Merge pull request #8463 from ministryofjustice/Update_251024_4

Update_251024_4
ministryofjustice · Oct 25, 2024 · c0601e6 · c0601e6
2 parents c878a5b + 1207f5f
commit c0601e6
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 2 deletions.
diff --git a/terraform/environments/ppud/alb_external.tf b/terraform/environments/ppud/alb_external.tf
@@ -2,7 +2,8 @@
 # PPUD Internet Facing ALB
 
 resource "aws_lb" "PPUD-ALB" {
-  # checkov:skip=CKV_AWS_28: "ALB is already protected by WAF"
+  # checkov:skip=CKV2_AWS_28: "ALB is already protected by WAF"
+  # checkov:skip=CKV_AWS_152: "ALB target groups only have 2 targets so cross zone load balancing is not required"
   count              = local.is-development == true ? 1 : 0
   name               = "PPUD-ALB"
   internal           = false
@@ -83,7 +84,8 @@ resource "aws_lb_target_group_attachment" "PPUD-PORTAL-1" {
 # WAM Internet Facing ALB
 
 resource "aws_lb" "WAM-ALB" {
-  # checkov:skip=CKV_AWS_28: "ALB is already protected by WAF"
+  # checkov:skip=CKV2_AWS_28: "ALB is already protected by WAF"
+  # checkov:skip=CKV_AWS_152: "ALB target groups only have 2 targets so cross zone load balancing is not required"
   name               = local.application_data.accounts[local.environment].WAM_ALB
   internal           = false
   load_balancer_type = "application"

diff --git a/terraform/environments/ppud/alb_internal.tf b/terraform/environments/ppud/alb_internal.tf
@@ -3,6 +3,7 @@
 #########################
 
 resource "aws_lb" "PPUD-internal-ALB" {
+  # checkov:skip=CKV_AWS_152: "ALB target groups only have 2 targets so cross zone load balancing is not required"
   count              = local.is-development == false ? 1 : 0
   name               = local.application_data.accounts[local.environment].PPUD_Internal_ALB
   internal           = true

diff --git a/terraform/environments/ppud/endpointservice.tf b/terraform/environments/ppud/endpointservice.tf
@@ -14,6 +14,8 @@ resource "aws_vpc_endpoint_service_allowed_principal" "HomeOffice" {
 }
 
 resource "aws_lb" "ppud_internal_nlb" {
+  # checkov:skip=CKV2_AWS_28: "ALB is already protected by WAF"
+  # checkov:skip=CKV_AWS_152: "ALB target groups only have 2 targets so cross zone load balancing is not required"
   count                      = local.is-production == true ? 1 : 0
   name                       = "ppud-internal-nlb"
   internal                   = true

diff --git a/terraform/environments/ppud/s3.tf b/terraform/environments/ppud/s3.tf
@@ -368,6 +368,7 @@ resource "aws_s3_bucket" "moj-log-files-prod" {
   # checkov:skip=CKV_AWS_145: "S3 bucket is not public facing, does not contain any sensitive information and does not need encryption"
   # checkov:skip=CKV_AWS_144: "PPUD has a UK Sovereignty requirement so cross region replication is prohibited"
   # checkov:skip=CKV_AWS_18: "S3 bucket logging is not required"
+  # checkov:skip=CKV2_AWS_62: "S3 bucket event notification is not required"
   count  = local.is-production == true ? 1 : 0
   bucket = "moj-log-files-prod"
   tags = merge(
@@ -544,6 +545,7 @@ resource "aws_s3_bucket" "moj-log-files-uat" {
   # checkov:skip=CKV_AWS_145: "S3 bucket is not public facing, does not contain any sensitive information and does not need encryption"
   # checkov:skip=CKV_AWS_144: "PPUD has a UK Sovereignty requirement so cross region replication is prohibited"
   # checkov:skip=CKV_AWS_18: "S3 bucket logging is not required"
+  # checkov:skip=CKV2_AWS_62: "S3 bucket event notification is not required"
   count  = local.is-preproduction == true ? 1 : 0
   bucket = "moj-log-files-uat"
   tags = merge(