Skip to content

fix( DMVP-2690) : Added kms key support #227

fix( DMVP-2690) : Added kms key support

fix( DMVP-2690) : Added kms key support #227

Triggered via pull request September 18, 2023 09:12
@mrdntgrnmrdntgrn
synchronize #316
DMVP-2690
Status Success
Total duration 4m 35s
Artifacts
This run and associated checks have been archived and are scheduled for deletion. Learn more about checks retention

checkov.yaml

on: pull_request
Matrix: terraform-validate
Fit to window
Zoom out
Zoom in

Annotations

207 errors and 75 warnings
terraform-validate (modules/aws-iam-user)
CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
terraform-validate (modules/aws-iam-user)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/aws-vpn-vpnendpoint)
CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
terraform-validate (modules/aws-network)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/aws-network)
CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
terraform-validate (modules/aws-network)
CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
terraform-validate (modules/aws-network)
CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/api-gateway)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/api-gateway)
CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
terraform-validate (modules/api-gateway)
CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
terraform-validate (modules/api-gateway)
CKV_AWS_66: "Ensure that CloudWatch Log Group specifies retention days"
terraform-validate (modules/api-gateway)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/api-gateway)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/api-gateway)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/api-gateway)
CKV_AWS_206: "Ensure API Gateway Domain uses a modern security Policy"
terraform-validate (modules/api-gateway)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/api-gateway)
CKV_AWS_237: "Ensure Create before destroy for API GATEWAY"
terraform-validate (modules/cloudfront-ssl-hsts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudfront-ssl-hsts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudfront-ssl-hsts)
CKV2_AWS_32: "Ensure CloudFront distribution has a response headers policy attached"
terraform-validate (modules/cloudfront-ssl-hsts)
CKV2_AWS_47: "Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_124: "Ensure that CloudFormation stacks are sending event notifications to an SNS topic"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_124: "Ensure that CloudFormation stacks are sending event notifications to an SNS topic"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
terraform-validate (modules/aws-rds-postgres)
CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_124: "Ensure that CloudFormation stacks are sending event notifications to an SNS topic"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/cloudfront)
CKV_AWS_50: "X-ray tracing is enabled for Lambda"
terraform-validate (modules/cloudfront)
CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
terraform-validate (modules/cloudfront)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/cloudfront)
CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
terraform-validate (modules/cloudfront)
CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
terraform-validate (modules/cloudfront)
CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
terraform-validate (modules/cloudfront)
CKV_AWS_310: "Ensure CloudFront distributions should have origin failover configured"
terraform-validate (modules/cloudfront)
CKV_AWS_68: "CloudFront Distribution should have WAF enabled"
terraform-validate (modules/cloudfront)
CKV_AWS_305: "Ensure Cloudfront distribution has a default root object configured"
terraform-validate (modules/cloudfront)
CKV_AWS_34: "Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS"
terraform-validate (modules/aws-cloudfront-security-headers)
CKV_AWS_50: "X-ray tracing is enabled for Lambda"
terraform-validate (modules/aws-cloudfront-security-headers)
CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
terraform-validate (modules/aws-cloudfront-security-headers)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/aws-cloudfront-security-headers)
CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
terraform-validate (modules/aws-cloudfront-security-headers)
CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
terraform-validate (modules/aws-cloudfront-security-headers)
CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
terraform-validate (modules/cognito-identity-pool-final)
CKV_AWS_289: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
terraform-validate (modules/cognito-identity-pool-final)
CKV_AWS_290: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/cognito-identity-pool-final)
CKV_AWS_355: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/cognito-identity-pool-final)
CKV_AWS_287: "Ensure IAM policies does not allow credentials exposure"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_AWS_173: "Check encryption settings for Lambda environmental variable"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/cloudwatch-alarm-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudtrail)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/cloudtrail)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/elastic-search)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/elastic-search)
CKV_AWS_318: "Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA"
terraform-validate (modules/elastic-search)
CKV_AWS_317: "Ensure Elasticsearch Domain Audit Logging is enabled"
terraform-validate (modules/elastic-search)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/elastic-search)
CKV2_AWS_59: "Ensure ElasticSearch/OpenSearch has dedicated master node enabled"
terraform-validate (modules/elastic-search)
CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
terraform-validate (modules/ecr)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/ecr)
CKV_AWS_51: "Ensure ECR Image Tags are immutable"
terraform-validate (modules/ecr)
CKV_AWS_136: "Ensure that ECR repositories are encrypted using KMS"
terraform-validate (modules/ecr)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_124: "Ensure that CloudFormation stacks are sending event notifications to an SNS topic"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/iam-group)
CKV2_AWS_14: "Ensure that IAM groups includes at least one IAM user"
terraform-validate (modules/iam-group)
CKV2_AWS_21: "Ensure that all IAM users are members of at least one IAM group."
terraform-validate (modules/eks-iam-user-constrain)
CKV_AWS_290: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/eks-iam-user-constrain)
CKV_AWS_355: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/eks-iam-user-constrain)
CKV_AWS_287: "Ensure IAM policies does not allow credentials exposure"
terraform-validate (modules/iam-account-password-policy)
CKV_AWS_11: "Ensure IAM password policy requires at least one lowercase letter"
terraform-validate (modules/eks-iam-user-constrain)
CKV_K8S_49: "Minimize wildcard use in Roles and ClusterRoles"
terraform-validate (modules/iam-account-password-policy)
CKV_AWS_15: "Ensure IAM password policy requires at least one uppercase letter"
terraform-validate (modules/eks-iam-user-constrain)
CKV2_AWS_14: "Ensure that IAM groups includes at least one IAM user"
terraform-validate (modules/iam-account-password-policy)
CKV_AWS_14: "Ensure IAM password policy requires at least one symbol"
terraform-validate (modules/eks-iam-user-constrain)
CKV2_AWS_21: "Ensure that all IAM users are members of at least one IAM group."
terraform-validate (modules/iam-account-password-policy)
CKV_AWS_12: "Ensure IAM password policy requires at least one number"
terraform-validate (modules/iam-account-password-policy)
CKV_AWS_9: "Ensure IAM password policy expires passwords within 90 days or less"
terraform-validate (modules/iam-account-password-policy)
CKV_AWS_10: "Ensure IAM password policy requires minimum length of 14 or greater"
terraform-validate (modules/external-secret-store)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/external-secret-store)
CKV_K8S_21: "The default namespace should not be used"
terraform-validate (modules/goldilocks)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/goldilocks)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/goldilocks)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/goldilocks)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/ingress)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/ingress)
CKV_K8S_21: "The default namespace should not be used"
terraform-validate (modules/ingress)
CKV2_AWS_38: "Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones"
terraform-validate (modules/ingress)
CKV2_AWS_39: "Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_173: "Check encryption settings for Lambda environmental variable"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/route53-alerts-notify)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/route53-alerts-notify)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/route53-alerts-notify)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/secret)
CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
terraform-validate (modules/sns-cronjob)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/sns-cronjob)
CKV_AWS_27: "Ensure all data stored in the SQS queue is encrypted"
terraform-validate (modules/sns-cronjob)
CKV_AWS_283: "Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource"
terraform-validate (modules/service-alerts)
CKV_AWS_173: "Check encryption settings for Lambda environmental variable"
terraform-validate (modules/service-alerts)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/service-alerts)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/service-alerts)
CKV_AWS_173: "Check encryption settings for Lambda environmental variable"
terraform-validate (modules/service-alerts)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/service-alerts)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/service-alerts)
CKV_AWS_173: "Check encryption settings for Lambda environmental variable"
terraform-validate (modules/service-alerts)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/service-alerts)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/service-alerts)
CKV_AWS_173: "Check encryption settings for Lambda environmental variable"
terraform-validate (modules/s3)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/s3)
CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
terraform-validate (modules/s3)
CKV_AWS_300: "Ensure S3 lifecycle configuration sets period for aborting failed uploads"
terraform-validate (modules/s3)
CKV_AWS_55: "Ensure S3 bucket has ignore public ACLs enabled"
terraform-validate (modules/s3)
CKV_AWS_53: "Ensure S3 bucket has block public ACLS enabled"
terraform-validate (modules/s3)
CKV_AWS_54: "Ensure S3 bucket has block public policy enabled"
terraform-validate (modules/s3)
CKV_AWS_56: "Ensure S3 bucket has 'restrict_public_bucket' enabled"
terraform-validate (modules/s3)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/s3)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/s3)
CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
terraform-validate (modules/sqs)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/sqs)
CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
terraform-validate (modules/sqs)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/sqs)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/vpc)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/vpc)
CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
terraform-validate (modules/vpc)
CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_124: "Ensure that CloudFormation stacks are sending event notifications to an SNS topic"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/waf)
CKV_AWS_192: "Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell"
terraform-validate (modules/waf)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/waf)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/waf)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/waf)
CKV2_AWS_31: "Ensure WAF2 has a Logging Configuration"
terraform-validate (modules/api-gateway-account-settings)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-iam-user)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-vpn-vpnendpoint)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-network)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-multi-vpc-peering)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-vpc-peering)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-alb-to-cloudwatch-lambda)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/api-gateway)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudfront-ssl-hsts)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudwatch)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudfront-to-s3-to-cloudwatch)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudtrail-s3-to-cloudwatch)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-load-balancer-controller)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-load-balancer-controller)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/aws-load-balancer-controller)
Back off 13.759 seconds before retry.
terraform-validate (modules/cloudwatch-cross-account-share)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-rds-postgres)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-rds-postgres)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/aws-rds-postgres)
Back off 17.661 seconds before retry.
terraform-validate (modules/budgets)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/budgets)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/budgets)
Back off 19.11 seconds before retry.
terraform-validate (modules/cloudwatch-log-metric)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/alb-logs-to-s3-to-cloudwatch)
Back off 10.231 seconds before retry.
terraform-validate (modules/cognito-identitiy-pool)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudfront)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudfront)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/cloudfront)
Back off 21.809 seconds before retry.
terraform-validate (modules/aws-cloudfront-security-headers)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-cloudfront-security-headers)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/aws-cloudfront-security-headers)
Back off 17.019 seconds before retry.
terraform-validate (modules/cognito-identity)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-cloudwatch-prometheus-metrics)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/aws-cloudwatch-prometheus-metrics)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/aws-cloudwatch-prometheus-metrics)
Back off 23.626 seconds before retry.
terraform-validate (modules/cloudwatch-metrics)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cognito-identity-pool-final)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudwatch-alarm-notify)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cognito-user-pool)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudtrail)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudtrail)
Failed to download action 'https://api.github.com/repos/dasmeta/reusable-actions-workflows/tarball/cf6586afbfd3aa11ee626086b25ebfd9781f564e'. Error: Response status code does not indicate success: 500 (Internal Server Error).
terraform-validate (modules/cloudtrail)
Back off 26.244 seconds before retry.
terraform-validate (modules/eks)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/complete-eks-cluster)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/elastic-search)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/fluent-bit)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/ecr)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/fluent-bit-logs-s3-to-cloudwatch)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/external-secrets)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/fluent-bit-to-s3)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/iam-group)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/eks-iam-user-constrain)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/iam-account-password-policy)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/metrics-filter-multiple)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/metrics-server)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/external-secret-store)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/goldilocks)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/metric-filter)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/mongodb)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/mongodb-atlas)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/ingress)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/rabbitmq)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/rds)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/route53-alerts-notify)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/ssl-certificate)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/secret)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/sns-cronjob)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/service-alerts)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/s3)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/sqs)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/vpc)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/vpc-flow-logs-to-s3-to-cloudwatch)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/waf)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/