Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GKE Control Plane is exposed to few public IP addresses #743

Closed
sachinar opened this issue May 6, 2021 · 3 comments
Closed

GKE Control Plane is exposed to few public IP addresses #743

sachinar opened this issue May 6, 2021 · 3 comments

Comments

@sachinar
Copy link
Contributor

sachinar commented May 6, 2021

  • terrascan version:1.4.0
  • Operating System: docker image

Description

Description    :	GKE Control Plane is exposed to few public IP addresses using master-authorized-network-config
File           :	../../../../../../tmp/azxtv6/gke/gke.tf
Line           :	2
Severity       :	Medium

Which rule shall I use to skip this?
@sachinar
Copy link
Contributor Author

sachinar commented May 6, 2021
edited
Loading

@kanchwala-yusuf Can you please look into this?

@kanchwala-yusuf
Copy link
Contributor

Hey @sachinar ,
Can you please try using -v option? This gives you the rule ID for the reported violations. That rule ID is the one you should skip!

Violation Details -

	Description    :	Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
	File           :	modules/m4/main.tf
	Line           :	11
	Severity       :	HIGH
	Rule Name      :	s3Versioning
	Rule ID        :	AWS.S3Bucket.IAM.High.0370.  <<<<<<<<<<<<<<<<<< Rule ID
	Resource Name  :	bucket
	Resource Type  :	aws_s3_bucket
	Category       :	Resilience

	-----------------------------------------------------------------------

	Description    :	Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
	File           :	modules/m4/modules/m4a/main.tf
	Line           :	20
	Severity       :	HIGH
	Rule Name      :	s3Versioning
	Rule ID        :	AWS.S3Bucket.IAM.High.0370.     <<<<<<<<<<<<<<<<< Rule ID
	Resource Name  :	bucket4a
	Resource Type  :	aws_s3_bucket
	Category       :	Resilience

	-----------------------------------------------------------------------


Scan Summary -

	File/Folder         :	/Users/jarvis/go/src/github.com/accurics/terrascan/pkg/iac-providers/terraform/v14/testdata/deep-modules
	IaC Type            :	all
	Scanned At          :	2021-05-06 12:01:53.211633 +0000 UTC
	Policies Validated  :	561
	Violated Policies   :	2
	Low                 :	0
	Medium              :	0
	High                :	2

@sachinar
Copy link
Contributor Author

sachinar commented May 6, 2021

@kanchwala-yusuf Thanks for help got it which rule I need to use AC-GC-IS-CC-M-0367

@sachinar sachinar closed this as completed May 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sachinar @kanchwala-yusuf