Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial code #3

Closed
wants to merge 39 commits into from
Closed

initial code #3

wants to merge 39 commits into from

Conversation

markgov
Copy link
Contributor

@markgov markgov commented May 12, 2023

Initial code update for new module for dns and certificates

@markgov markgov mentioned this pull request May 12, 2023
Closed
8 tasks
@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             175.303µs
  parsing              994.117µs
  adaptation           158.103µs
  checks               22.000191ms
  total                23.327714ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    2
  blocks processed     9
  files read           8

  results
  ──────────────────────────────────────────
  passed               4
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 6, Failed checks: 1, Skipped checks: 0

Check: CKV_AWS_233: "Ensure Create before destroy for ACM certificates"
	FAILED for resource: aws_acm_certificate.acm_certificate
	File: /route53/main.tf:15-25
	Guide: https://docs.bridgecrew.io/docs/ensure-aws-acm-certificate-enables-create-before-destroy

		15 | resource "aws_acm_certificate" "acm_certificate" {
		16 | 
		17 |   domain_name   = var.acm_cert_domain_name
		18 |   validation_method = "DNS"
		19 |   subject_alternative_names = var.environment == "production" ? null : [local.domain_name]
		20 |   
		21 |   tags = var.tags
		22 |   lifecycle {
		23 |     prevent_destroy = false
		24 |   }
		25 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             182.102µs
  parsing              1.25302ms
  adaptation           165.103µs
  checks               21.23991ms
  total                22.840135ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    2
  blocks processed     14
  files read           8

  results
  ──────────────────────────────────────────
  passed               4
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 7, Failed checks: 2, Skipped checks: 0

Check: CKV_AWS_233: "Ensure Create before destroy for ACM certificates"
	FAILED for resource: aws_acm_certificate.cert
	File: /certificates/main.tf:23-26
	Guide: https://docs.bridgecrew.io/docs/ensure-aws-acm-certificate-enables-create-before-destroy

		23 | resource "aws_acm_certificate" "cert" {
		24 |   private_key      = tls_private_key.example.private_key_pem
		25 |   certificate_body = tls_self_signed_cert.example.cert_pem
		26 | }

Check: CKV_AWS_233: "Ensure Create before destroy for ACM certificates"
	FAILED for resource: aws_acm_certificate.acm_certificate
	File: /route53/main.tf:15-25
	Guide: https://docs.bridgecrew.io/docs/ensure-aws-acm-certificate-enables-create-before-destroy

		15 | resource "aws_acm_certificate" "acm_certificate" {
		16 | 
		17 |   domain_name   = aws_route53_record.www-dev.fqdn
		18 |   validation_method = "DNS"
		19 |   subject_alternative_names = var.environment == "production" ? null : [local.domain_name]
		20 |   
		21 |   tags = var.tags
		22 |   lifecycle {
		23 |     prevent_destroy = false
		24 |   }
		25 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

markgov added 2 commits May 17, 2023 17:02
@markgov
code update
965dd74
@markgov
Merge branch 'inital-code' of github.com:ministryofjustice/modernisat…
2b23ba3 
…ion-platform-terraform-dns-certificates into inital-code
@markgov markgov requested a review from a team as a code owner May 17, 2023 16:07
@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             175.3µs
  parsing              2.1725ms
  adaptation           129.6µs
  checks               20.987799ms
  total                23.465199ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    3
  blocks processed     20
  files read           12

  results
  ──────────────────────────────────────────
  passed               4
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 7, Failed checks: 2, Skipped checks: 0

Check: CKV_AWS_233: "Ensure Create before destroy for ACM certificates"
	FAILED for resource: module.gandi_certificate.aws_acm_certificate.cert
	File: /certificates/main.tf:23-26
	Calling File: /route53/main.tf:39-43
	Guide: https://docs.bridgecrew.io/docs/ensure-aws-acm-certificate-enables-create-before-destroy

		23 | resource "aws_acm_certificate" "cert" {
		24 |   private_key      = tls_private_key.example.private_key_pem
		25 |   certificate_body = tls_self_signed_cert.example.cert_pem
		26 | }

Check: CKV_AWS_233: "Ensure Create before destroy for ACM certificates"
	FAILED for resource: aws_acm_certificate.acm_certificate
	File: /route53/main.tf:15-24
	Guide: https://docs.bridgecrew.io/docs/ensure-aws-acm-certificate-enables-create-before-destroy

		15 | resource "aws_acm_certificate" "acm_certificate" {
		16 |   count = var.acm_certificate_needed ? 1 : 0
		17 |   domain_name   = aws_route53_record.www-dev.fqdn
		18 |   validation_method = "DNS"
		19 |   
		20 |   tags = var.tags
		21 |   lifecycle {
		22 |     prevent_destroy = false
		23 |   }
		24 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
Error: scan failed: github/workspace/.github/main.tf:19,27-20,1: Invalid attribute name; An attribute name is required after a dot.
tfsec_exitcode=1

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 5, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             88.906µs
  parsing              1.073873ms
  adaptation           92.306µs
  checks               16.426326ms
  total                17.681411ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     18
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 5, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             92.404µs
  parsing              953.042µs
  adaptation           90.304µs
  checks               17.225578ms
  total                18.361328ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     18
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 5, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             72µs
  parsing              862.888µs
  adaptation           88.199µs
  checks               17.313458ms
  total                18.336545ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     18
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 5, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             159.606µs
  parsing              1.363153ms
  adaptation           100.804µs
  checks               19.235839ms
  total                20.859402ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     18
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 5, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             133.203µs
  parsing              1.42041ms
  adaptation           97.801µs
  checks               16.821836ms
  total                18.47325ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     18
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 5, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
tflint_exitcode=0

@markgov markgov closed this May 22, 2023
@markgov markgov reopened this May 22, 2023
@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             69.4µs
  parsing              263.2µs
  adaptation           98.5µs
  checks               13.884885ms
  total                14.315985ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     17
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 15, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:51-65
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		51 | resource "aws_alb" "testalb" {
		52 |   name               = "alb-test"
		53 |   internal           = false
		54 |   load_balancer_type = "application"
		55 |   security_groups    = [aws_security_group.lb.id]
		56 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		57 | 
		58 |   tags = merge(
		59 |     local.tags,
		60 |     {
		61 |       Name = "alb-test"
		62 |     },
		63 |   )
		64 |   drop_invalid_header_fields = true
		65 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:51-65
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		51 | resource "aws_alb" "testalb" {
		52 |   name               = "alb-test"
		53 |   internal           = false
		54 |   load_balancer_type = "application"
		55 |   security_groups    = [aws_security_group.lb.id]
		56 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		57 | 
		58 |   tags = merge(
		59 |     local.tags,
		60 |     {
		61 |       Name = "alb-test"
		62 |     },
		63 |   )
		64 |   drop_invalid_header_fields = true
		65 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:51-65
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		51 | resource "aws_alb" "testalb" {
		52 |   name               = "alb-test"
		53 |   internal           = false
		54 |   load_balancer_type = "application"
		55 |   security_groups    = [aws_security_group.lb.id]
		56 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		57 | 
		58 |   tags = merge(
		59 |     local.tags,
		60 |     {
		61 |       Name = "alb-test"
		62 |     },
		63 |   )
		64 |   drop_invalid_header_fields = true
		65 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
13 issue(s) found:

Warning: variable "tags" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 1:
   1: variable "tags" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "application_name" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 5:
   5: variable "application_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "set_identifier" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 25:
  25: variable "set_identifier" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "record" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 30:
  30: variable "record" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "acm_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 35:
  35: variable "acm_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "gandi_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 40:
  40: variable "gandi_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `ssm_private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "ssm_private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "certificate_body" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 50:
  50: variable "certificate_body" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `certificate_chain` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "certificate_chain" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             72.6µs
  parsing              237.598µs
  adaptation           80.1µs
  checks               7.223477ms
  total                7.613775ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     17
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 16, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
13 issue(s) found:

Warning: variable "tags" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 1:
   1: variable "tags" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "application_name" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 5:
   5: variable "application_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "set_identifier" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 25:
  25: variable "set_identifier" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "record" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 30:
  30: variable "record" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "acm_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 35:
  35: variable "acm_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "gandi_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 40:
  40: variable "gandi_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `ssm_private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "ssm_private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "certificate_body" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 50:
  50: variable "certificate_body" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `certificate_chain` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "certificate_chain" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
Error: scan failed: github/workspace/main.tf:7,18-19: Invalid character; This character is not used within the language., and 1 other diagnostic(s)
tfsec_exitcode=1

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 15, Failed checks: 3, Skipped checks: 0, Parsing errors: 1

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
Failed to load configurations; github/workspace/main.tf:7,18-19: Invalid character; This character is not used within the language., and 1 other diagnostic(s):

�[31mError�[0m: Invalid character

  on github/workspace/main.tf line 7, in resource "aws_route53_record" "www-dev":
   7:   provider = aws.�[1;4m$�[0m{var.aws_account_id}

This character is not used within the language.

�[31mError�[0m: Invalid attribute name

  on github/workspace/main.tf line 7, in resource "aws_route53_record" "www-dev":
   7:   provider = aws.�[1;4m$�[0m{var.aws_account_id}

An attribute name is required after a dot.

tflint_exitcode=1

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             73.1µs
  parsing              304.2µs
  adaptation           90.299µs
  checks               9.96747ms
  total                10.435069ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     19
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 17, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
13 issue(s) found:

Warning: variable "tags" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 1:
   1: variable "tags" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "application_name" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 5:
   5: variable "application_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "set_identifier" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 25:
  25: variable "set_identifier" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "record" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 30:
  30: variable "record" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "acm_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 35:
  35: variable "acm_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "gandi_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 40:
  40: variable "gandi_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `ssm_private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "ssm_private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "certificate_body" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 50:
  50: variable "certificate_body" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `certificate_chain` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "certificate_chain" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
Error: scan failed: github/workspace/main.tf:3,32-33: Missing newline after argument; An argument definition must end with a newline.
tfsec_exitcode=1

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 15, Failed checks: 3, Skipped checks: 0, Parsing errors: 1

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
Failed to load configurations; github/workspace/main.tf:3,32-33: Missing newline after argument; An argument definition must end with a newline.:

�[31mError�[0m: Missing newline after argument

  on github/workspace/main.tf line 3, in resource "aws_route53_record" "www-dev":
   3:   provider = var.aws_account_id�[1;4m}�[0m

An argument definition must end with a newline.

tflint_exitcode=1

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             68.6µs
  parsing              243.299µs
  adaptation           78.8µs
  checks               20.601586ms
  total                20.992285ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     18
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 16, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
14 issue(s) found:

Warning: Missing version constraint for provider "var" in "required_providers" (terraform_required_providers)

  on github/workspace/main.tf line 1:
   1: resource "aws_route53_record" "www-dev" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_required_providers.md

Warning: variable "tags" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 1:
   1: variable "tags" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "application_name" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 5:
   5: variable "application_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "set_identifier" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 25:
  25: variable "set_identifier" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "record" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 30:
  30: variable "record" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "acm_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 35:
  35: variable "acm_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "gandi_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 40:
  40: variable "gandi_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `ssm_private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "ssm_private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "certificate_body" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 50:
  50: variable "certificate_body" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `certificate_chain` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "certificate_chain" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             72.9µs
  parsing              286.803µs
  adaptation           81.501µs
  checks               8.95747ms
  total                9.398674ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     19
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 17, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
14 issue(s) found:

Warning: Missing version constraint for provider "var" in "required_providers" (terraform_required_providers)

  on github/workspace/main.tf line 5:
   5: resource "aws_route53_record" "www-dev" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_required_providers.md

Warning: variable "tags" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 1:
   1: variable "tags" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "application_name" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 5:
   5: variable "application_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "set_identifier" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 25:
  25: variable "set_identifier" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "record" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 30:
  30: variable "record" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "acm_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 35:
  35: variable "acm_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "gandi_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 40:
  40: variable "gandi_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `ssm_private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "ssm_private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "certificate_body" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 50:
  50: variable "certificate_body" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `certificate_chain` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "certificate_chain" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
Error: scan failed: github/workspace/main.tf:6,18-19: Invalid character; This character is not used within the language., and 1 other diagnostic(s)
tfsec_exitcode=1

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 15, Failed checks: 3, Skipped checks: 0, Parsing errors: 1

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
Failed to load configurations; github/workspace/main.tf:6,18-19: Invalid character; This character is not used within the language., and 1 other diagnostic(s):

�[31mError�[0m: Invalid character

  on github/workspace/main.tf line 6, in resource "aws_route53_record" "www-dev":
   6:   provider = aws.�[1;4m$�[0m{var.aws_account_id}

This character is not used within the language.

�[31mError�[0m: Invalid attribute name

  on github/workspace/main.tf line 6, in resource "aws_route53_record" "www-dev":
   6:   provider = aws.�[1;4m$�[0m{var.aws_account_id}

An attribute name is required after a dot.

tflint_exitcode=1

@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
  timings
  ──────────────────────────────────────────
  disk i/o             105.601µs
  parsing              526.808µs
  adaptation           124.302µs
  checks               20.56333ms
  total                21.320041ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     19
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 17, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/bc_aws_logging_22

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_alb.testalb
	File: /test/unit-test/main.tf:61-75
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		61 | resource "aws_alb" "testalb" {
		62 |   name               = "alb-test"
		63 |   internal           = false
		64 |   load_balancer_type = "application"
		65 |   security_groups    = [aws_security_group.lb.id]
		66 |   subnets            = [data.aws_subnet.private_subnets_a.id, data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id]
		67 | 
		68 |   tags = merge(
		69 |     local.tags,
		70 |     {
		71 |       Name = "alb-test"
		72 |     },
		73 |   )
		74 |   drop_invalid_header_fields = true
		75 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
13 issue(s) found:

Warning: variable "tags" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 1:
   1: variable "tags" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "application_name" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 5:
   5: variable "application_name" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "set_identifier" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 25:
  25: variable "set_identifier" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "record" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 30:
  30: variable "record" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "acm_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 35:
  35: variable "acm_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "gandi_certificate_needed" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 40:
  40: variable "gandi_certificate_needed" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `ssm_private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "ssm_private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 45:
  45: variable "ssm_private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: variable "certificate_body" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 50:
  50: variable "certificate_body" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `certificate_chain` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "certificate_chain" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 55:
  55: variable "certificate_chain" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

Warning: `private_key` variable has no type (terraform_typed_variables)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: variable "private_key" is declared but not used (terraform_unused_declarations)

  on github/workspace/variables.tf line 59:
  59: variable "private_key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@markgov markgov closed this Jun 26, 2023
@markgov markgov deleted the inital-code branch June 26, 2023 11:28
@markgov markgov restored the inital-code branch June 26, 2023 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@markgov