Repository | grem11n / terraform-aws-vpc-peering |
Description | Terraform module to setup VPC peering connection |
Stars | 110 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 15:04:16,892 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/vpc/aws:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 155, Failed checks: 24, Skipped checks: 0
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.this
File: /examples/module-depends-on/fixtures.tf:3-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
3 | resource "aws_vpc" "this" {
4 | cidr_block = "172.20.0.0/16"
5 |
6 | tags = {
7 | Name = "this_vpc"
8 | Environment = "Test"
9 | }
10 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.peer
File: /examples/module-depends-on/fixtures.tf:12-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
12 | resource "aws_vpc" "peer" {
13 | cidr_block = "172.21.0.0/16"
14 |
15 | tags = {
16 | Name = "peer_vpc"
17 | Environment = "Test"
18 | }
19 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.this
File: /test/fixtures/multi-account-multi-region/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
3 | resource "aws_vpc" "this" {
4 | provider = aws.this
5 | cidr_block = "172.20.0.0/16"
6 |
7 | tags = {
8 | Name = "this_vpc"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/multi-account-multi-region/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
13 | resource "aws_vpc" "peer" {
14 | provider = aws.peer
15 | cidr_block = "172.21.0.0/16"
16 |
17 | tags = {
18 | Name = "peer_vpc"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.this
File: /test/fixtures/multi-account-single-region/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
3 | resource "aws_vpc" "this" {
4 | provider = aws.this
5 | cidr_block = "172.20.0.0/16"
6 |
7 | tags = {
8 | Name = "this_vpc"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/multi-account-single-region/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
13 | resource "aws_vpc" "peer" {
14 | provider = aws.peer
15 | cidr_block = "172.21.0.0/16"
16 |
17 | tags = {
18 | Name = "peer_vpc"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.this
File: /test/fixtures/single-account-multi-region/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
3 | resource "aws_vpc" "this" {
4 | provider = aws.this
5 | cidr_block = "172.20.0.0/16"
6 |
7 | tags = {
8 | Name = "this_vpc"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/single-account-multi-region/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
13 | resource "aws_vpc" "peer" {
14 | provider = aws.peer
15 | cidr_block = "172.21.0.0/16"
16 |
17 | tags = {
18 | Name = "peer_vpc"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.this
File: /test/fixtures/single-account-single-region-with-options/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
3 | resource "aws_vpc" "this" {
4 | cidr_block = "172.20.0.0/16"
5 | enable_dns_hostnames = true
6 |
7 | tags = {
8 | Name = "this_vpc_options"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/single-account-single-region-with-options/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
13 | resource "aws_vpc" "peer" {
14 | cidr_block = "172.21.0.0/16"
15 | enable_dns_hostnames = true
16 |
17 | tags = {
18 | Name = "peer_vpc_options"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.this
File: /test/fixtures/single-account-single-region/main.tf:3-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
3 | resource "aws_vpc" "this" {
4 | cidr_block = "172.20.0.0/16"
5 |
6 | tags = {
7 | Name = "this_vpc"
8 | Environment = "Test"
9 | }
10 | }
Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/single-account-single-region/main.tf:12-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
12 | resource "aws_vpc" "peer" {
13 | cidr_block = "172.21.0.0/16"
14 |
15 | tags = {
16 | Name = "peer_vpc"
17 | Environment = "Test"
18 | }
19 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.this
File: /examples/module-depends-on/fixtures.tf:3-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
3 | resource "aws_vpc" "this" {
4 | cidr_block = "172.20.0.0/16"
5 |
6 | tags = {
7 | Name = "this_vpc"
8 | Environment = "Test"
9 | }
10 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.peer
File: /examples/module-depends-on/fixtures.tf:12-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
12 | resource "aws_vpc" "peer" {
13 | cidr_block = "172.21.0.0/16"
14 |
15 | tags = {
16 | Name = "peer_vpc"
17 | Environment = "Test"
18 | }
19 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.this
File: /test/fixtures/multi-account-multi-region/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
3 | resource "aws_vpc" "this" {
4 | provider = aws.this
5 | cidr_block = "172.20.0.0/16"
6 |
7 | tags = {
8 | Name = "this_vpc"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/multi-account-multi-region/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
13 | resource "aws_vpc" "peer" {
14 | provider = aws.peer
15 | cidr_block = "172.21.0.0/16"
16 |
17 | tags = {
18 | Name = "peer_vpc"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.this
File: /test/fixtures/multi-account-single-region/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
3 | resource "aws_vpc" "this" {
4 | provider = aws.this
5 | cidr_block = "172.20.0.0/16"
6 |
7 | tags = {
8 | Name = "this_vpc"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/multi-account-single-region/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
13 | resource "aws_vpc" "peer" {
14 | provider = aws.peer
15 | cidr_block = "172.21.0.0/16"
16 |
17 | tags = {
18 | Name = "peer_vpc"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.this
File: /test/fixtures/single-account-multi-region/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
3 | resource "aws_vpc" "this" {
4 | provider = aws.this
5 | cidr_block = "172.20.0.0/16"
6 |
7 | tags = {
8 | Name = "this_vpc"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/single-account-multi-region/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
13 | resource "aws_vpc" "peer" {
14 | provider = aws.peer
15 | cidr_block = "172.21.0.0/16"
16 |
17 | tags = {
18 | Name = "peer_vpc"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.this
File: /test/fixtures/single-account-single-region-with-options/main.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
3 | resource "aws_vpc" "this" {
4 | cidr_block = "172.20.0.0/16"
5 | enable_dns_hostnames = true
6 |
7 | tags = {
8 | Name = "this_vpc_options"
9 | Environment = "Test"
10 | }
11 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/single-account-single-region-with-options/main.tf:13-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
13 | resource "aws_vpc" "peer" {
14 | cidr_block = "172.21.0.0/16"
15 | enable_dns_hostnames = true
16 |
17 | tags = {
18 | Name = "peer_vpc_options"
19 | Environment = "Test"
20 | }
21 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.this
File: /test/fixtures/single-account-single-region/main.tf:3-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
3 | resource "aws_vpc" "this" {
4 | cidr_block = "172.20.0.0/16"
5 |
6 | tags = {
7 | Name = "this_vpc"
8 | Environment = "Test"
9 | }
10 | }
Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
FAILED for resource: aws_vpc.peer
File: /test/fixtures/single-account-single-region/main.tf:12-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
12 | resource "aws_vpc" "peer" {
13 | cidr_block = "172.21.0.0/16"
14 |
15 | tags = {
16 | Name = "peer_vpc"
17 | Environment = "Test"
18 | }
19 | }
github_actions scan results:
Passed checks: 39, Failed checks: 1, Skipped checks: 0
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
FAILED for resource: on(terraform-aws-vpc-peering)
File: /.github/workflows/terratest.yml:0-1