Repository | lgallard / terraform-aws-backup |
Description | Terraform module to create AWS Backup plans. AWS Backup is a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services (EBS volumes, RDS dat… |
Stars | 119 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 15:02:39,245 [MainThread ] [WARNI] Failed to download module lgallard/backup/aws:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 50, Failed checks: 2, Skipped checks: 0
Check: CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
FAILED for resource: aws_sns_topic.backup_vault_notifications
File: /examples/complete_plan/main.tf:2-4
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-15.html
2 | resource "aws_sns_topic" "backup_vault_notifications" {
3 | name = "backup-vault-events"
4 | }
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
FAILED for resource: aws_iam_policy_document.ab_tag_policy_document
File: /iam.tf:36-48
36 | data "aws_iam_policy_document" "ab_tag_policy_document" {
37 | count = var.enabled && var.iam_role_arn == null ? 1 : 0
38 | statement {
39 | effect = "Allow"
40 | resources = ["*"]
41 | actions = [
42 | "backup:ListTags",
43 | "backup:TagResource",
44 | "backup:UntagResource",
45 | "tag:GetResources"
46 | ]
47 | }
48 | }
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools