add makefile #50

yadavprakash · 2023-05-18T13:49:06Z

what

update makefile

clouddrove-ci · 2023-05-18T13:51:15Z

`Terraform Security Scan` Failed

Show Output

Result #1 CRITICAL Public cluster access is enabled. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:39
────────────────────────────────────────────────────────────────────────────────
   27    resource "aws_eks_cluster" "default" {
   ..  
   39  [     endpoint_public_access  = var.endpoint_public_access     (true)
   ..  
   66    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-eks-no-public-cluster-access
      Impact EKS can be access from the internet
  Resolution Don't enable public access to EKS Clusters

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/eks/no-public-cluster-access/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#endpoint_public_access
────────────────────────────────────────────────────────────────────────────────


Result #2 CRITICAL Cluster allows access from a public CIDR: 0.0.0.0/0. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:40
────────────────────────────────────────────────────────────────────────────────
   27    resource "aws_eks_cluster" "default" {
   ..  
   40  [     public_access_cidrs     = var.public_access_cidrs
   ..  
   66    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-eks-no-public-cluster-access-to-cidr
      Impact EKS can be accessed from the internet
  Resolution Don't enable public access to EKS Clusters

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/eks/no-public-cluster-access-to-cidr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#vpc_config
────────────────────────────────────────────────────────────────────────────────


Result #3 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  security_groups.tf:21
────────────────────────────────────────────────────────────────────────────────
   15    resource "aws_security_group_rule" "node_group" {
   16      count             = var.enabled ? 1 : 0
   17      description       = "Allow all egress traffic"
   18      from_port         = 0
   19      to_port           = 0
   20      protocol          = "-1" 
   21  [   cidr_blocks       = ["0.0.0.0/0"] 
   22      security_group_id = join("", aws_security_group.node_group.*.id)
   23      type              = "egress"
   24    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


Results #4-8 MEDIUM Control plane scheduler logging is not enabled. (5 similar results)
────────────────────────────────────────────────────────────────────────────────
  main.tf:27-66
────────────────────────────────────────────────────────────────────────────────
   27  ┌ resource "aws_eks_cluster" "default" {
   28  │   count                     = var.enabled ? 1 : 0
   29  │   name                      = module.labels.id
   30  │   role_arn                  = join("", aws_iam_role.default.*.arn)
   31  │   version                   = var.kubernetes_version  
   32  │   enabled_cluster_log_types = var.enabled_cluster_log_types
   33  │   tags                      = module.labels.tags
   34  │ 
   35  └ 
   ..  
────────────────────────────────────────────────────────────────────────────────
  Individual Causes
  - main.tf:27-66 (aws_eks_cluster.default[0]) 5 instances
────────────────────────────────────────────────────────────────────────────────
          ID aws-eks-enable-control-plane-logging
      Impact Logging provides valuable information about access and usage
  Resolution Enable logging for the EKS control plane

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/eks/enable-control-plane-logging/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabled_cluster_log_types
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             284.203µs
  parsing              74.205104ms
  adaptation           315.402µs
  checks               11.314992ms
  total                86.119701ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     110
  files read           11

  results
  ──────────────────────────────────────────
  passed               9
  ignored              0
  critical             3
  high                 0
  medium               5
  low                  0

  9 passed, 8 potential problem(s) detected.

add makefile

e069c44

yadavprakash merged commit 421acba into master May 18, 2023

delete-merged-branch bot deleted the devops-4 branch May 18, 2023 13:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add makefile #50

add makefile #50

yadavprakash commented May 18, 2023

clouddrove-ci commented May 18, 2023

add makefile #50

add makefile #50

Conversation

yadavprakash commented May 18, 2023

what

clouddrove-ci commented May 18, 2023

Terraform Security Scan Failed

`Terraform Security Scan` Failed