Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update code and tflint issue #28

Merged
merged 3 commits into from
Mar 11, 2024
Merged

feat: update code and tflint issue #28

merged 3 commits into from
Mar 11, 2024

Conversation

theprashantyadav
Copy link
Contributor

what

  • Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
  • Use bullet points to be concise and to the point.

why

  • Provide the justifications for the changes (e.g. business case).
  • Describe why these changes were made (e.g. why do these commits fix the problem?)
  • Use bullet points to be concise and to the point.

references

  • Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow).
  • Use closes #123, if this PR closes a Jira issue #123

@theprashantyadav theprashantyadav requested a review from a team January 17, 2024 10:16
@clouddrove-ci clouddrove-ci self-assigned this Jan 17, 2024
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:71-76
────────────────────────────────────────────────────────────────────────────────
   71    resource "aws_cloudwatch_log_group" "cloudtrail_events" {
   72      count             = var.enabled ? 1 : 0
   73      name              = var.cloudwatch_logs_group_name
   74      retention_in_days = var.cloudwatch_logs_retention_in_days
   75      tags              = module.labels.tags
   76    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             139.401µs
  parsing              99.080537ms
  adaptation           147.901µs
  checks               8.374245ms
  total                107.742084ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     53
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:71-76
────────────────────────────────────────────────────────────────────────────────
   71    resource "aws_cloudwatch_log_group" "cloudtrail_events" {
   72      count             = var.enabled ? 1 : 0
   73      name              = var.cloudwatch_logs_group_name
   74      retention_in_days = var.cloudwatch_logs_retention_in_days
   75      tags              = module.labels.tags
   76    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             104.201µs
  parsing              160.502517ms
  adaptation           146.203µs
  checks               8.945468ms
  total                169.698389ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     53
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:71-76
────────────────────────────────────────────────────────────────────────────────
   71    resource "aws_cloudwatch_log_group" "cloudtrail_events" {
   72      count             = var.enabled ? 1 : 0
   73      name              = var.cloudwatch_logs_group_name
   74      retention_in_days = var.cloudwatch_logs_retention_in_days
   75      tags              = module.labels.tags
   76    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             130.501µs
  parsing              69.483702ms
  adaptation           204.8µs
  checks               11.284633ms
  total                81.103636ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     53
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@theprashantyadav theprashantyadav self-assigned this Jan 17, 2024
@clouddrove-ci clouddrove-ci merged commit fb87d99 into master Mar 11, 2024
17 checks passed
@delete-merged-branch delete-merged-branch bot deleted the feat/update-code branch March 11, 2024 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@themaniskshah themaniskshah themaniskshah approved these changes

@mamrajyadav mamrajyadav mamrajyadav approved these changes

@anmolnagpal anmolnagpal Awaiting requested review from anmolnagpal anmolnagpal is a code owner

@clouddrove-ci clouddrove-ci Awaiting requested review from clouddrove-ci clouddrove-ci is a code owner

@h1manshu98 h1manshu98 Awaiting requested review from h1manshu98

@d4kverma d4kverma Awaiting requested review from d4kverma

@vaibhav7797 vaibhav7797 Awaiting requested review from vaibhav7797

@nileshgadgi nileshgadgi Awaiting requested review from nileshgadgi

Assignees

@clouddrove-ci clouddrove-ci

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@theprashantyadav @clouddrove-ci @themaniskshah @mamrajyadav @anmolnagpal