terraform-aws-modules / terraform-aws-ecs

Repository	terraform-aws-modules / terraform-aws-ecs
Description	Terraform module which creates AWS ECS resources 🇺🇦
Stars	428
Failed Checks	Security Scanning
Scan Date	2023-10-30 17:57:40
Security Scanning

This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
Remediate the findings identified by one of the recommended Terraform security scanning tools (example checkov output found below)
Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output

                
                  2023-10-05 14:48:04,310 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:~>5.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:48:04,310 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/alb/aws:~>8.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:48:04,310 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/autoscaling/aws:~>6.5 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:48:04,310 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:~>5.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 718, Failed checks: 56, Skipped checks: 0

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_cluster_disabled.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /examples/complete/main.tf:153-157
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_cluster_disabled.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /examples/complete/main.tf:153-157

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: module.ecs_cluster_disabled.aws_cloudwatch_log_group.this[0]
	File: /modules/cluster/main.tf:99-107
	Calling File: /examples/complete/main.tf:153-157

		99  | resource "aws_cloudwatch_log_group" "this" {
		100 |   count = var.create && var.create_cloudwatch_log_group ? 1 : 0
		101 | 
		102 |   name              = "/aws/ecs/${var.cluster_name}"
		103 |   retention_in_days = var.cloudwatch_log_group_retention_in_days
		104 |   kms_key_id        = var.cloudwatch_log_group_kms_key_id
		105 | 
		106 |   tags = merge(var.tags, var.cloudwatch_log_group_tags)
		107 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /examples/fargate/main.tf:28-49
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /examples/fargate/main.tf:28-49

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: module.ecs_cluster.aws_cloudwatch_log_group.this[0]
	File: /modules/cluster/main.tf:99-107
	Calling File: /examples/fargate/main.tf:28-49

		99  | resource "aws_cloudwatch_log_group" "this" {
		100 |   count = var.create && var.create_cloudwatch_log_group ? 1 : 0
		101 | 
		102 |   name              = "/aws/ecs/${var.cluster_name}"
		103 |   retention_in_days = var.cloudwatch_log_group_retention_in_days
		104 |   kms_key_id        = var.cloudwatch_log_group_kms_key_id
		105 | 
		106 |   tags = merge(var.tags, var.cloudwatch_log_group_tags)
		107 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs.module.cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /main.tf:5-44
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs.module.cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /main.tf:5-44

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: module.ecs.module.cluster.aws_cloudwatch_log_group.this[0]
	File: /modules/cluster/main.tf:99-107
	Calling File: /main.tf:5-44

		99  | resource "aws_cloudwatch_log_group" "this" {
		100 |   count = var.create && var.create_cloudwatch_log_group ? 1 : 0
		101 | 
		102 |   name              = "/aws/ecs/${var.cluster_name}"
		103 |   retention_in_days = var.cloudwatch_log_group_retention_in_days
		104 |   kms_key_id        = var.cloudwatch_log_group_kms_key_id
		105 | 
		106 |   tags = merge(var.tags, var.cloudwatch_log_group_tags)
		107 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_disabled.module.cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /main.tf:5-44
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_disabled.module.cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /main.tf:5-44

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: module.ecs_disabled.module.cluster.aws_cloudwatch_log_group.this[0]
	File: /modules/cluster/main.tf:99-107
	Calling File: /main.tf:5-44

		99  | resource "aws_cloudwatch_log_group" "this" {
		100 |   count = var.create && var.create_cloudwatch_log_group ? 1 : 0
		101 | 
		102 |   name              = "/aws/ecs/${var.cluster_name}"
		103 |   retention_in_days = var.cloudwatch_log_group_retention_in_days
		104 |   kms_key_id        = var.cloudwatch_log_group_kms_key_id
		105 | 
		106 |   tags = merge(var.tags, var.cloudwatch_log_group_tags)
		107 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.wrapper.module.cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /main.tf:5-44
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.wrapper.module.cluster.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /main.tf:5-44

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_65: "Ensure container insights are enabled on ECS cluster"
	FAILED for resource: module.wrapper.module.cluster.aws_ecs_cluster.this
	File: /modules/cluster/main.tf:16-93
	Calling File: /main.tf:5-44
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-11.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_224: "Ensure ECS Cluster logging uses CMK"
	FAILED for resource: module.wrapper.module.cluster.aws_ecs_cluster.this
	File: /modules/cluster/main.tf:16-93
	Calling File: /main.tf:5-44
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-cluster-logging-is-encrypted-using-a-customer-managed-key-cmk.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.wrapper.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /wrappers/cluster/main.tf:1-34
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.wrapper.aws_iam_policy_document.task_exec
	File: /modules/cluster/main.tf:224-309
	Calling File: /wrappers/cluster/main.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_65: "Ensure container insights are enabled on ECS cluster"
	FAILED for resource: module.wrapper.aws_ecs_cluster.this
	File: /modules/cluster/main.tf:16-93
	Calling File: /wrappers/cluster/main.tf:1-34
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-11.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_224: "Ensure ECS Cluster logging uses CMK"
	FAILED for resource: module.wrapper.aws_ecs_cluster.this
	File: /modules/cluster/main.tf:16-93
	Calling File: /wrappers/cluster/main.tf:1-34
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-cluster-logging-is-encrypted-using-a-customer-managed-key-cmk.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.service_disabled.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /examples/complete/main.tf:159-163
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.service_disabled.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /examples/complete/main.tf:159-163

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.service_disabled.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /examples/complete/main.tf:159-163
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.service_disabled.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /examples/complete/main.tf:159-163

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_97: "Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions"
	FAILED for resource: module.service_disabled.aws_ecs_task_definition.this[0]
	File: /modules/service/main.tf:609-738
	Calling File: /examples/complete/main.tf:159-163
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /examples/fargate/main.tf:55-155
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /examples/fargate/main.tf:55-155

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /examples/fargate/main.tf:55-155
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /examples/fargate/main.tf:55-155

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_97: "Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions"
	FAILED for resource: module.ecs_service.aws_ecs_task_definition.this[0]
	File: /modules/service/main.tf:609-738
	Calling File: /examples/fargate/main.tf:55-155
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs.module.service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs.module.service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /main.tf:50-192

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs.module.service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs.module.service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /main.tf:50-192

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_97: "Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions"
	FAILED for resource: module.ecs.module.service.aws_ecs_task_definition.this
	File: /modules/service/main.tf:609-738
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_disabled.module.service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_disabled.module.service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /main.tf:50-192

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.ecs_disabled.module.service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.ecs_disabled.module.service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /main.tf:50-192

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_97: "Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions"
	FAILED for resource: module.ecs_disabled.module.service.aws_ecs_task_definition.this
	File: /modules/service/main.tf:609-738
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.wrapper.module.service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.wrapper.module.service.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /main.tf:50-192

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.wrapper.module.service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.wrapper.module.service.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /main.tf:50-192

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_97: "Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions"
	FAILED for resource: module.wrapper.module.service.aws_ecs_task_definition.this
	File: /modules/service/main.tf:609-738
	Calling File: /main.tf:50-192
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.wrapper.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /wrappers/service/main.tf:1-126
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.wrapper.aws_iam_policy_document.service
	File: /modules/service/main.tf:442-499
	Calling File: /wrappers/service/main.tf:1-126

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.wrapper.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /wrappers/service/main.tf:1-126
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.wrapper.aws_iam_policy_document.task_exec
	File: /modules/service/main.tf:788-873
	Calling File: /wrappers/service/main.tf:1-126

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_97: "Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions"
	FAILED for resource: module.wrapper.aws_ecs_task_definition.this
	File: /modules/service/main.tf:609-738
	Calling File: /wrappers/service/main.tf:1-126
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.service_disabled.aws_security_group.this[0]
	File: /modules/service/main.tf:1297-1310
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		1297 | resource "aws_security_group" "this" {
		1298 |   count = local.create_security_group ? 1 : 0
		1299 | 
		1300 |   name        = var.security_group_use_name_prefix ? null : local.security_group_name
		1301 |   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
		1302 |   description = var.security_group_description
		1303 |   vpc_id      = data.aws_subnet.this[0].vpc_id
		1304 | 
		1305 |   tags = merge(var.tags, var.security_group_tags)
		1306 | 
		1307 |   lifecycle {
		1308 |     create_before_destroy = true
		1309 |   }
		1310 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.ecs_service.aws_security_group.this
	File: /modules/service/main.tf:1297-1310
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		1297 | resource "aws_security_group" "this" {
		1298 |   count = local.create_security_group ? 1 : 0
		1299 | 
		1300 |   name        = var.security_group_use_name_prefix ? null : local.security_group_name
		1301 |   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
		1302 |   description = var.security_group_description
		1303 |   vpc_id      = data.aws_subnet.this[0].vpc_id
		1304 | 
		1305 |   tags = merge(var.tags, var.security_group_tags)
		1306 | 
		1307 |   lifecycle {
		1308 |     create_before_destroy = true
		1309 |   }
		1310 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.ecs.module.service.aws_security_group.this
	File: /modules/service/main.tf:1297-1310
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		1297 | resource "aws_security_group" "this" {
		1298 |   count = local.create_security_group ? 1 : 0
		1299 | 
		1300 |   name        = var.security_group_use_name_prefix ? null : local.security_group_name
		1301 |   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
		1302 |   description = var.security_group_description
		1303 |   vpc_id      = data.aws_subnet.this[0].vpc_id
		1304 | 
		1305 |   tags = merge(var.tags, var.security_group_tags)
		1306 | 
		1307 |   lifecycle {
		1308 |     create_before_destroy = true
		1309 |   }
		1310 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.ecs_disabled.module.service.aws_security_group.this
	File: /modules/service/main.tf:1297-1310
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		1297 | resource "aws_security_group" "this" {
		1298 |   count = local.create_security_group ? 1 : 0
		1299 | 
		1300 |   name        = var.security_group_use_name_prefix ? null : local.security_group_name
		1301 |   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
		1302 |   description = var.security_group_description
		1303 |   vpc_id      = data.aws_subnet.this[0].vpc_id
		1304 | 
		1305 |   tags = merge(var.tags, var.security_group_tags)
		1306 | 
		1307 |   lifecycle {
		1308 |     create_before_destroy = true
		1309 |   }
		1310 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.wrapper.module.service.aws_security_group.this
	File: /modules/service/main.tf:1297-1310
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		1297 | resource "aws_security_group" "this" {
		1298 |   count = local.create_security_group ? 1 : 0
		1299 | 
		1300 |   name        = var.security_group_use_name_prefix ? null : local.security_group_name
		1301 |   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
		1302 |   description = var.security_group_description
		1303 |   vpc_id      = data.aws_subnet.this[0].vpc_id
		1304 | 
		1305 |   tags = merge(var.tags, var.security_group_tags)
		1306 | 
		1307 |   lifecycle {
		1308 |     create_before_destroy = true
		1309 |   }
		1310 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.wrapper.aws_security_group.this
	File: /modules/service/main.tf:1297-1310
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		1297 | resource "aws_security_group" "this" {
		1298 |   count = local.create_security_group ? 1 : 0
		1299 | 
		1300 |   name        = var.security_group_use_name_prefix ? null : local.security_group_name
		1301 |   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
		1302 |   description = var.security_group_description
		1303 |   vpc_id      = data.aws_subnet.this[0].vpc_id
		1304 | 
		1305 |   tags = merge(var.tags, var.security_group_tags)
		1306 | 
		1307 |   lifecycle {
		1308 |     create_before_destroy = true
		1309 |   }
		1310 | }

github_actions scan results:

Passed checks: 99, Failed checks: 5, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Lock Threads)
	File: /.github/workflows/lock.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Pre-Commit)
	File: /.github/workflows/pre-commit.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Validate PR title)
	File: /.github/workflows/pr-title.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Mark or close stale issues and PRs)
	File: /.github/workflows/stale-actions.yaml:0-1
Experience Builder

Terraform

< Back

Repository

terraform-aws-modules / terraform-aws-ecs

Description

Stars

Failed Checks

Scan Date

Security Scanning

Checkov Output
