Skip to content

Commit

Permalink
fix: Fixed tfcheks and tflint
Browse files Browse the repository at this point in the history
  • Loading branch information
@13archit
13archit committed Sep 5, 2023
1 parent 27f7786 commit f24457d
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 41 deletions.
13 changes: 5 additions & 8 deletions _example/example.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,17 @@ locals {
}

module "vpc" {
source = "clouddrove/vpc/aws"
version = "2.0.0"

source = "clouddrove/vpc/aws"
version = "2.0.0"
name = "vpc"
environment = local.environment
label_order = local.label_order
cidr_block = "172.16.0.0/16"
}

module "subnets" {
source = "clouddrove/subnet/aws"
version = "2.0.0"

source = "clouddrove/subnet/aws"
version = "2.0.0"
name = "subnet"
environment = local.environment
label_order = local.label_order
Expand All @@ -34,8 +32,7 @@ module "subnets" {
}

Check failure

Code scanning / defsec

An ingress Network ACL rule allows ALL ports. Error

Network ACL rule allows access using ALL ports.

Check failure

Code scanning / defsec

An ingress Network ACL rule allows ALL ports. Error

Network ACL rule allows access using ALL ports.

Check failure

Code scanning / defsec

An ingress Network ACL rule allows specific ports from /0. Error

Network ACL rule allows ingress from public internet.

module "efs" {
source = "./.."

source = "./.."
name = "efs"
environment = "test"
creation_token = "changeme"
Expand Down
52 changes: 25 additions & 27 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
# Description : This Script is used to create security group.
# Copyright @ CloudDrove. All Right Reserved.

####----------------------------------------------------------------------------------
#Description : Terraform module to create consistent naming for multiple names.
####----------------------------------------------------------------------------------
##------------------------------------------------------------------------------
## Description : Terraform module to create consistent naming for multiple names.
##------------------------------------------------------------------------------

module "label" {
source = "clouddrove/labels/aws"
Expand All @@ -17,9 +17,9 @@ module "label" {
enabled = var.efs_enabled
}

####----------------------------------------------------------------------------------
#Description :Provides an Elastic File System (EFS) File System resource.
####----------------------------------------------------------------------------------
##------------------------------------------------------------------------------
## Description :Provides an Elastic File System (EFS) File System resource.
##------------------------------------------------------------------------------
resource "aws_efs_file_system" "default" {
count = var.efs_enabled ? 1 : 0
creation_token = var.creation_token
Expand All @@ -31,9 +31,9 @@ resource "aws_efs_file_system" "default" {
kms_key_id = var.kms_key_id
}

####----------------------------------------------------------------------------------
#Description : Provides an Elastic File System (EFS) mount target.
####----------------------------------------------------------------------------------
##------------------------------------------------------------------------------
## Description : Provides an Elastic File System (EFS) mount target.
##------------------------------------------------------------------------------
resource "aws_efs_mount_target" "default" {
count = var.efs_enabled && length(var.availability_zones) > 0 ? length(var.availability_zones) : 0
file_system_id = join("", aws_efs_file_system.default[*].id)
Expand All @@ -42,9 +42,9 @@ resource "aws_efs_mount_target" "default" {
security_groups = [join("", aws_security_group.default[*].id)]
}

####----------------------------------------------------------------------------------
#Description : Provides a security group resource.
####----------------------------------------------------------------------------------
##------------------------------------------------------------------------------
## Description : Provides a security group resource.
##------------------------------------------------------------------------------
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
resource "aws_security_group" "default" {
count = var.efs_enabled ? 1 : 0
Expand All @@ -64,9 +64,9 @@ resource "aws_security_group" "default" {
}

ingress {
from_port = var.from_port # NFS
to_port = var.to_port
protocol = var.protocol
from_port = var.from_port # NFS
to_port = var.to_port
protocol = var.protocol
cidr_blocks = var.allow_cidr #tfsec:ignore:aws-vpc-no-public-egress-sgr
}

Expand All @@ -81,9 +81,9 @@ resource "aws_security_group" "default" {
tags = module.label.tags
}

####----------------------------------------------------------------------------------
#Description : Provides a security group resource.
####----------------------------------------------------------------------------------
##------------------------------------------------------------------------------
## Description : Provides a security group resource.
##------------------------------------------------------------------------------
resource "aws_efs_backup_policy" "policy" {
count = var.efs_enabled && var.efs_backup_policy_enabled == "ENABLED" ? 1 : 0

Expand All @@ -94,21 +94,19 @@ resource "aws_efs_backup_policy" "policy" {
}
}

####----------------------------------------------------------------------------------
#Description : Provides an Elastic File System (EFS) access point.
####----------------------------------------------------------------------------------
##------------------------------------------------------------------------------
## Description : Provides an Elastic File System (EFS) access point.
##------------------------------------------------------------------------------
resource "aws_efs_access_point" "default" {
count = var.efs_enabled && var.access_point_enabled ? 1 : 0
file_system_id = join("", aws_efs_file_system.default[*].id)

tags = module.label.tags
}
data "aws_availability_zones" "available" {}
data "aws_caller_identity" "current" {}

################################################################################
# Replication Configuration
################################################################################
##------------------------------------------------------------------------------
## Replication Configuration
##------------------------------------------------------------------------------

resource "aws_efs_replication_configuration" "this" {
count = var.efs_enabled && var.replication_enabled ? 1 : 0
Expand All @@ -127,7 +125,7 @@ resource "aws_efs_replication_configuration" "this" {
}

resource "aws_efs_file_system_policy" "this" {
count = var.efs_enabled && var.aws_efs_file_system_policy? 1 : 0
count = var.efs_enabled && var.aws_efs_file_system_policy ? 1 : 0

file_system_id = aws_efs_file_system.default[0].id
bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
Expand Down
6 changes: 0 additions & 6 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,12 +106,6 @@ variable "availability_zones" {
description = "Availability Zone IDs"
}

variable "availability_zone" {
type = list(string)
default = ["us-east-1b", "us-east-1c"]
description = "Availability Zone IDs"
}

variable "encrypted" {
type = bool
default = true
Expand Down

0 comments on commit f24457d

Please sign in to comment.