false positive for AWS.Instance.NetworkSecurity.Medium.0506

[ismailyenigul]

• terrascan version:: v1.2.0
• Operating System: MacOS

Description

I created a resource "aws_instance" without specifying VPC ID. terrascan report that deployment with no VPC.
I could able to create the instance in the default VPC successfully. I know deploying ec2 without specifying is not a good idea. But the rule should handle it correctly ;)

What I Did

# cat ec2.tf
provider "aws" {
  region = "us-west-2"
}

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "test" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t2.nano"
}


$ terrascan -l debug   scan -t aws -i terraform
...
results:
    violations:
        - rule_name: instanceWithNoVpc
          description: Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.
          rule_id: AWS.Instance.NetworkSecurity.Medium.0506
          severity: MEDIUM
          category: Network Security
          resource_name: test
          resource_type: aws_instance
          file: ec2.tf
          line: 21
    count:
        low: 0
        medium: 1
        high: 0
        total: 1