Repository | int128 / terraform-aws-nat-instance |
Description | Terraform module to provision a NAT Instance using an Auto Scaling Group and Spot Instance from $1/month |
Stars | 149 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:54:53,108 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/vpc/aws:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 57, Failed checks: 13, Skipped checks: 0
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group_rule.dnat_http
File: /example/example.tf:71-79
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
71 | resource "aws_security_group_rule" "dnat_http" {
72 | description = "expose HTTP service"
73 | security_group_id = module.nat.sg_id
74 | type = "ingress"
75 | protocol = "tcp"
76 | from_port = 80
77 | to_port = 80
78 | cidr_blocks = ["0.0.0.0/0"]
79 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.private_instance
File: /example/instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "private_instance" {
3 | ami = data.aws_ami.amazon_linux_2.id
4 | instance_type = "t3.micro"
5 | iam_instance_profile = aws_iam_instance_profile.private_instance.name
6 | subnet_id = module.vpc.private_subnets[0]
7 | vpc_security_group_ids = [aws_security_group.private_instance.id]
8 |
9 | tags = {
10 | Name = "example-terraform-aws-nat-instance"
11 | }
12 |
13 | user_data = <
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools