This PR adds an IAM user for Sukesh Reddy Gade #275

sukeshreddyg · 2023-12-06T10:14:48Z

No description provided.

github-actions · 2023-12-06T10:17:13Z

`TFSEC Scan` Failed

Show Output

*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================

Results #1-2 HIGH IAM policy document uses wildcarded action 'iam:ChangePassword' (2 similar results)
────────────────────────────────────────────────────────────────────────────────
  git::https:/github.com/terraform-aws-modules/terraform-aws-iam?ref=v5.5.7/modules/iam-group-with-policies/policies.tf:18-40
   via main.tf:73-96 (module.iam_group_admins_with_policies)
────────────────────────────────────────────────────────────────────────────────
   12    data "aws_iam_policy_document" "iam_self_management" {
   ..  
   18  ┌     actions = [
   19  │       "iam:ChangePassword",
   20  │       "iam:CreateAccessKey",
   21  │       "iam:CreateLoginProfile",
   22  │       "iam:CreateVirtualMFADevice",
   23  │       "iam:DeleteAccessKey",
   24  └       "iam:DeleteLoginProfile",
   ..  
────────────────────────────────────────────────────────────────────────────────
  Individual Causes
  - git::https:/github.com/terraform-aws-modules/terraform-aws-iam?ref=v5.5.7/modules/iam-group-with-policies/policies.tf:73-96 (module.iam_group_admins_with_policies) 2 instances
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Results #3-4 HIGH IAM policy document uses wildcarded action 'iam:Get*' (2 similar results)
────────────────────────────────────────────────────────────────────────────────
  git::https:/github.com/terraform-aws-modules/terraform-aws-iam?ref=v5.5.7/modules/iam-group-with-policies/policies.tf:53-56
   via main.tf:73-96 (module.iam_group_admins_with_policies)
────────────────────────────────────────────────────────────────────────────────
   12    data "aws_iam_policy_document" "iam_self_management" {
   ..  
   53  ┌     actions = [
   54  │       "iam:Get*",
   55  │       "iam:List*",
   56  └     ]
   ..  
   91    }
────────────────────────────────────────────────────────────────────────────────
  Individual Causes
  - git::https:/github.com/terraform-aws-modules/terraform-aws-iam?ref=v5.5.7/modules/iam-group-with-policies/policies.tf:73-96 (module.iam_group_admins_with_policies) 2 instances
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #5 HIGH IAM policy document uses sensitive action 'iam:Get*' on wildcarded resource '*' 
────────────────────────────────────────────────────────────────────────────────
  git::https:/github.com/terraform-aws-modules/terraform-aws-iam?ref=v5.5.7/modules/iam-group-with-policies/policies.tf:58
   via main.tf:73-96 (module.iam_group_admins_with_policies)
────────────────────────────────────────────────────────────────────────────────
   12    data "aws_iam_policy_document" "iam_self_management" {
   ..  
   58  [     resources = ["*"]
   ..  
   91    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #6 HIGH IAM policy document uses sensitive action 'iam:ChangePassword' on wildcarded resource 'arn:aws:iam::*:user/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:152
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  152  [     resources = ["arn:aws:iam::*:user/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #7 HIGH IAM policy document uses sensitive action 'iam:CreateAccessKey' on wildcarded resource 'arn:aws:iam::*:user/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:163
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  163  [     resources = ["arn:aws:iam::*:user/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #8 HIGH IAM policy document uses sensitive action 'iam:DeleteSigningCertificate' on wildcarded resource 'arn:aws:iam::*:user/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:174
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  174  [     resources = ["arn:aws:iam::*:user/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #9 HIGH IAM policy document uses sensitive action 'iam:DeleteSSHPublicKey' on wildcarded resource 'arn:aws:iam::*:user/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:186
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  186  [     resources = ["arn:aws:iam::*:user/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #10 HIGH IAM policy document uses sensitive action 'iam:CreateServiceSpecificCredential' on wildcarded resource 'arn:aws:iam::*:user/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:198
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  198  [     resources = ["arn:aws:iam::*:user/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #11 HIGH IAM policy document uses sensitive action 'iam:CreateVirtualMFADevice' on wildcarded resource 'arn:aws:iam::*:mfa/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:207
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  207  [     resources = ["arn:aws:iam::*:mfa/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #12 HIGH IAM policy document uses sensitive action 'iam:DeactivateMFADevice' on wildcarded resource 'arn:aws:iam::*:user/${aws:username}' 
────────────────────────────────────────────────────────────────────────────────
  main.tf:218
────────────────────────────────────────────────────────────────────────────────
  132    data "aws_iam_policy_document" "force_mfa" {
  ...  
  218  [     resources = ["arn:aws:iam::*:user/$${aws:username}"]
  ...  
  239    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


Result #13 MEDIUM Multi-Factor authentication is not enforced for group 
────────────────────────────────────────────────────────────────────────────────
  git::https:/github.com/terraform-aws-modules/terraform-aws-iam?ref=v5.5.7/modules/iam-group-with-policies/main.tf:5-9
   via main.tf:73-96 (module.iam_group_admins_with_policies)
────────────────────────────────────────────────────────────────────────────────
    5    resource "aws_iam_group" "this" {
    6      count = var.create_group ? 1 : 0
    7    
    8      name = var.name
    9    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-enforce-group-mfa
      Impact IAM groups are more vulnerable to compromise without multi factor authentication activated
  Resolution Use terraform-module/enforce-mfa/aws to ensure that MFA is enforced

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/enforce-group-mfa/
  - https://registry.terraform.io/modules/terraform-module/enforce-mfa/aws/latest
  - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             1.367261ms
  parsing              11.832601322s
  adaptation           805.898µs
  checks               3.969178ms
  total                11.838743659s

  counts
  ──────────────────────────────────────────
  modules downloaded   13
  modules processed    14
  blocks processed     541
  files read           57

  results
  ──────────────────────────────────────────
  passed               66
  ignored              0
  critical             0
  high                 12
  medium               1
  low                  0

  66 passed, 13 potential problem(s) detected.

tfsec_exitcode=1

`Checkov Scan` Failed

Show Output

*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2023-12-06 10:17:09,410 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-account:~> 5.2 (for external modules, the --download-external-modules flag is required)
2023-12-06 10:17:09,410 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-roles:~> 5.5 (for external modules, the --download-external-modules flag is required)
2023-12-06 10:17:09,410 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-group-with-policies:~> 5.5 (for external modules, the --download-external-modules flag is required)
2023-12-06 10:17:09,410 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-user:~> 5.5 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 22, Failed checks: 13, Skipped checks: 0

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_account
	File: /main.tf:21-29
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		21 | module "iam_account" {
		22 |   source        = "terraform-aws-modules/iam/aws//modules/iam-account"
		23 |   version       = "~> 5.2"
		24 |   account_alias = var.account_alias
		25 | 
		26 |   # We create the password policy as part of `modernisation-platform-terraform-baselines` so
		27 |   # we don't need to do it here as well
		28 |   create_account_password_policy = false
		29 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_assumable_roles
	File: /main.tf:44-70
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		44 | module "iam_assumable_roles" {
		45 |   source               = "terraform-aws-modules/iam/aws//modules/iam-assumable-roles"
		46 |   version              = "~> 5.5"
		47 |   max_session_duration = 43200
		48 | 
		49 |   # Admin role
		50 |   create_admin_role       = true
		51 |   admin_role_name         = "superadmin"
		52 |   admin_role_requires_mfa = true
		53 | 
		54 |   # Poweruser role
		55 |   create_poweruser_role       = true
		56 |   poweruser_role_name         = "developer"
		57 |   poweruser_role_requires_mfa = true
		58 | 
		59 |   # Read-only role
		60 |   create_readonly_role       = true
		61 |   readonly_role_name         = "readonly"
		62 |   readonly_role_requires_mfa = true
		63 | 
		64 |   # Allow created users to assume these roles
		65 |   trusted_role_arns = [
		66 |     for user in module.iam_user : user.iam_user_arn
		67 |   ]
		68 | 
		69 |   depends_on = [time_sleep.wait_30_seconds]
		70 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_group_admins_with_policies
	File: /main.tf:73-96
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		73 | module "iam_group_admins_with_policies" {
		74 |   source  = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
		75 |   version = "~> 5.5"
		76 |   name    = "superadmins"
		77 | 
		78 |   group_users = [
		79 |     for user in module.iam_user : user.iam_user_name
		80 |   ]
		81 | 
		82 |   custom_group_policy_arns = [
		83 |     "arn:aws:iam::aws:policy/ReadOnlyAccess",
		84 |   ]
		85 | 
		86 |   custom_group_policies = [
		87 |     {
		88 |       name   = "ForceMFA"
		89 |       policy = data.aws_iam_policy_document.force_mfa.json
		90 |     },
		91 |     {
		92 |       name   = "AssumeRole"
		93 |       policy = data.aws_iam_policy_document.assume_role.json
		94 |     }
		95 |   ]
		96 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["aaron.robinson"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["david.elliott"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["david.sibley"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["edward.proctor"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["ewa.stempel"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["jake.mulley"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["mark.roberts"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["richard.green"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["stephen.linden"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: iam_user["sukeshreddy.gade"]
	File: /main.tf:99-111
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		99  | module "iam_user" {
		100 |   for_each              = local.superadmin_users
		101 |   source                = "terraform-aws-modules/iam/aws//modules/iam-user"
		102 |   version               = "~> 5.5"
		103 |   name                  = "${each.key}-superadmin"
		104 |   force_destroy         = true
		105 |   pgp_key               = each.value
		106 |   create_iam_access_key = false
		107 | 
		108 |   # The following is dependent on whether a PGP key has been set
		109 |   create_iam_user_login_profile = length(each.value) > 0 ? true : false
		110 |   password_reset_required       = length(each.value) < 0 ? true : false
		111 | }

github_actions scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Add Sukesh Reddy Gade to AWS

343dedc

sukeshreddyg assigned ASTRobinson Dec 6, 2023

sukeshreddyg requested a review from a team as a code owner December 6, 2023 10:14

ASTRobinson approved these changes Dec 6, 2023

View reviewed changes

ASTRobinson merged commit 0fe03c0 into main Dec 6, 2023
2 of 3 checks passed

ASTRobinson deleted the add-sukeshreddy-gade branch December 6, 2023 14:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

This PR adds an IAM user for Sukesh Reddy Gade #275

This PR adds an IAM user for Sukesh Reddy Gade #275

sukeshreddyg commented Dec 6, 2023

github-actions bot commented Dec 6, 2023

This PR adds an IAM user for Sukesh Reddy Gade #275

This PR adds an IAM user for Sukesh Reddy Gade #275

Conversation

sukeshreddyg commented Dec 6, 2023

github-actions bot commented Dec 6, 2023

TFSEC Scan Failed

Checkov Scan Failed

CTFLint Scan Success

`TFSEC Scan` Failed

`Checkov Scan` Failed

`CTFLint Scan` Success