Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update module with latest changes #42

Merged
merged 17 commits into from
Aug 24, 2023
Merged

update module with latest changes #42

merged 17 commits into from
Aug 24, 2023

Conversation

yadavprakash
Copy link
Contributor

what

  • update module with latest change
  • update module with latest terraform version

why

  • need to update module with dynamic
  • update terraform version

@clouddrove-ci clouddrove-ci self-assigned this Aug 22, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 22, 2023
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

defsec found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:352
────────────────────────────────────────────────────────────────────────────────
  344    resource "aws_security_group_rule" "egress" {
  345      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  346    
  347      description       = var.sg_egress_description
  348      type              = "egress"
  349      from_port         = 0
  350      to_port           = 65535
  351      protocol          = "-1"
  352  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             199.404µs
  parsing              128.401906ms
  adaptation           398.907µs
  checks               17.267469ms
  total                146.267686ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     163
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:352
────────────────────────────────────────────────────────────────────────────────
  344    resource "aws_security_group_rule" "egress" {
  345      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  346    
  347      description       = var.sg_egress_description
  348      type              = "egress"
  349      from_port         = 0
  350      to_port           = 65535
  351      protocol          = "-1"
  352  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             192.298µs
  parsing              89.602616ms
  adaptation           384.598µs
  checks               9.545459ms
  total                99.724971ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     163
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:352
────────────────────────────────────────────────────────────────────────────────
  344    resource "aws_security_group_rule" "egress" {
  345      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  346    
  347      description       = var.sg_egress_description
  348      type              = "egress"
  349      from_port         = 0
  350      to_port           = 65535
  351      protocol          = "-1"
  352  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             177.001µs
  parsing              122.952269ms
  adaptation           396.904µs
  checks               19.089681ms
  total                142.615855ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     163
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = 0
  355      to_port           = 65535
  356      protocol          = "-1"
  357  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             287.202µs
  parsing              140.797263ms
  adaptation           887.404µs
  checks               18.358499ms
  total                160.330368ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     164
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = 0
  355      to_port           = 65535
  356      protocol          = "-1"
  357  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             209.703µs
  parsing              82.541959ms
  adaptation           1.30622ms
  checks               16.830356ms
  total                100.888238ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     164
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             154.3µs
  parsing              119.508387ms
  adaptation           377µs
  checks               16.287012ms
  total                136.326699ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     169
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             210.415µs
  parsing              59.124185ms
  adaptation           439.429µs
  checks               9.114915ms
  total                68.888944ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     169
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 24, 2023
View reviewed changes
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres-serverless/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres-serverless/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres-serverless/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres-serverless/example.tf Fixed Show fixed Hide fixed
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             142.4µs
  parsing              114.498395ms
  adaptation           341.001µs
  checks               15.726854ms
  total                130.70865ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     169
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             147.203µs
  parsing              80.564824ms
  adaptation           333.603µs
  checks               9.852001ms
  total                90.897631ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:335
────────────────────────────────────────────────────────────────────────────────
  327    resource "aws_security_group_rule" "egress" {
  328      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  329    
  330      description       = var.sg_egress_description
  331      type              = "egress"
  332      from_port         = var.from_port
  333      to_port           = var.to_port
  334      protocol          = var.egress_protocol
  335  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             158.601µs
  parsing              83.143215ms
  adaptation           361.805µs
  checks               10.010346ms
  total                93.673967ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:335
────────────────────────────────────────────────────────────────────────────────
  327    resource "aws_security_group_rule" "egress" {
  328      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  329    
  330      description       = var.sg_egress_description
  331      type              = "egress"
  332      from_port         = var.from_port
  333      to_port           = var.to_port
  334      protocol          = var.egress_protocol
  335  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             192.902µs
  parsing              81.775365ms
  adaptation           367.504µs
  checks               9.910692ms
  total                92.246463ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:335
────────────────────────────────────────────────────────────────────────────────
  327    resource "aws_security_group_rule" "egress" {
  328      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  329    
  330      description       = var.sg_egress_description
  331      type              = "egress"
  332      from_port         = var.from_port
  333      to_port           = var.to_port
  334      protocol          = var.egress_protocol
  335  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             189.806µs
  parsing              54.944547ms
  adaptation           375.509µs
  checks               15.574382ms
  total                71.084244ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

themaniskshah
themaniskshah approved these changes Aug 24, 2023
View reviewed changes
Copy link
Member

@themaniskshah themaniskshah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

nikitadugar
nikitadugar approved these changes Aug 24, 2023
View reviewed changes
Copy link
Member

@nikitadugar nikitadugar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

!LGTM

13archit
13archit reviewed Aug 24, 2023
View reviewed changes
Copy link
Member

@13archit 13archit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

omsharma07
omsharma07 approved these changes Aug 24, 2023
View reviewed changes
Copy link
Contributor

@omsharma07 omsharma07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@omsharma07 omsharma07 merged commit e0a81ac into master Aug 24, 2023
20 checks passed
@delete-merged-branch delete-merged-branch bot deleted the feat/issue-231 branch August 24, 2023 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omsharma07 omsharma07 omsharma07 approved these changes

@nikitadugar nikitadugar nikitadugar approved these changes

@themaniskshah themaniskshah themaniskshah approved these changes

@13archit 13archit 13archit approved these changes

@anmolnagpal anmolnagpal Awaiting requested review from anmolnagpal anmolnagpal is a code owner

@clouddrove-ci clouddrove-ci Awaiting requested review from clouddrove-ci clouddrove-ci is a code owner

@d4kverma d4kverma Awaiting requested review from d4kverma

@mamrajyadav mamrajyadav Awaiting requested review from mamrajyadav

Assignees

@yadavprakash yadavprakash

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet