Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update module with latest changes #42

Merged
merged 17 commits into from
Aug 24, 2023
Merged

update module with latest changes #42

merged 17 commits into from
Aug 24, 2023

Conversation

yadavprakash
Copy link
Contributor

what

  • update module with latest change
  • update module with latest terraform version

why

  • need to update module with dynamic
  • update terraform version

Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

defsec found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:352
────────────────────────────────────────────────────────────────────────────────
  344    resource "aws_security_group_rule" "egress" {
  345      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  346    
  347      description       = var.sg_egress_description
  348      type              = "egress"
  349      from_port         = 0
  350      to_port           = 65535
  351      protocol          = "-1"
  352  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             199.404µs
  parsing              128.401906ms
  adaptation           398.907µs
  checks               17.267469ms
  total                146.267686ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     163
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:352
────────────────────────────────────────────────────────────────────────────────
  344    resource "aws_security_group_rule" "egress" {
  345      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  346    
  347      description       = var.sg_egress_description
  348      type              = "egress"
  349      from_port         = 0
  350      to_port           = 65535
  351      protocol          = "-1"
  352  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             192.298µs
  parsing              89.602616ms
  adaptation           384.598µs
  checks               9.545459ms
  total                99.724971ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     163
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:352
────────────────────────────────────────────────────────────────────────────────
  344    resource "aws_security_group_rule" "egress" {
  345      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  346    
  347      description       = var.sg_egress_description
  348      type              = "egress"
  349      from_port         = 0
  350      to_port           = 65535
  351      protocol          = "-1"
  352  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             177.001µs
  parsing              122.952269ms
  adaptation           396.904µs
  checks               19.089681ms
  total                142.615855ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     163
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = 0
  355      to_port           = 65535
  356      protocol          = "-1"
  357  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             287.202µs
  parsing              140.797263ms
  adaptation           887.404µs
  checks               18.358499ms
  total                160.330368ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     164
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = 0
  355      to_port           = 65535
  356      protocol          = "-1"
  357  [   cidr_blocks       = ["0.0.0.0/0"]
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             209.703µs
  parsing              82.541959ms
  adaptation           1.30622ms
  checks               16.830356ms
  total                100.888238ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     164
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             154.3µs
  parsing              119.508387ms
  adaptation           377µs
  checks               16.287012ms
  total                136.326699ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     169
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             210.415µs
  parsing              59.124185ms
  adaptation           439.429µs
  checks               9.114915ms
  total                68.888944ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     169
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
_example/aurora-postgres/example.tf Fixed Show fixed Hide fixed
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             142.4µs
  parsing              114.498395ms
  adaptation           341.001µs
  checks               15.726854ms
  total                130.70865ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     169
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:357
────────────────────────────────────────────────────────────────────────────────
  349    resource "aws_security_group_rule" "egress" {
  350      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  351    
  352      description       = var.sg_egress_description
  353      type              = "egress"
  354      from_port         = var.from_port
  355      to_port           = var.to_port
  356      protocol          = var.egress_protocol
  357  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             147.203µs
  parsing              80.564824ms
  adaptation           333.603µs
  checks               9.852001ms
  total                90.897631ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:335
────────────────────────────────────────────────────────────────────────────────
  327    resource "aws_security_group_rule" "egress" {
  328      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  329    
  330      description       = var.sg_egress_description
  331      type              = "egress"
  332      from_port         = var.from_port
  333      to_port           = var.to_port
  334      protocol          = var.egress_protocol
  335  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             158.601µs
  parsing              83.143215ms
  adaptation           361.805µs
  checks               10.010346ms
  total                93.673967ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:335
────────────────────────────────────────────────────────────────────────────────
  327    resource "aws_security_group_rule" "egress" {
  328      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  329    
  330      description       = var.sg_egress_description
  331      type              = "egress"
  332      from_port         = var.from_port
  333      to_port           = var.to_port
  334      protocol          = var.egress_protocol
  335  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             192.902µs
  parsing              81.775365ms
  adaptation           367.504µs
  checks               9.910692ms
  total                92.246463ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:335
────────────────────────────────────────────────────────────────────────────────
  327    resource "aws_security_group_rule" "egress" {
  328      count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0
  329    
  330      description       = var.sg_egress_description
  331      type              = "egress"
  332      from_port         = var.from_port
  333      to_port           = var.to_port
  334      protocol          = var.egress_protocol
  335  [   cidr_blocks       = var.cidr_blocks
  ...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-ec2-no-public-egress-sgr
      Impact Your port is egressing data to the internet
  Resolution Set a more restrictive cidr range

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/ec2/no-public-egress-sgr/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             189.806µs
  parsing              54.944547ms
  adaptation           375.509µs
  checks               15.574382ms
  total                71.084244ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     167
  files read           4

  results
  ──────────────────────────────────────────
  passed               6
  ignored              1
  critical             1
  high                 0
  medium               0
  low                  0

  6 passed, 1 ignored, 1 potential problem(s) detected.

Copy link
Member

@themaniskshah themaniskshah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@13archit 13archit requested a review from nikitadugar August 24, 2023 16:18
Copy link
Member

@nikitadugar nikitadugar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

!LGTM

Copy link
Member

@13archit 13archit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link

@omsharma07 omsharma07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@omsharma07 omsharma07 merged commit e0a81ac into master Aug 24, 2023
@delete-merged-branch delete-merged-branch bot deleted the feat/issue-231 branch August 24, 2023 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.