Experience Builder


Terraform

< Back

Repository
zerodha / nomad-cluster-setup
Description

Terraform modules for creating Nomad servers and clients nodes on AWS.

Stars

 120

Failed Checks

  •  Security Scanning
     Linting

    • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                  2023-10-05 15:02:36,740 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/alb/aws:~>6.0 (for external modules, the --download-external-modules flag is required)
2023-10-05 15:02:36,740 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/zerodha/nomad-cluster-setup//nomad-clients?ref=main:None (for external modules, the --download-external-modules flag is required)
2023-10-05 15:02:36,740 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/alb/aws:~>8.2.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 15:02:36,740 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/zerodha/nomad-cluster-setup//nomad-servers?ref=main:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 54, Failed checks: 4, Skipped checks: 0

Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
	FAILED for resource: aws_autoscaling_group.nomad_client
	File: /modules/nomad-clients/asg.tf:1-67

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: aws_launch_template.nomad_client
	File: /modules/nomad-clients/launch_template.tf:1-67
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: aws_launch_template.nomad_server
	File: /modules/nomad-servers/launch_template.tf:1-66
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.demo_client_nomad
	File: /examples/complete-cluster-asg/nomad-clients.tf:87-110
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html

		87  | resource "aws_security_group" "demo_client_nomad" {
		88  |   name        = "demo-client-nomad-alb"
		89  |   description = "ALB SG for demo-client-nomad"
		90  |   vpc_id      = "vpc-xyz"
		91  | 
		92  |   ingress = []
		93  |   egress = [
		94  |     {
		95  |       description      = "Allow all outgoing traffic"
		96  |       from_port        = 0
		97  |       to_port          = 0
		98  |       protocol         = "-1"
		99  |       cidr_blocks      = ["0.0.0.0/0"]
		100 |       ipv6_cidr_blocks = ["::/0"]
		101 |       prefix_list_ids  = []
		102 |       security_groups  = []
		103 |       self             = false
		104 |     }
		105 |   ]
		106 | 
		107 |   tags = {
		108 |     Name = "demo-client-nomad-alb"
		109 |   }
		110 | }

github_actions scan results:

Passed checks: 19, Failed checks: 1, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Generate Terraform Module Documentation)
	File: /.github/workflows/documentation.yml:0-1

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: