Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running checkov on the stack results in validation errors #15

Closed
atulgoel126 opened this issue Jul 27, 2024 · 1 comment
Closed

Running checkov on the stack results in validation errors #15

atulgoel126 opened this issue Jul 27, 2024 · 1 comment
Assignees
@david-blg

Comments

@atulgoel126
Copy link

Check: CKV_AWS_28: "Ensure DynamoDB point in time recovery (backup) is enabled"
FAILED for resource: AWS::DynamoDB::Table.UserNotesB5E78576
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:99-182
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-6

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_119: "Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK"
FAILED for resource: AWS::DynamoDB::Table.UserNotesB5E78576
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:99-182
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-52

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
FAILED for resource: AWS::S3::Bucket.buckets3apicrudserverlessdemo22F72684
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:183-232
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_21: "Ensure the S3 bucket has versioning enabled"
FAILED for resource: AWS::S3::Bucket.buckets3apicrudserverlessdemo22F72684
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:183-232
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
FAILED for resource: AWS::Lambda::Function.CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:335-383
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1

            335 |   "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
            336 |    "Type": "AWS::Lambda::Function",
            337 |    "Properties": {
            338 |     "Code": {
            339 |      "S3Bucket": {
            340 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            341 |      },
            342 |      "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
            343 |     },
            344 |     "Timeout": 900,
            345 |     "MemorySize": 128,
            346 |     "Handler": "index.handler",
            347 |     "Role": {
            348 |      "Fn::GetAtt": [
            349 |       "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
            350 |       "Arn"
            351 |      ]
            352 |     },
            353 |     "Runtime": {
            354 |      "Fn::FindInMap": [
            355 |       "LatestNodeRuntimeMap",
            356 |       {
            357 |        "Ref": "AWS::Region"
            358 |       },
            359 |       "value"
            360 |      ]
            361 |     },
            362 |     "Description": {
            363 |      "Fn::Join": [
            364 |       "",
            365 |       [
            366 |        "Lambda function for auto-deleting objects in ",
            367 |        {
            368 |         "Ref": "buckets3apicrudserverlessdemo22F72684"
            369 |        },
            370 |        " S3 bucket."
            371 |       ]
            372 |      ]
            373 |     }
            374 |    },
            375 |    "DependsOn": [
            376 |     "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
            377 |    ],
            378 |    "Metadata": {
            379 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
            380 |     "aws:asset:path": "asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6",
            381 |     "aws:asset:property": "Code"
            382 |    }
            383 |   },

Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
FAILED for resource: AWS::Lambda::Function.CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:335-383
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq

            335 |   "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
            336 |    "Type": "AWS::Lambda::Function",
            337 |    "Properties": {
            338 |     "Code": {
            339 |      "S3Bucket": {
            340 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            341 |      },
            342 |      "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
            343 |     },
            344 |     "Timeout": 900,
            345 |     "MemorySize": 128,
            346 |     "Handler": "index.handler",
            347 |     "Role": {
            348 |      "Fn::GetAtt": [
            349 |       "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
            350 |       "Arn"
            351 |      ]
            352 |     },
            353 |     "Runtime": {
            354 |      "Fn::FindInMap": [
            355 |       "LatestNodeRuntimeMap",
            356 |       {
            357 |        "Ref": "AWS::Region"
            358 |       },
            359 |       "value"
            360 |      ]
            361 |     },
            362 |     "Description": {
            363 |      "Fn::Join": [
            364 |       "",
            365 |       [
            366 |        "Lambda function for auto-deleting objects in ",
            367 |        {
            368 |         "Ref": "buckets3apicrudserverlessdemo22F72684"
            369 |        },
            370 |        " S3 bucket."
            371 |       ]
            372 |      ]
            373 |     }
            374 |    },
            375 |    "DependsOn": [
            376 |     "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
            377 |    ],
            378 |    "Metadata": {
            379 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
            380 |     "aws:asset:path": "asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6",
            381 |     "aws:asset:property": "Code"
            382 |    }
            383 |   },

Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
FAILED for resource: AWS::Lambda::Function.CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:335-383
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit

            335 |   "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
            336 |    "Type": "AWS::Lambda::Function",
            337 |    "Properties": {
            338 |     "Code": {
            339 |      "S3Bucket": {
            340 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            341 |      },
            342 |      "S3Key": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip"
            343 |     },
            344 |     "Timeout": 900,
            345 |     "MemorySize": 128,
            346 |     "Handler": "index.handler",
            347 |     "Role": {
            348 |      "Fn::GetAtt": [
            349 |       "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
            350 |       "Arn"
            351 |      ]
            352 |     },
            353 |     "Runtime": {
            354 |      "Fn::FindInMap": [
            355 |       "LatestNodeRuntimeMap",
            356 |       {
            357 |        "Ref": "AWS::Region"
            358 |       },
            359 |       "value"
            360 |      ]
            361 |     },
            362 |     "Description": {
            363 |      "Fn::Join": [
            364 |       "",
            365 |       [
            366 |        "Lambda function for auto-deleting objects in ",
            367 |        {
            368 |         "Ref": "buckets3apicrudserverlessdemo22F72684"
            369 |        },
            370 |        " S3 bucket."
            371 |       ]
            372 |      ]
            373 |     }
            374 |    },
            375 |    "DependsOn": [
            376 |     "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
            377 |    ],
            378 |    "Metadata": {
            379 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler",
            380 |     "aws:asset:path": "asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6",
            381 |     "aws:asset:property": "Code"
            382 |    }
            383 |   },

Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
FAILED for resource: AWS::Lambda::Function.LambdaGetNotes762724B7
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:502-544
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1

            502 |   "LambdaGetNotes762724B7": {
            503 |    "Type": "AWS::Lambda::Function",
            504 |    "Properties": {
            505 |     "Code": {
            506 |      "S3Bucket": {
            507 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            508 |      },
            509 |      "S3Key": "affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800.zip"
            510 |     },
            511 |     "Description": "This Lambda function will return all notes",
            512 |     "Environment": {
            513 |      "Variables": {
            514 |       "TABLE_NAME": {
            515 |        "Ref": "UserNotesB5E78576"
            516 |       },
            517 |       "BUCKET_NAME": {
            518 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            519 |       }
            520 |      }
            521 |     },
            522 |     "FunctionName": "Lambda-Get-Notes",
            523 |     "Handler": "index.handler",
            524 |     "MemorySize": 256,
            525 |     "Role": {
            526 |      "Fn::GetAtt": [
            527 |       "LambdaGetNotesServiceRole91FB44D8",
            528 |       "Arn"
            529 |      ]
            530 |     },
            531 |     "Runtime": "nodejs20.x",
            532 |     "Timeout": 30
            533 |    },
            534 |    "DependsOn": [
            535 |     "LambdaGetNotesServiceRoleDefaultPolicy3275009B",
            536 |     "LambdaGetNotesServiceRole91FB44D8"
            537 |    ],
            538 |    "Metadata": {
            539 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNotes/Resource",
            540 |     "aws:asset:path": "asset.affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800",
            541 |     "aws:asset:is-bundled": true,
            542 |     "aws:asset:property": "Code"
            543 |    }
            544 |   },

Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
FAILED for resource: AWS::Lambda::Function.LambdaGetNotes762724B7
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:502-544
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq

            502 |   "LambdaGetNotes762724B7": {
            503 |    "Type": "AWS::Lambda::Function",
            504 |    "Properties": {
            505 |     "Code": {
            506 |      "S3Bucket": {
            507 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            508 |      },
            509 |      "S3Key": "affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800.zip"
            510 |     },
            511 |     "Description": "This Lambda function will return all notes",
            512 |     "Environment": {
            513 |      "Variables": {
            514 |       "TABLE_NAME": {
            515 |        "Ref": "UserNotesB5E78576"
            516 |       },
            517 |       "BUCKET_NAME": {
            518 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            519 |       }
            520 |      }
            521 |     },
            522 |     "FunctionName": "Lambda-Get-Notes",
            523 |     "Handler": "index.handler",
            524 |     "MemorySize": 256,
            525 |     "Role": {
            526 |      "Fn::GetAtt": [
            527 |       "LambdaGetNotesServiceRole91FB44D8",
            528 |       "Arn"
            529 |      ]
            530 |     },
            531 |     "Runtime": "nodejs20.x",
            532 |     "Timeout": 30
            533 |    },
            534 |    "DependsOn": [
            535 |     "LambdaGetNotesServiceRoleDefaultPolicy3275009B",
            536 |     "LambdaGetNotesServiceRole91FB44D8"
            537 |    ],
            538 |    "Metadata": {
            539 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNotes/Resource",
            540 |     "aws:asset:path": "asset.affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800",
            541 |     "aws:asset:is-bundled": true,
            542 |     "aws:asset:property": "Code"
            543 |    }
            544 |   },

Check: CKV_AWS_173: "Check encryption settings for Lambda environment variable"
FAILED for resource: AWS::Lambda::Function.LambdaGetNotes762724B7
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:502-544
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

            502 |   "LambdaGetNotes762724B7": {
            503 |    "Type": "AWS::Lambda::Function",
            504 |    "Properties": {
            505 |     "Code": {
            506 |      "S3Bucket": {
            507 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            508 |      },
            509 |      "S3Key": "affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800.zip"
            510 |     },
            511 |     "Description": "This Lambda function will return all notes",
            512 |     "Environment": {
            513 |      "Variables": {
            514 |       "TABLE_NAME": {
            515 |        "Ref": "UserNotesB5E78576"
            516 |       },
            517 |       "BUCKET_NAME": {
            518 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            519 |       }
            520 |      }
            521 |     },
            522 |     "FunctionName": "Lambda-Get-Notes",
            523 |     "Handler": "index.handler",
            524 |     "MemorySize": 256,
            525 |     "Role": {
            526 |      "Fn::GetAtt": [
            527 |       "LambdaGetNotesServiceRole91FB44D8",
            528 |       "Arn"
            529 |      ]
            530 |     },
            531 |     "Runtime": "nodejs20.x",
            532 |     "Timeout": 30
            533 |    },
            534 |    "DependsOn": [
            535 |     "LambdaGetNotesServiceRoleDefaultPolicy3275009B",
            536 |     "LambdaGetNotesServiceRole91FB44D8"
            537 |    ],
            538 |    "Metadata": {
            539 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNotes/Resource",
            540 |     "aws:asset:path": "asset.affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800",
            541 |     "aws:asset:is-bundled": true,
            542 |     "aws:asset:property": "Code"
            543 |    }
            544 |   },

Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
FAILED for resource: AWS::Lambda::Function.LambdaGetNotes762724B7
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:502-544
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit

            502 |   "LambdaGetNotes762724B7": {
            503 |    "Type": "AWS::Lambda::Function",
            504 |    "Properties": {
            505 |     "Code": {
            506 |      "S3Bucket": {
            507 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            508 |      },
            509 |      "S3Key": "affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800.zip"
            510 |     },
            511 |     "Description": "This Lambda function will return all notes",
            512 |     "Environment": {
            513 |      "Variables": {
            514 |       "TABLE_NAME": {
            515 |        "Ref": "UserNotesB5E78576"
            516 |       },
            517 |       "BUCKET_NAME": {
            518 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            519 |       }
            520 |      }
            521 |     },
            522 |     "FunctionName": "Lambda-Get-Notes",
            523 |     "Handler": "index.handler",
            524 |     "MemorySize": 256,
            525 |     "Role": {
            526 |      "Fn::GetAtt": [
            527 |       "LambdaGetNotesServiceRole91FB44D8",
            528 |       "Arn"
            529 |      ]
            530 |     },
            531 |     "Runtime": "nodejs20.x",
            532 |     "Timeout": 30
            533 |    },
            534 |    "DependsOn": [
            535 |     "LambdaGetNotesServiceRoleDefaultPolicy3275009B",
            536 |     "LambdaGetNotesServiceRole91FB44D8"
            537 |    ],
            538 |    "Metadata": {
            539 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNotes/Resource",
            540 |     "aws:asset:path": "asset.affe6eb168528b33fe300e02561321cadd3e57ea15ceabaed7f713d30f9d8800",
            541 |     "aws:asset:is-bundled": true,
            542 |     "aws:asset:property": "Code"
            543 |    }
            544 |   },

Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
FAILED for resource: AWS::Lambda::Function.LambdaGetNoteIdBDE2142E
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:633-672
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1

            633 |   "LambdaGetNoteIdBDE2142E": {
            634 |    "Type": "AWS::Lambda::Function",
            635 |    "Properties": {
            636 |     "Code": {
            637 |      "S3Bucket": {
            638 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            639 |      },
            640 |      "S3Key": "8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a.zip"
            641 |     },
            642 |     "Description": "This Lambda function will return a note by its ID",
            643 |     "Environment": {
            644 |      "Variables": {
            645 |       "TABLE_NAME": {
            646 |        "Ref": "UserNotesB5E78576"
            647 |       }
            648 |      }
            649 |     },
            650 |     "FunctionName": "Lambda-Get-Note-Id",
            651 |     "Handler": "index.handler",
            652 |     "MemorySize": 256,
            653 |     "Role": {
            654 |      "Fn::GetAtt": [
            655 |       "LambdaGetNoteIdServiceRoleAFCC52AF",
            656 |       "Arn"
            657 |      ]
            658 |     },
            659 |     "Runtime": "nodejs20.x",
            660 |     "Timeout": 30
            661 |    },
            662 |    "DependsOn": [
            663 |     "LambdaGetNoteIdServiceRoleDefaultPolicyC1509198",
            664 |     "LambdaGetNoteIdServiceRoleAFCC52AF"
            665 |    ],
            666 |    "Metadata": {
            667 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNoteId/Resource",
            668 |     "aws:asset:path": "asset.8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a",
            669 |     "aws:asset:is-bundled": true,
            670 |     "aws:asset:property": "Code"
            671 |    }
            672 |   },

Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
FAILED for resource: AWS::Lambda::Function.LambdaGetNoteIdBDE2142E
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:633-672
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq

            633 |   "LambdaGetNoteIdBDE2142E": {
            634 |    "Type": "AWS::Lambda::Function",
            635 |    "Properties": {
            636 |     "Code": {
            637 |      "S3Bucket": {
            638 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            639 |      },
            640 |      "S3Key": "8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a.zip"
            641 |     },
            642 |     "Description": "This Lambda function will return a note by its ID",
            643 |     "Environment": {
            644 |      "Variables": {
            645 |       "TABLE_NAME": {
            646 |        "Ref": "UserNotesB5E78576"
            647 |       }
            648 |      }
            649 |     },
            650 |     "FunctionName": "Lambda-Get-Note-Id",
            651 |     "Handler": "index.handler",
            652 |     "MemorySize": 256,
            653 |     "Role": {
            654 |      "Fn::GetAtt": [
            655 |       "LambdaGetNoteIdServiceRoleAFCC52AF",
            656 |       "Arn"
            657 |      ]
            658 |     },
            659 |     "Runtime": "nodejs20.x",
            660 |     "Timeout": 30
            661 |    },
            662 |    "DependsOn": [
            663 |     "LambdaGetNoteIdServiceRoleDefaultPolicyC1509198",
            664 |     "LambdaGetNoteIdServiceRoleAFCC52AF"
            665 |    ],
            666 |    "Metadata": {
            667 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNoteId/Resource",
            668 |     "aws:asset:path": "asset.8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a",
            669 |     "aws:asset:is-bundled": true,
            670 |     "aws:asset:property": "Code"
            671 |    }
            672 |   },

Check: CKV_AWS_173: "Check encryption settings for Lambda environment variable"
FAILED for resource: AWS::Lambda::Function.LambdaGetNoteIdBDE2142E
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:633-672
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

            633 |   "LambdaGetNoteIdBDE2142E": {
            634 |    "Type": "AWS::Lambda::Function",
            635 |    "Properties": {
            636 |     "Code": {
            637 |      "S3Bucket": {
            638 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            639 |      },
            640 |      "S3Key": "8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a.zip"
            641 |     },
            642 |     "Description": "This Lambda function will return a note by its ID",
            643 |     "Environment": {
            644 |      "Variables": {
            645 |       "TABLE_NAME": {
            646 |        "Ref": "UserNotesB5E78576"
            647 |       }
            648 |      }
            649 |     },
            650 |     "FunctionName": "Lambda-Get-Note-Id",
            651 |     "Handler": "index.handler",
            652 |     "MemorySize": 256,
            653 |     "Role": {
            654 |      "Fn::GetAtt": [
            655 |       "LambdaGetNoteIdServiceRoleAFCC52AF",
            656 |       "Arn"
            657 |      ]
            658 |     },
            659 |     "Runtime": "nodejs20.x",
            660 |     "Timeout": 30
            661 |    },
            662 |    "DependsOn": [
            663 |     "LambdaGetNoteIdServiceRoleDefaultPolicyC1509198",
            664 |     "LambdaGetNoteIdServiceRoleAFCC52AF"
            665 |    ],
            666 |    "Metadata": {
            667 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNoteId/Resource",
            668 |     "aws:asset:path": "asset.8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a",
            669 |     "aws:asset:is-bundled": true,
            670 |     "aws:asset:property": "Code"
            671 |    }
            672 |   },

Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
FAILED for resource: AWS::Lambda::Function.LambdaGetNoteIdBDE2142E
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:633-672
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit

            633 |   "LambdaGetNoteIdBDE2142E": {
            634 |    "Type": "AWS::Lambda::Function",
            635 |    "Properties": {
            636 |     "Code": {
            637 |      "S3Bucket": {
            638 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            639 |      },
            640 |      "S3Key": "8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a.zip"
            641 |     },
            642 |     "Description": "This Lambda function will return a note by its ID",
            643 |     "Environment": {
            644 |      "Variables": {
            645 |       "TABLE_NAME": {
            646 |        "Ref": "UserNotesB5E78576"
            647 |       }
            648 |      }
            649 |     },
            650 |     "FunctionName": "Lambda-Get-Note-Id",
            651 |     "Handler": "index.handler",
            652 |     "MemorySize": 256,
            653 |     "Role": {
            654 |      "Fn::GetAtt": [
            655 |       "LambdaGetNoteIdServiceRoleAFCC52AF",
            656 |       "Arn"
            657 |      ]
            658 |     },
            659 |     "Runtime": "nodejs20.x",
            660 |     "Timeout": 30
            661 |    },
            662 |    "DependsOn": [
            663 |     "LambdaGetNoteIdServiceRoleDefaultPolicyC1509198",
            664 |     "LambdaGetNoteIdServiceRoleAFCC52AF"
            665 |    ],
            666 |    "Metadata": {
            667 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaGetNoteId/Resource",
            668 |     "aws:asset:path": "asset.8988c66dad67d09ecee8061e6e92d6affe8191ff610ac9619f5b2cdfae0ecd2a",
            669 |     "aws:asset:is-bundled": true,
            670 |     "aws:asset:property": "Code"
            671 |    }
            672 |   },

Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
FAILED for resource: AWS::Lambda::Function.LambdaPutNotes63D36F10
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:802-844
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1

            802 |   "LambdaPutNotes63D36F10": {
            803 |    "Type": "AWS::Lambda::Function",
            804 |    "Properties": {
            805 |     "Code": {
            806 |      "S3Bucket": {
            807 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            808 |      },
            809 |      "S3Key": "1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217.zip"
            810 |     },
            811 |     "Description": "This Lambda function will create a new note or update an existing one",
            812 |     "Environment": {
            813 |      "Variables": {
            814 |       "TABLE_NAME": {
            815 |        "Ref": "UserNotesB5E78576"
            816 |       },
            817 |       "BUCKET_NAME": {
            818 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            819 |       }
            820 |      }
            821 |     },
            822 |     "FunctionName": "Lambda-Put-Notes",
            823 |     "Handler": "index.handler",
            824 |     "MemorySize": 256,
            825 |     "Role": {
            826 |      "Fn::GetAtt": [
            827 |       "LambdaPutNotesServiceRoleC7C37924",
            828 |       "Arn"
            829 |      ]
            830 |     },
            831 |     "Runtime": "nodejs20.x",
            832 |     "Timeout": 30
            833 |    },
            834 |    "DependsOn": [
            835 |     "LambdaPutNotesServiceRoleDefaultPolicy2E16F1FF",
            836 |     "LambdaPutNotesServiceRoleC7C37924"
            837 |    ],
            838 |    "Metadata": {
            839 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaPutNotes/Resource",
            840 |     "aws:asset:path": "asset.1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217",
            841 |     "aws:asset:is-bundled": true,
            842 |     "aws:asset:property": "Code"
            843 |    }
            844 |   },

Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
FAILED for resource: AWS::Lambda::Function.LambdaPutNotes63D36F10
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:802-844
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq

            802 |   "LambdaPutNotes63D36F10": {
            803 |    "Type": "AWS::Lambda::Function",
            804 |    "Properties": {
            805 |     "Code": {
            806 |      "S3Bucket": {
            807 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            808 |      },
            809 |      "S3Key": "1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217.zip"
            810 |     },
            811 |     "Description": "This Lambda function will create a new note or update an existing one",
            812 |     "Environment": {
            813 |      "Variables": {
            814 |       "TABLE_NAME": {
            815 |        "Ref": "UserNotesB5E78576"
            816 |       },
            817 |       "BUCKET_NAME": {
            818 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            819 |       }
            820 |      }
            821 |     },
            822 |     "FunctionName": "Lambda-Put-Notes",
            823 |     "Handler": "index.handler",
            824 |     "MemorySize": 256,
            825 |     "Role": {
            826 |      "Fn::GetAtt": [
            827 |       "LambdaPutNotesServiceRoleC7C37924",
            828 |       "Arn"
            829 |      ]
            830 |     },
            831 |     "Runtime": "nodejs20.x",
            832 |     "Timeout": 30
            833 |    },
            834 |    "DependsOn": [
            835 |     "LambdaPutNotesServiceRoleDefaultPolicy2E16F1FF",
            836 |     "LambdaPutNotesServiceRoleC7C37924"
            837 |    ],
            838 |    "Metadata": {
            839 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaPutNotes/Resource",
            840 |     "aws:asset:path": "asset.1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217",
            841 |     "aws:asset:is-bundled": true,
            842 |     "aws:asset:property": "Code"
            843 |    }
            844 |   },

Check: CKV_AWS_173: "Check encryption settings for Lambda environment variable"
FAILED for resource: AWS::Lambda::Function.LambdaPutNotes63D36F10
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:802-844
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

            802 |   "LambdaPutNotes63D36F10": {
            803 |    "Type": "AWS::Lambda::Function",
            804 |    "Properties": {
            805 |     "Code": {
            806 |      "S3Bucket": {
            807 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            808 |      },
            809 |      "S3Key": "1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217.zip"
            810 |     },
            811 |     "Description": "This Lambda function will create a new note or update an existing one",
            812 |     "Environment": {
            813 |      "Variables": {
            814 |       "TABLE_NAME": {
            815 |        "Ref": "UserNotesB5E78576"
            816 |       },
            817 |       "BUCKET_NAME": {
            818 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            819 |       }
            820 |      }
            821 |     },
            822 |     "FunctionName": "Lambda-Put-Notes",
            823 |     "Handler": "index.handler",
            824 |     "MemorySize": 256,
            825 |     "Role": {
            826 |      "Fn::GetAtt": [
            827 |       "LambdaPutNotesServiceRoleC7C37924",
            828 |       "Arn"
            829 |      ]
            830 |     },
            831 |     "Runtime": "nodejs20.x",
            832 |     "Timeout": 30
            833 |    },
            834 |    "DependsOn": [
            835 |     "LambdaPutNotesServiceRoleDefaultPolicy2E16F1FF",
            836 |     "LambdaPutNotesServiceRoleC7C37924"
            837 |    ],
            838 |    "Metadata": {
            839 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaPutNotes/Resource",
            840 |     "aws:asset:path": "asset.1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217",
            841 |     "aws:asset:is-bundled": true,
            842 |     "aws:asset:property": "Code"
            843 |    }
            844 |   },

Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
FAILED for resource: AWS::Lambda::Function.LambdaPutNotes63D36F10
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:802-844
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit

            802 |   "LambdaPutNotes63D36F10": {
            803 |    "Type": "AWS::Lambda::Function",
            804 |    "Properties": {
            805 |     "Code": {
            806 |      "S3Bucket": {
            807 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            808 |      },
            809 |      "S3Key": "1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217.zip"
            810 |     },
            811 |     "Description": "This Lambda function will create a new note or update an existing one",
            812 |     "Environment": {
            813 |      "Variables": {
            814 |       "TABLE_NAME": {
            815 |        "Ref": "UserNotesB5E78576"
            816 |       },
            817 |       "BUCKET_NAME": {
            818 |        "Ref": "buckets3apicrudserverlessdemo22F72684"
            819 |       }
            820 |      }
            821 |     },
            822 |     "FunctionName": "Lambda-Put-Notes",
            823 |     "Handler": "index.handler",
            824 |     "MemorySize": 256,
            825 |     "Role": {
            826 |      "Fn::GetAtt": [
            827 |       "LambdaPutNotesServiceRoleC7C37924",
            828 |       "Arn"
            829 |      ]
            830 |     },
            831 |     "Runtime": "nodejs20.x",
            832 |     "Timeout": 30
            833 |    },
            834 |    "DependsOn": [
            835 |     "LambdaPutNotesServiceRoleDefaultPolicy2E16F1FF",
            836 |     "LambdaPutNotesServiceRoleC7C37924"
            837 |    ],
            838 |    "Metadata": {
            839 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaPutNotes/Resource",
            840 |     "aws:asset:path": "asset.1d299573e597817652253160fb2f2baae443a97785f452ed5660baa04275f217",
            841 |     "aws:asset:is-bundled": true,
            842 |     "aws:asset:property": "Code"
            843 |    }
            844 |   },

Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC"
FAILED for resource: AWS::Lambda::Function.LambdaDeleteNotes0BBC790A
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:937-976
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1

            937 |   "LambdaDeleteNotes0BBC790A": {
            938 |    "Type": "AWS::Lambda::Function",
            939 |    "Properties": {
            940 |     "Code": {
            941 |      "S3Bucket": {
            942 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            943 |      },
            944 |      "S3Key": "6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a.zip"
            945 |     },
            946 |     "Description": "This Lambda function will delete a note",
            947 |     "Environment": {
            948 |      "Variables": {
            949 |       "TABLE_NAME": {
            950 |        "Ref": "UserNotesB5E78576"
            951 |       }
            952 |      }
            953 |     },
            954 |     "FunctionName": "Lambda-Delete-Notes",
            955 |     "Handler": "index.handler",
            956 |     "MemorySize": 256,
            957 |     "Role": {
            958 |      "Fn::GetAtt": [
            959 |       "LambdaDeleteNotesServiceRole5FDA207E",
            960 |       "Arn"
            961 |      ]
            962 |     },
            963 |     "Runtime": "nodejs20.x",
            964 |     "Timeout": 30
            965 |    },
            966 |    "DependsOn": [
            967 |     "LambdaDeleteNotesServiceRoleDefaultPolicy33F99A61",
            968 |     "LambdaDeleteNotesServiceRole5FDA207E"
            969 |    ],
            970 |    "Metadata": {
            971 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaDeleteNotes/Resource",
            972 |     "aws:asset:path": "asset.6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a",
            973 |     "aws:asset:is-bundled": true,
            974 |     "aws:asset:property": "Code"
            975 |    }
            976 |   },

Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)"
FAILED for resource: AWS::Lambda::Function.LambdaDeleteNotes0BBC790A
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:937-976
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq

            937 |   "LambdaDeleteNotes0BBC790A": {
            938 |    "Type": "AWS::Lambda::Function",
            939 |    "Properties": {
            940 |     "Code": {
            941 |      "S3Bucket": {
            942 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            943 |      },
            944 |      "S3Key": "6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a.zip"
            945 |     },
            946 |     "Description": "This Lambda function will delete a note",
            947 |     "Environment": {
            948 |      "Variables": {
            949 |       "TABLE_NAME": {
            950 |        "Ref": "UserNotesB5E78576"
            951 |       }
            952 |      }
            953 |     },
            954 |     "FunctionName": "Lambda-Delete-Notes",
            955 |     "Handler": "index.handler",
            956 |     "MemorySize": 256,
            957 |     "Role": {
            958 |      "Fn::GetAtt": [
            959 |       "LambdaDeleteNotesServiceRole5FDA207E",
            960 |       "Arn"
            961 |      ]
            962 |     },
            963 |     "Runtime": "nodejs20.x",
            964 |     "Timeout": 30
            965 |    },
            966 |    "DependsOn": [
            967 |     "LambdaDeleteNotesServiceRoleDefaultPolicy33F99A61",
            968 |     "LambdaDeleteNotesServiceRole5FDA207E"
            969 |    ],
            970 |    "Metadata": {
            971 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaDeleteNotes/Resource",
            972 |     "aws:asset:path": "asset.6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a",
            973 |     "aws:asset:is-bundled": true,
            974 |     "aws:asset:property": "Code"
            975 |    }
            976 |   },

Check: CKV_AWS_173: "Check encryption settings for Lambda environment variable"
FAILED for resource: AWS::Lambda::Function.LambdaDeleteNotes0BBC790A
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:937-976
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

            937 |   "LambdaDeleteNotes0BBC790A": {
            938 |    "Type": "AWS::Lambda::Function",
            939 |    "Properties": {
            940 |     "Code": {
            941 |      "S3Bucket": {
            942 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            943 |      },
            944 |      "S3Key": "6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a.zip"
            945 |     },
            946 |     "Description": "This Lambda function will delete a note",
            947 |     "Environment": {
            948 |      "Variables": {
            949 |       "TABLE_NAME": {
            950 |        "Ref": "UserNotesB5E78576"
            951 |       }
            952 |      }
            953 |     },
            954 |     "FunctionName": "Lambda-Delete-Notes",
            955 |     "Handler": "index.handler",
            956 |     "MemorySize": 256,
            957 |     "Role": {
            958 |      "Fn::GetAtt": [
            959 |       "LambdaDeleteNotesServiceRole5FDA207E",
            960 |       "Arn"
            961 |      ]
            962 |     },
            963 |     "Runtime": "nodejs20.x",
            964 |     "Timeout": 30
            965 |    },
            966 |    "DependsOn": [
            967 |     "LambdaDeleteNotesServiceRoleDefaultPolicy33F99A61",
            968 |     "LambdaDeleteNotesServiceRole5FDA207E"
            969 |    ],
            970 |    "Metadata": {
            971 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaDeleteNotes/Resource",
            972 |     "aws:asset:path": "asset.6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a",
            973 |     "aws:asset:is-bundled": true,
            974 |     "aws:asset:property": "Code"
            975 |    }
            976 |   },

Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"
FAILED for resource: AWS::Lambda::Function.LambdaDeleteNotes0BBC790A
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:937-976
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit

            937 |   "LambdaDeleteNotes0BBC790A": {
            938 |    "Type": "AWS::Lambda::Function",
            939 |    "Properties": {
            940 |     "Code": {
            941 |      "S3Bucket": {
            942 |       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
            943 |      },
            944 |      "S3Key": "6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a.zip"
            945 |     },
            946 |     "Description": "This Lambda function will delete a note",
            947 |     "Environment": {
            948 |      "Variables": {
            949 |       "TABLE_NAME": {
            950 |        "Ref": "UserNotesB5E78576"
            951 |       }
            952 |      }
            953 |     },
            954 |     "FunctionName": "Lambda-Delete-Notes",
            955 |     "Handler": "index.handler",
            956 |     "MemorySize": 256,
            957 |     "Role": {
            958 |      "Fn::GetAtt": [
            959 |       "LambdaDeleteNotesServiceRole5FDA207E",
            960 |       "Arn"
            961 |      ]
            962 |     },
            963 |     "Runtime": "nodejs20.x",
            964 |     "Timeout": 30
            965 |    },
            966 |    "DependsOn": [
            967 |     "LambdaDeleteNotesServiceRoleDefaultPolicy33F99A61",
            968 |     "LambdaDeleteNotesServiceRole5FDA207E"
            969 |    ],
            970 |    "Metadata": {
            971 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/LambdaDeleteNotes/Resource",
            972 |     "aws:asset:path": "asset.6b567bc6955f69f44ec176e7a1b4bc3547e7a4b2abff7b8a1de5ac689e42888a",
            973 |     "aws:asset:is-bundled": true,
            974 |     "aws:asset:property": "Code"
            975 |    }
            976 |   },

Check: CKV_AWS_120: "Ensure API Gateway caching is enabled"
FAILED for resource: AWS::ApiGateway::Stage.ApiCrudServerlessDemoDeploymentStageprodA28301DB
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:1016-1030
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-api-gateway-caching-is-enabled

            1016 |   "ApiCrudServerlessDemoDeploymentStageprodA28301DB": {
            1017 |    "Type": "AWS::ApiGateway::Stage",
            1018 |    "Properties": {
            1019 |     "DeploymentId": {
            1020 |      "Ref": "ApiCrudServerlessDemoDeploymentD50BBF2De70e4918c8d63d2bb235008c1d485d9a"
            1021 |     },
            1022 |     "RestApiId": {
            1023 |      "Ref": "ApiCrudServerlessDemo5F8CA45B"
            1024 |     },
            1025 |     "StageName": "prod"
            1026 |    },
            1027 |    "Metadata": {
            1028 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/Api-Crud-Serverless-Demo/DeploymentStage.prod/Resource"
            1029 |    }
            1030 |   },

Check: CKV_AWS_73: "Ensure API Gateway has X-Ray Tracing enabled"
FAILED for resource: AWS::ApiGateway::Stage.ApiCrudServerlessDemoDeploymentStageprodA28301DB
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:1016-1030
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-15

            1016 |   "ApiCrudServerlessDemoDeploymentStageprodA28301DB": {
            1017 |    "Type": "AWS::ApiGateway::Stage",
            1018 |    "Properties": {
            1019 |     "DeploymentId": {
            1020 |      "Ref": "ApiCrudServerlessDemoDeploymentD50BBF2De70e4918c8d63d2bb235008c1d485d9a"
            1021 |     },
            1022 |     "RestApiId": {
            1023 |      "Ref": "ApiCrudServerlessDemo5F8CA45B"
            1024 |     },
            1025 |     "StageName": "prod"
            1026 |    },
            1027 |    "Metadata": {
            1028 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/Api-Crud-Serverless-Demo/DeploymentStage.prod/Resource"
            1029 |    }
            1030 |   },

Check: CKV_AWS_76: "Ensure API Gateway has Access Logging enabled"
FAILED for resource: AWS::ApiGateway::Stage.ApiCrudServerlessDemoDeploymentStageprodA28301DB
File: /cdk.out/ApiCrudServerlessCdkStack.template.json:1016-1030
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-17

            1016 |   "ApiCrudServerlessDemoDeploymentStageprodA28301DB": {
            1017 |    "Type": "AWS::ApiGateway::Stage",
            1018 |    "Properties": {
            1019 |     "DeploymentId": {
            1020 |      "Ref": "ApiCrudServerlessDemoDeploymentD50BBF2De70e4918c8d63d2bb235008c1d485d9a"
            1021 |     },
            1022 |     "RestApiId": {
            1023 |      "Ref": "ApiCrudServerlessDemo5F8CA45B"
            1024 |     },
            1025 |     "StageName": "prod"
            1026 |    },
            1027 |    "Metadata": {
            1028 |     "aws:cdk:path": "ApiCrudServerlessCdkStack/Api-Crud-Serverless-Demo/DeploymentStage.prod/Resource"
            1029 |    }
            1030 |   },
@david-blg david-blg self-assigned this Jul 28, 2024
@david-blg david-blg mentioned this issue Jul 29, 2024
Closed
@david-blg
Copy link
Owner

Hi @atulgoel126,

I'm glad to hear that the solution was useful to you. I initially made these changes to test the Checkov tool and address some of the issues it identified. However, I reverted those changes because they involved adding unnecessary infrastructure for this example. It's important to recognize that not all issues flagged by Checkov need to be resolved, as this depends on the specific use case, requirements, and objectives of the project.

In this repository, which serves as a basic example of an AWS Serverless CRUD, I have mentioned in the README that for production, you should consider the options that best meet your project's security needs.

Thank you for your feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david-blg david-blg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added fix for the checkov errors. david-blg/api-crud-serverless-cdk
2 participants
@atulgoel126 @david-blg