Repository | stacksimplify / hashicorp-certified-terraform-associate |
Description | Hashicorp Certified Terraform Associate |
Stars | 457 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:47:50,965 [MainThread ] [WARNI] Failed to download module app.terraform.io/hcta-demo1/s3-website/aws:1.0.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:47:50,965 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/ec2-instance/aws:~>2.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 965, Failed checks: 773, Skipped checks: 0
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-02-Terraform-Command-Basics/terraform-manifests/ec2-instance.tf:18-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
18 | resource "aws_instance" "ec2demo" {
19 | ami = "ami-0be2609ba883822ec" # Amazon Linux in us-east-1, update as per your region
20 | instance_type = "t2.micro"
21 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-02-Terraform-Command-Basics/terraform-manifests/ec2-instance.tf:18-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
18 | resource "aws_instance" "ec2demo" {
19 | ami = "ami-0be2609ba883822ec" # Amazon Linux in us-east-1, update as per your region
20 | instance_type = "t2.micro"
21 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-02-Terraform-Command-Basics/terraform-manifests/ec2-instance.tf:18-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
18 | resource "aws_instance" "ec2demo" {
19 | ami = "ami-0be2609ba883822ec" # Amazon Linux in us-east-1, update as per your region
20 | instance_type = "t2.micro"
21 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-02-Terraform-Command-Basics/terraform-manifests/ec2-instance.tf:18-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
18 | resource "aws_instance" "ec2demo" {
19 | ami = "ami-0be2609ba883822ec" # Amazon Linux in us-east-1, update as per your region
20 | instance_type = "t2.micro"
21 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-03-Terraform-Language-Syntax/terraform-manifests/top-level-blocks-samples.tf:29-32
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
29 | resource "aws_instance" "ec2demo" {
30 | ami = "ami-04d29b6f966df1537" # Amazon Linux
31 | instance_type = var.instance_type
32 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-03-Terraform-Language-Syntax/terraform-manifests/top-level-blocks-samples.tf:29-32
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
29 | resource "aws_instance" "ec2demo" {
30 | ami = "ami-04d29b6f966df1537" # Amazon Linux
31 | instance_type = var.instance_type
32 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-03-Terraform-Language-Syntax/terraform-manifests/top-level-blocks-samples.tf:29-32
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
29 | resource "aws_instance" "ec2demo" {
30 | ami = "ami-04d29b6f966df1537" # Amazon Linux
31 | instance_type = var.instance_type
32 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.ec2demo
File: /02-Terraform-Basics/02-03-Terraform-Language-Syntax/terraform-manifests/top-level-blocks-samples.tf:29-32
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
29 | resource "aws_instance" "ec2demo" {
30 | ami = "ami-04d29b6f966df1537" # Amazon Linux
31 | instance_type = var.instance_type
32 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests-oldv1/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests-oldv1/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests-oldv1/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests-oldv1/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-01-Resource-Syntax-and-Behavior/terraform-manifests/c2-ec2-instance.tf:4-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
4 | resource "aws_instance" "my-ec2-vm" {
5 | ami = "ami-047a51fa27710816e"
6 | instance_type = "t2.micro"
7 | availability_zone = "us-east-1a"
8 | #availability_zone = "us-east-1b"
9 | tags = {
10 | "Name" = "web"
11 | #"tag1" = "Update-test-1"
12 | }
13 | }
Check: CKV_AWS_130: "Ensure VPC subnets do not assign public IP by default"
FAILED for resource: aws_subnet.vpc-dev-public-subnet-1
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c2-vpc.tf:11-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default.html
11 | resource "aws_subnet" "vpc-dev-public-subnet-1" {
12 | vpc_id = aws_vpc.vpc-dev.id
13 | cidr_block = "10.0.1.0/24"
14 | availability_zone = "us-east-1a"
15 | map_public_ip_on_launch = true
16 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.dev-vpc-sg
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c2-vpc.tf:42-70
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
42 | resource "aws_security_group" "dev-vpc-sg" {
43 | name = "dev-vpc-default-sg"
44 | description = "Dev VPC Default Security Group"
45 | vpc_id = aws_vpc.vpc-dev.id
46 |
47 | ingress {
48 | description = "Allow Port 22"
49 | from_port = 22
50 | to_port = 22
51 | protocol = "tcp"
52 | cidr_blocks = ["0.0.0.0/0"]
53 | }
54 |
55 | ingress {
56 | description = "Allow Port 80"
57 | from_port = 80
58 | to_port = 80
59 | protocol = "tcp"
60 | cidr_blocks = ["0.0.0.0/0"]
61 | }
62 |
63 | egress {
64 | description = "Allow all IP and Ports Outbound"
65 | from_port = 0
66 | to_port = 0
67 | protocol = "-1"
68 | cidr_blocks = ["0.0.0.0/0"]
69 | }
70 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.dev-vpc-sg
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c2-vpc.tf:42-70
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
42 | resource "aws_security_group" "dev-vpc-sg" {
43 | name = "dev-vpc-default-sg"
44 | description = "Dev VPC Default Security Group"
45 | vpc_id = aws_vpc.vpc-dev.id
46 |
47 | ingress {
48 | description = "Allow Port 22"
49 | from_port = 22
50 | to_port = 22
51 | protocol = "tcp"
52 | cidr_blocks = ["0.0.0.0/0"]
53 | }
54 |
55 | ingress {
56 | description = "Allow Port 80"
57 | from_port = 80
58 | to_port = 80
59 | protocol = "tcp"
60 | cidr_blocks = ["0.0.0.0/0"]
61 | }
62 |
63 | egress {
64 | description = "Allow all IP and Ports Outbound"
65 | from_port = 0
66 | to_port = 0
67 | protocol = "-1"
68 | cidr_blocks = ["0.0.0.0/0"]
69 | }
70 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests-oldv1/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_130: "Ensure VPC subnets do not assign public IP by default"
FAILED for resource: aws_subnet.vpc-dev-public-subnet-1
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c2-vpc.tf:11-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default.html
11 | resource "aws_subnet" "vpc-dev-public-subnet-1" {
12 | vpc_id = aws_vpc.vpc-dev.id
13 | cidr_block = "10.0.1.0/24"
14 | availability_zone = "us-east-1a"
15 | map_public_ip_on_launch = true
16 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.dev-vpc-sg
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c2-vpc.tf:42-70
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
42 | resource "aws_security_group" "dev-vpc-sg" {
43 | name = "dev-vpc-default-sg"
44 | description = "Dev VPC Default Security Group"
45 | vpc_id = aws_vpc.vpc-dev.id
46 |
47 | ingress {
48 | description = "Allow Port 22"
49 | from_port = 22
50 | to_port = 22
51 | protocol = "tcp"
52 | cidr_blocks = ["0.0.0.0/0"]
53 | }
54 |
55 | ingress {
56 | description = "Allow Port 80"
57 | from_port = 80
58 | to_port = 80
59 | protocol = "tcp"
60 | cidr_blocks = ["0.0.0.0/0"]
61 | }
62 |
63 | egress {
64 | description = "Allow all IP and Ports Outbound"
65 | from_port = 0
66 | to_port = 0
67 | protocol = "-1"
68 | cidr_blocks = ["0.0.0.0/0"]
69 | }
70 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.dev-vpc-sg
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c2-vpc.tf:42-70
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
42 | resource "aws_security_group" "dev-vpc-sg" {
43 | name = "dev-vpc-default-sg"
44 | description = "Dev VPC Default Security Group"
45 | vpc_id = aws_vpc.vpc-dev.id
46 |
47 | ingress {
48 | description = "Allow Port 22"
49 | from_port = 22
50 | to_port = 22
51 | protocol = "tcp"
52 | cidr_blocks = ["0.0.0.0/0"]
53 | }
54 |
55 | ingress {
56 | description = "Allow Port 80"
57 | from_port = 80
58 | to_port = 80
59 | protocol = "tcp"
60 | cidr_blocks = ["0.0.0.0/0"]
61 | }
62 |
63 | egress {
64 | description = "Allow all IP and Ports Outbound"
65 | from_port = 0
66 | to_port = 0
67 | protocol = "-1"
68 | cidr_blocks = ["0.0.0.0/0"]
69 | }
70 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TMadhu"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/oldv1-backup/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TJames"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/oldv1-backup/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TDave"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/oldv1-backup/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TJack"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/oldv1-backup/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TMadhu"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TJames"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TDave"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
FAILED for resource: aws_iam_user.myuser["TJack"]
File: /04-Terraform-Resources/04-04-Meta-Argument-for_each/v2-for_each-toset/c2-iamuser.tf:4-7
4 | resource "aws_iam_user" "myuser" {
5 | for_each = toset(["TJack", "TJames", "TMadhu", "TDave"])
6 | name = each.key
7 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
FAILED for resource: aws_db_instance.db1
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v10-Sensitive-Input-Variables/c3-rds-db.tf:3-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
3 | resource "aws_db_instance" "db1" {
4 | allocated_storage = 5
5 | engine = "mysql"
6 | instance_class = "db.t2.micro"
7 | name = "mydb1"
8 | username = var.db_username
9 | password = var.db_password
10 | skip_final_snapshot = true
11 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all IP and Ports outbound"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC Web"
25 |
26 | ingress {
27 | description = "Allow Port 80"
28 | from_port = 80
29 | to_port = 80
30 | protocol = "tcp"
31 | cidr_blocks = ["0.0.0.0/0"]
32 | }
33 |
34 | ingress {
35 | description = "Allow Port 443"
36 | from_port = 443
37 | to_port = 443
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 |
42 | egress {
43 | description = "Allow all IP and Ports outbound"
44 | from_port = 0
45 | to_port = 0
46 | protocol = "-1"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /06-Terraform-Datasources/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /06-Terraform-Datasources/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c3-security-groups.tf:22-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 | /*
33 | # Enable during Step-08
34 | ingress {
35 | description = "Allow Port 8080"
36 | from_port = 8080
37 | to_port = 8080
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 | */
42 | ingress {
43 | description = "Allow Port 443"
44 | from_port = 443
45 | to_port = 443
46 | protocol = "tcp"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 |
50 | egress {
51 | description = "Allow all ip and ports outbound"
52 | from_port = 0
53 | to_port = 0
54 | protocol = "-1"
55 | cidr_blocks = ["0.0.0.0/0"]
56 | }
57 |
58 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c3-security-groups.tf:22-58
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 | /*
33 | # Enable during Step-08
34 | ingress {
35 | description = "Allow Port 8080"
36 | from_port = 8080
37 | to_port = 8080
38 | protocol = "tcp"
39 | cidr_blocks = ["0.0.0.0/0"]
40 | }
41 | */
42 | ingress {
43 | description = "Allow Port 443"
44 | from_port = 443
45 | to_port = 443
46 | protocol = "tcp"
47 | cidr_blocks = ["0.0.0.0/0"]
48 | }
49 |
50 | egress {
51 | description = "Allow all ip and ports outbound"
52 | from_port = 0
53 | to_port = 0
54 | protocol = "-1"
55 | cidr_blocks = ["0.0.0.0/0"]
56 | }
57 |
58 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /08-Terraform-Workspaces/v1-local-backend/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /08-Terraform-Workspaces/v1-local-backend/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /08-Terraform-Workspaces/v2-remote-backend/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /08-Terraform-Workspaces/v2-remote-backend/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
FAILED for resource: aws_security_group.vpc-ssh
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c3-security-groups.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
2 | resource "aws_security_group" "vpc-ssh" {
3 | name = "vpc-ssh-${terraform.workspace}"
4 | description = "Dev VPC SSH"
5 | ingress {
6 | description = "Allow Port 22"
7 | from_port = 22
8 | to_port = 22
9 | protocol = "tcp"
10 | cidr_blocks = ["0.0.0.0/0"]
11 | }
12 | egress {
13 | description = "Allow all ip and ports outboun"
14 | from_port = 0
15 | to_port = 0
16 | protocol = "-1"
17 | cidr_blocks = ["0.0.0.0/0"]
18 | }
19 | }
Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
FAILED for resource: aws_security_group.vpc-web
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c3-security-groups.tf:22-49
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
22 | resource "aws_security_group" "vpc-web" {
23 | name = "vpc-web-${terraform.workspace}"
24 | description = "Dev VPC web"
25 | ingress {
26 | description = "Allow Port 80"
27 | from_port = 80
28 | to_port = 80
29 | protocol = "tcp"
30 | cidr_blocks = ["0.0.0.0/0"]
31 | }
32 |
33 | ingress {
34 | description = "Allow Port 443"
35 | from_port = 443
36 | to_port = 443
37 | protocol = "tcp"
38 | cidr_blocks = ["0.0.0.0/0"]
39 | }
40 |
41 | egress {
42 | description = "Allow all ip and ports outbound"
43 | from_port = 0
44 | to_port = 0
45 | protocol = "-1"
46 | cidr_blocks = ["0.0.0.0/0"]
47 | }
48 |
49 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV_AWS_70: "Ensure S3 bucket does not allow an action with any Principal"
FAILED for resource: aws_s3_bucket.s3_bucket
File: /10-Terraform-Modules/10-02-Terraform-Build-a-Module/Oldv1- backup/v2-host-static-website-on-s3-using-terraform-manifests/main.tf:2-29
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/s3-policies/bc-aws-s3-23.html
2 | resource "aws_s3_bucket" "s3_bucket" {
3 | bucket = var.bucket_name
4 | acl = "public-read"
5 | policy = <Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /04-Terraform-Resources/04-02-Meta-Argument-depends_on/terraform-manifests/c3-ec2-instance.tf:2-20
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | key_name = "terraform-key"
6 | subnet_id = aws_subnet.vpc-dev-public-subnet-1.id
7 | vpc_security_group_ids = [aws_security_group.dev-vpc-sg.id]
8 | #user_data = file("apache-install.sh")
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
16 | EOF
17 | tags = {
18 | "Name" = "myec2vm"
19 | }
20 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[0]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/oldv1-backup/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v1-create_before_destroy/c2-ec2-instance.tf:2-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | availability_zone = "us-east-1a"
6 | #availability_zone = "us-east-1b"
7 | tags = {
8 | "Name" = "web-1"
9 | }
10 | /*
11 | lifecycle {
12 | create_before_destroy = true
13 | }
14 | */
15 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v2-prevent_destroy/c2-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-2"
7 | }
8 | lifecycle {
9 | prevent_destroy = true # Default is false
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web
File: /04-Terraform-Resources/04-05-Meta-Argument-lifecycle/v3-ignore_changes/c2-ec2-instance.tf:2-16
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-0915bcb5fa77e4892" # Amazon Linux
4 | instance_type = "t2.micro"
5 | tags = {
6 | "Name" = "web-3"
7 | }
8 | /*
9 | lifecycle {
10 | ignore_changes = [
11 | # Ignore changes to tags, e.g. because a management agent
12 | # updates these based on some ruleset managed elsewhere.
13 | tags,
14 | ]
15 | }*/
16 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v1-Input-Variables-Basic/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = "t3.micro"
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v11-File-Function/c4-ec2-instance.tf:2-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = file("apache-install.sh")
8 | /*
9 | user_data = <<-EOF
10 | #!/bin/bash
11 | sudo yum update -y
12 | sudo yum install httpd -y
13 | sudo systemctl enable httpd
14 | sudo systemctl start httpd
15 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
16 | EOF
17 | */
18 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
19 | tags = {
20 | "Name" = "web"
21 | }
22 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v2-Input-Variables-Assign-when-prompted/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v5-Input-Variables-Assign-with-terraform-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v6-Input-Variables-Assign-with-tfvars-var-file/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v7-Input-Variables-Assign-with-auto-tfvars/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v9-Input-Variables-Validation-Rules/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests-oldv1/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /05-Terraform-Variables/05-02-Terraform-Output-Values/terraform-manifests/c4-ec2-instance.tf:2-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | /*
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform" > /var/www/html/index.html
15 | EOF
16 | */
17 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
18 | tags = {
19 | "Name" = "web"
20 | }
21 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /06-Terraform-Datasources/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-01-Terraform-Remote-State-Storage-and-Locking/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests-oldv1/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /07-Terraform-State/07-02-Terraform-State-Commands/terraform-manifests/c4-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | #instance_type = "t2.micro"
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "amz-linux-vm"
11 | #"demotag" = "refreshtest" # Enable during Step-04-05
12 | #"target" = "Target-Test-1" # Enable during step-08
13 | }
14 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/Oldv1-backup/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v1-local-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /08-Terraform-Workspaces/v2-remote-backend/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | count = terraform.workspace == "default" ? 2 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-01-File-Provisioner/terraform-manifests/c4-ec2-instance.tf:2-57
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-02-remote-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # Connection Block for Provisioners to connect to EC2 Instance
14 | connection {
15 | type = "ssh"
16 | host = self.public_ip # Understand what is "self"
17 | user = "ec2-user"
18 | password = ""
19 | private_key = file("private-key/terraform-key.pem")
20 | }
21 |
22 | # Copies the file-copy.html file to /tmp/file-copy.html
23 | provisioner "file" {
24 | source = "apps/file-copy.html"
25 | destination = "/tmp/file-copy.html"
26 | }
27 |
28 | # Copies the file to Apache Webserver /var/www/html directory
29 | provisioner "remote-exec" {
30 | inline = [
31 | "sleep 120", # Will sleep for 120 seconds to ensure Apache webserver is provisioned using user_data
32 | "sudo cp /tmp/file-copy.html /var/www/html"
33 | ]
34 | }
35 |
36 |
37 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests-oldv1/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-03-local-exec-provisioner/terraform-manifests/c4-ec2-instance.tf:2-27
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 |
13 | # local-exec provisioner (Creation-Time Provisioner - Triggered during Create Resource)
14 | provisioner "local-exec" {
15 | command = "echo ${aws_instance.my-ec2-vm.private_ip} >> creation-time-private-ip.txt"
16 | working_dir = "local-exec-output-files/"
17 | #on_failure = continue
18 | }
19 |
20 | # local-exec provisioner - (Destroy-Time Provisioner - Triggered during Destroy Resource)
21 | provisioner "local-exec" {
22 | when = destroy
23 | command = "echo Destroy-time provisioner Instanace Destroyed at `date` >> destroy-time.txt"
24 | working_dir = "local-exec-output-files/"
25 | }
26 |
27 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /09-Terraform-Provisioners/09-04-Null-Resource/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #count = terraform.workspace == "default" ? 1 : 1
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "vm-${terraform.workspace}-0"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /11-Terraform-Cloud-and-Enterprise-Capabilities/11-01-Terraform-Cloud-Github-Integration/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /11-Terraform-Cloud-and-Enterprise-Capabilities/11-01-Terraform-Cloud-Github-Integration/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /11-Terraform-Cloud-and-Enterprise-Capabilities/11-04-Migrate-State-to-Terraform-Cloud/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | #key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /11-Terraform-Cloud-and-Enterprise-Capabilities/11-04-Migrate-State-to-Terraform-Cloud/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | #key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /12-Terraform-Cloud-and-Sentinel/12-02-Control-Costs-with-Sentinel-Policies/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /12-Terraform-Cloud-and-Sentinel/12-02-Control-Costs-with-Sentinel-Policies/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.myec2vm
File: /13-Terraform-State-Import/Oldv1-backup/v1-ec2-instance/c2-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "myec2vm" {
3 |
4 | /*
5 | ami = "ami-038f1ca1bd58a5790"
6 | #instance_type = "t2.micro"
7 | instance_type = "t2.small" # Enabling it as part of Step-06
8 | availability_zone = "us-east-1e"
9 | key_name = "terraform-key"
10 | tags = {
11 | "Name" = "State-Import-Demo"
12 | }
13 | */
14 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.myec2vm
File: /13-Terraform-State-Import/v1-ec2-instance/c2-ec2-instance.tf:2-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "myec2vm" {
3 |
4 | /*
5 | ami = "ami-038f1ca1bd58a5790"
6 | #instance_type = "t2.micro"
7 | instance_type = "t2.small" # Enabling it as part of Step-06
8 | availability_zone = "us-east-1e"
9 | key_name = "terraform-key"
10 | tags = {
11 | "Name" = "State-Import-Demo"
12 | }
13 | */
14 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /14-Terraform-Graph/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /14-Terraform-Graph/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | count = 1
6 | key_name = "terraform-key"
7 | user_data = file("apache-install.sh")
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "Terraform-Cloud-${count.index}"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /15-Terraform-Expressions/15-01-Terraform-Functions/terraform-manifests-oldv1/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #user_data = file("apache-install.sh")
7 | user_data = templatefile("user_data.tmpl", {package_name = var.package_name})
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "TF-Functions-Demo-1"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /15-Terraform-Expressions/15-01-Terraform-Functions/terraform-manifests/c4-ec2-instance.tf:2-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | #user_data = file("apache-install.sh")
7 | user_data = templatefile("user_data.tmpl", {package_name = var.package_name})
8 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
9 | tags = {
10 | "Name" = "TF-Functions-Demo-1"
11 | }
12 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /15-Terraform-Expressions/15-02-Terraform-Dynamic-Expressions/terraform-manifests-oldv1/c4-ec2-instance.tf:19-29
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
19 | resource "aws_instance" "my-ec2-vm" {
20 | ami = data.aws_ami.amzlinux.id
21 | instance_type = var.instance_type
22 | key_name = "terraform-key"
23 | user_data = file("apache-install.sh")
24 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
25 | # Dynamic Expressions
26 | count = (var.high_availability == true ? 2 : 1)
27 | tags = local.common_tags
28 | availability_zone = var.availability_zones[count.index]
29 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[0]
File: /15-Terraform-Expressions/15-02-Terraform-Dynamic-Expressions/terraform-manifests/c4-ec2-instance.tf:19-29
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
19 | resource "aws_instance" "my-ec2-vm" {
20 | ami = data.aws_ami.amzlinux.id
21 | instance_type = var.instance_type
22 | key_name = "terraform-key"
23 | user_data = file("apache-install.sh")
24 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
25 | # Dynamic Expressions
26 | count = (var.high_availability == true ? 2 : 1)
27 | tags = local.common_tags
28 | availability_zone = var.availability_zones[count.index]
29 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /16-Terraform-Debug/terraform-manifests-oldv1/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm
File: /16-Terraform-Debug/terraform-manifests/c4-ec2-instance.tf:2-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = data.aws_ami.amzlinux.id
4 | instance_type = var.instance_type
5 | key_name = "terraform-key"
6 | user_data = file("apache-install.sh")
7 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
8 | tags = {
9 | "Name" = "amz-linux-vm"
10 | }
11 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests-oldv1/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[1]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[2]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[3]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.web[4]
File: /04-Terraform-Resources/04-03-Meta-Argument-count/terraform-manifests/c2-ec2-instance.tf:2-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "web" {
3 | ami = "ami-047a51fa27710816e" # Amazon Linux
4 | instance_type = "t2.micro"
5 | count = 5
6 | tags = {
7 | "Name" = "web"
8 | #"Name" = "web-${count.index}"
9 | }
10 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/Oldv1-backup/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v3-Input-Variables-Override-default-with-cli-var/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v4-Input-Variables-Override-with-Environment-Variables/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-01-Input-Variables-Lists/c4-ec2-instance.tf:2-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | instance_type = var.ec2_instance_type[0]
5 | key_name = "terraform-key"
6 | count = var.ec2_instance_count
7 | user_data = <<-EOF
8 | #!/bin/bash
9 | sudo yum update -y
10 | sudo yum install httpd -y
11 | sudo systemctl enable httpd
12 | sudo systemctl start httpd
13 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
14 | EOF
15 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
16 | tags = {
17 | "Name" = "myec2vm"
18 | }
19 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: aws_instance.my-ec2-vm[1]
File: /05-Terraform-Variables/05-01-Terraform-Input-Variables/v8-02-Input-Variables-Maps/c4-ec2-instance.tf:2-18
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
2 | resource "aws_instance" "my-ec2-vm" {
3 | ami = var.ec2_ami_id
4 | #instance_type = var.ec2_instance_type[0]
5 | instance_type = var.ec2_instance_type_map["big-apps"]
6 | key_name = "terraform-key"
7 | count = var.ec2_instance_count
8 | user_data = <<-EOF
9 | #!/bin/bash
10 | sudo yum update -y
11 | sudo yum install httpd -y
12 | sudo systemctl enable httpd
13 | sudo systemctl start httpd
14 | echo "Welcome to StackSimplify ! AWS Infra created using Terraform in us-east-1 Region
" > /var/www/html/index.html
15 | EOF
16 | vpc_security_group_ids = [aws_security_group.vpc-ssh.id, aws_security_group.vpc-web.id]
17 | tags = var.ec2_instance_tags
18 | }
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools