chore(checkov): Suppresses CKV_AWS_378 rule (#339)

aws-games · Oct 2, 2024 · c2589d9 · c2589d9
1 parent 3096383
commit c2589d9
Show file tree

Hide file tree

Showing 8 changed files with 148 additions and 143 deletions.
diff --git a/modules/jenkins/README.md b/modules/jenkins/README.md
diff --git a/modules/jenkins/alb.tf b/modules/jenkins/alb.tf
@@ -106,6 +106,7 @@ resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
 }
 
 resource "aws_lb_target_group" "jenkins_alb_target_group" {
+  #checkov:skip=CKV_AWS_378: Using ALB for TLS termination
   name        = "${local.name_prefix}-tg"
   port        = var.container_port
   protocol    = "HTTP"

diff --git a/modules/perforce/helix-authentication-service/README.md b/modules/perforce/helix-authentication-service/README.md
@@ -6,17 +6,17 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.68.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | 1.15.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.69.0 |
+| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | 1.16.1 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.3 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.59.0 |
-| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 1.6.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.69.0 |
+| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 1.16.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.3 |
 
 ## Modules
 
@@ -26,39 +26,39 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.helix_authentication_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/cloudwatch_log_group) | resource |
-| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/ecs_cluster) | resource |
-| [aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/ecs_cluster_capacity_providers) | resource |
-| [aws_ecs_service.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/ecs_service) | resource |
-| [aws_ecs_task_definition.helix_authentication_service_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/ecs_task_definition) | resource |
-| [aws_iam_policy.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/iam_policy) | resource |
-| [aws_iam_role.helix_authentication_service_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/iam_role) | resource |
-| [aws_iam_role.helix_authentication_service_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/iam_role) | resource |
-| [aws_lb.helix_authentication_service_alb](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/lb) | resource |
-| [aws_lb_listener.helix_authentication_service_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/lb_listener) | resource |
-| [aws_lb_target_group.helix_authentication_service_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/lb_target_group) | resource |
-| [aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_security_group.helix_authentication_service_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/security_group) | resource |
-| [aws_security_group.helix_authentication_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/security_group) | resource |
-| [aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/vpc_security_group_egress_rule) | resource |
-| [aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/resources/vpc_security_group_ingress_rule) | resource |
-| [awscc_secretsmanager_secret.helix_authentication_service_admin_password](https://registry.terraform.io/providers/hashicorp/awscc/1.15.0/docs/resources/secretsmanager_secret) | resource |
-| [awscc_secretsmanager_secret.helix_authentication_service_admin_username](https://registry.terraform.io/providers/hashicorp/awscc/1.15.0/docs/resources/secretsmanager_secret) | resource |
+| [aws_cloudwatch_log_group.helix_authentication_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/cloudwatch_log_group) | resource |
+| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ecs_cluster) | resource |
+| [aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ecs_cluster_capacity_providers) | resource |
+| [aws_ecs_service.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ecs_service) | resource |
+| [aws_ecs_task_definition.helix_authentication_service_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ecs_task_definition) | resource |
+| [aws_iam_policy.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_policy) | resource |
+| [aws_iam_role.helix_authentication_service_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_role) | resource |
+| [aws_iam_role.helix_authentication_service_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_role) | resource |
+| [aws_lb.helix_authentication_service_alb](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/lb) | resource |
+| [aws_lb_listener.helix_authentication_service_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/lb_listener) | resource |
+| [aws_lb_target_group.helix_authentication_service_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/lb_target_group) | resource |
+| [aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_security_group.helix_authentication_service_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/security_group) | resource |
+| [aws_security_group.helix_authentication_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [awscc_secretsmanager_secret.helix_authentication_service_admin_password](https://registry.terraform.io/providers/hashicorp/awscc/1.16.1/docs/resources/secretsmanager_secret) | resource |
+| [awscc_secretsmanager_secret.helix_authentication_service_admin_username](https://registry.terraform.io/providers/hashicorp/awscc/1.16.1/docs/resources/secretsmanager_secret) | resource |
 | [random_string.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
 | [random_string.helix_authentication_service_alb_access_logs_bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource |
-| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/ecs_cluster) | data source |
-| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/elb_service_account) | data source |
-| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.68.0/docs/data-sources/region) | data source |
+| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/ecs_cluster) | data source |
+| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/elb_service_account) | data source |
+| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/region) | data source |
 
 ## Inputs
 

diff --git a/modules/perforce/helix-authentication-service/alb.tf b/modules/perforce/helix-authentication-service/alb.tf
@@ -103,8 +103,8 @@ resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
   restrict_public_buckets = true
 }
 
-
 resource "aws_lb_target_group" "helix_authentication_service_alb_target_group" {
+  #checkov:skip=CKV_AWS_378: Using ALB for TLS termination
   name        = "${local.name_prefix}-tg"
   port        = var.container_port
   protocol    = "HTTP"