_insights_kms_key_id
257 | performance_insights_retention_period = var.performance_insights_retention_period
258 | availability_zone = var.instance_availability_zone
259 | apply_immediately = var.apply_immediately
260 | preferred_maintenance_window = var.maintenance_window
261 | copy_tags_to_snapshot = var.copy_tags_to_snapshot
262 | ca_cert_identifier = var.ca_cert_identifier
263 |
264 | dynamic "timeouts" {
265 | for_each = var.timeouts_configuration
266 | content {
267 | create = lookup(timeouts.value, "create", "120m")
268 | update = lookup(timeouts.value, "update", "120m")
269 | delete = lookup(timeouts.value, "delete", "120m")
270 | }
271 | }
272 |
273 | depends_on = [
274 | aws_db_subnet_group.default,
275 | aws_db_parameter_group.default,
276 | aws_iam_role.enhanced_monitoring,
277 | aws_rds_cluster.secondary,
278 | aws_rds_cluster_parameter_group.default,
279 | ]
280 |
281 | lifecycle {
282 | ignore_changes = [engine_version]
283 | }
284 | }
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
File: /main.tf:71-163
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
File: /main.tf:166-239
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
secrets scan results:
Passed checks: 0, Failed checks: 3, Skipped checks: 0
Check: CKV_SECRET_6: "Base64 High Entropy String"
FAILED for resource: d7fdba0dadfe661ed9c33f403184e0aa00ce77b2
File: /examples/basic/main.tf:16-17
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
16 | admin_password = "Tes**********"
Check: CKV_SECRET_6: "Base64 High Entropy String"
FAILED for resource: d7fdba0dadfe661ed9c33f403184e0aa00ce77b2
File: /examples/enhanced_monitoring/main.tf:44-45
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
44 | admin_password = "Tes**********"
Check: CKV_SECRET_6: "Base64 High Entropy String"
FAILED for resource: d7fdba0dadfe661ed9c33f403184e0aa00ce77b2
File: /examples/with_cluster_parameters/main.tf:16-17
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
16 | admin_password = "Tes**********"
github_actions scan results:
Passed checks: 40, Failed checks: 0, Skipped checks: 0
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools