Add static code analysis to module

[davidkelliott]

No description provided.

[github-actions]

TFSEC Scan Failed

Show Output

*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

Results #1-2 HIGH IAM policy document uses sensitive action 's3:ReplicateObject' on wildcarded resource '*' (2 similar results)
────────────────────────────────────────────────────────────────────────────────
  main.tf:71
────────────────────────────────────────────────────────────────────────────────
   33    data "aws_iam_policy_document" "default-policy" {
   ..  
   71  [     resources = ["${var.replication_bucket != "" ? local.replication_bucket : "*"}"]
   ..  
   82    }
────────────────────────────────────────────────────────────────────────────────
  Individual Causes
  - main.tf:33-82 (data.aws_iam_policy_document.default-policy) 2 instances
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             53µs
  parsing              718.907µs
  adaptation           317.503µs
  checks               27.361418ms
  total                28.450828ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     13
  files read           4

  results
  ──────────────────────────────────────────
  passed               10
  ignored              0
  critical             0
  high                 2
  medium               0
  low                  0

  10 passed, 2 potential problem(s) detected.

tfsec_exitcode=1

Checkov Scan Success

Show Output

*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 23, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 64, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.13.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

[github-actions]

TFSEC Scan Failed

Show Output

*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

Results #1-2 HIGH IAM policy document uses sensitive action 's3:ReplicateObject' on wildcarded resource '*' (2 similar results)
────────────────────────────────────────────────────────────────────────────────
  main.tf:71
────────────────────────────────────────────────────────────────────────────────
   33    data "aws_iam_policy_document" "default-policy" {
   ..  
   71  [     resources = ["${var.replication_bucket != "" ? local.replication_bucket : "*"}"]
   ..  
   82    }
────────────────────────────────────────────────────────────────────────────────
  Individual Causes
  - main.tf:33-82 (data.aws_iam_policy_document.default-policy) 2 instances
────────────────────────────────────────────────────────────────────────────────
          ID aws-iam-no-policy-wildcards
      Impact Overly permissive policies may grant access to sensitive resources
  Resolution Specify the exact permissions required, and to which resources they should apply instead of using wildcards.

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/iam/no-policy-wildcards/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             72.499µs
  parsing              737.688µs
  adaptation           321.995µs
  checks               25.288672ms
  total                26.420854ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     13
  files read           4

  results
  ──────────────────────────────────────────
  passed               10
  ignored              0
  critical             0
  high                 2
  medium               0
  low                  0

  10 passed, 2 potential problem(s) detected.

tfsec_exitcode=1

Checkov Scan Success

Show Output

*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 23, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 64, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.13.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0