tfsec ignores added/fixed (#177)

* tfsec ignores added/fixed * make github/init * reverted makefile change --------- Co-authored-by: Dave Nicoll <[email protected]> Co-authored-by: Max Lobur <[email protected]>
cloudposse · May 18, 2023 · ec00f45 · ec00f45
1 parent 200bae8
commit ec00f45
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/nat-instance.tf b/nat-instance.tf
@@ -33,7 +33,7 @@ resource "aws_security_group_rule" "nat_instance_egress" {
   from_port         = 0
   to_port           = 0
   protocol          = "-1"
-  cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:AWS007
+  cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:aws-ec2-no-public-egress-sgr
   security_group_id = join("", aws_security_group.nat_instance[*].id)
   type              = "egress"
 }

diff --git a/private.tf b/private.tf
@@ -100,10 +100,10 @@ resource "aws_network_acl_rule" "private4_ingress" {
   rule_number    = var.open_network_acl_ipv4_rule_number
 
   egress     = false
-  cidr_block = "0.0.0.0/0"
+  cidr_block = "0.0.0.0/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl
   from_port  = 0
   to_port    = 0
-  protocol   = "-1"
+  protocol   = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
 
 resource "aws_network_acl_rule" "private4_egress" {
@@ -117,7 +117,7 @@ resource "aws_network_acl_rule" "private4_egress" {
   cidr_block = "0.0.0.0/0"
   from_port  = 0
   to_port    = 0
-  protocol   = "-1"
+  protocol   = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
 
 resource "aws_network_acl_rule" "private6_ingress" {
@@ -128,10 +128,10 @@ resource "aws_network_acl_rule" "private6_ingress" {
   rule_number    = var.open_network_acl_ipv6_rule_number
 
   egress          = false
-  ipv6_cidr_block = "::/0"
+  ipv6_cidr_block = "::/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl
   from_port       = 0
   to_port         = 0
-  protocol        = "-1"
+  protocol        = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
 
 resource "aws_network_acl_rule" "private6_egress" {
@@ -142,8 +142,8 @@ resource "aws_network_acl_rule" "private6_egress" {
   rule_number    = var.open_network_acl_ipv6_rule_number
 
   egress          = true
-  ipv6_cidr_block = "::/0"
+  ipv6_cidr_block = "::/0" #tfsec:ignore:aws-ec2-no-excessive-port-access
   from_port       = 0
   to_port         = 0
-  protocol        = "-1"
+  protocol        = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
diff --git a/public.tf b/public.tf
@@ -111,10 +111,10 @@ resource "aws_network_acl_rule" "public4_ingress" {
   rule_number    = var.open_network_acl_ipv4_rule_number
 
   egress     = false
-  cidr_block = "0.0.0.0/0"
+  cidr_block = "0.0.0.0/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl
   from_port  = 0
   to_port    = 0
-  protocol   = "-1"
+  protocol   = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
 
 resource "aws_network_acl_rule" "public4_egress" {
@@ -128,7 +128,7 @@ resource "aws_network_acl_rule" "public4_egress" {
   cidr_block = "0.0.0.0/0"
   from_port  = 0
   to_port    = 0
-  protocol   = "-1"
+  protocol   = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
 
 resource "aws_network_acl_rule" "public6_ingress" {
@@ -139,10 +139,10 @@ resource "aws_network_acl_rule" "public6_ingress" {
   rule_number    = var.open_network_acl_ipv6_rule_number
 
   egress          = false
-  ipv6_cidr_block = "::/0"
+  ipv6_cidr_block = "::/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl
   from_port       = 0
   to_port         = 0
-  protocol        = "-1"
+  protocol        = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }
 
 resource "aws_network_acl_rule" "public6_egress" {
@@ -156,5 +156,5 @@ resource "aws_network_acl_rule" "public6_egress" {
   ipv6_cidr_block = "::/0"
   from_port       = 0
   to_port         = 0
-  protocol        = "-1"
+  protocol        = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access
 }