From ec00f4559a8ed973a22325c963f9cf4c7fac1da6 Mon Sep 17 00:00:00 2001 From: DN <690117+davenicoll@users.noreply.github.com> Date: Thu, 18 May 2023 08:50:55 -0700 Subject: [PATCH] tfsec ignores added/fixed (#177) * tfsec ignores added/fixed * make github/init * reverted makefile change --------- Co-authored-by: Dave Nicoll Co-authored-by: Max Lobur --- nat-instance.tf | 2 +- private.tf | 14 +++++++------- public.tf | 12 ++++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/nat-instance.tf b/nat-instance.tf index 70d0c50..4d7e9d7 100644 --- a/nat-instance.tf +++ b/nat-instance.tf @@ -33,7 +33,7 @@ resource "aws_security_group_rule" "nat_instance_egress" { from_port = 0 to_port = 0 protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] #tfsec:ignore:AWS007 + cidr_blocks = ["0.0.0.0/0"] #tfsec:ignore:aws-ec2-no-public-egress-sgr security_group_id = join("", aws_security_group.nat_instance[*].id) type = "egress" } diff --git a/private.tf b/private.tf index ef208fb..17b8665 100644 --- a/private.tf +++ b/private.tf @@ -100,10 +100,10 @@ resource "aws_network_acl_rule" "private4_ingress" { rule_number = var.open_network_acl_ipv4_rule_number egress = false - cidr_block = "0.0.0.0/0" + cidr_block = "0.0.0.0/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } resource "aws_network_acl_rule" "private4_egress" { @@ -117,7 +117,7 @@ resource "aws_network_acl_rule" "private4_egress" { cidr_block = "0.0.0.0/0" from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } resource "aws_network_acl_rule" "private6_ingress" { @@ -128,10 +128,10 @@ resource "aws_network_acl_rule" "private6_ingress" { rule_number = var.open_network_acl_ipv6_rule_number egress = false - ipv6_cidr_block = "::/0" + ipv6_cidr_block = "::/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } resource "aws_network_acl_rule" "private6_egress" { @@ -142,8 +142,8 @@ resource "aws_network_acl_rule" "private6_egress" { rule_number = var.open_network_acl_ipv6_rule_number egress = true - ipv6_cidr_block = "::/0" + ipv6_cidr_block = "::/0" #tfsec:ignore:aws-ec2-no-excessive-port-access from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } diff --git a/public.tf b/public.tf index b2b466a..fd7f823 100644 --- a/public.tf +++ b/public.tf @@ -111,10 +111,10 @@ resource "aws_network_acl_rule" "public4_ingress" { rule_number = var.open_network_acl_ipv4_rule_number egress = false - cidr_block = "0.0.0.0/0" + cidr_block = "0.0.0.0/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } resource "aws_network_acl_rule" "public4_egress" { @@ -128,7 +128,7 @@ resource "aws_network_acl_rule" "public4_egress" { cidr_block = "0.0.0.0/0" from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } resource "aws_network_acl_rule" "public6_ingress" { @@ -139,10 +139,10 @@ resource "aws_network_acl_rule" "public6_ingress" { rule_number = var.open_network_acl_ipv6_rule_number egress = false - ipv6_cidr_block = "::/0" + ipv6_cidr_block = "::/0" #tfsec:ignore:aws-ec2-no-public-ingress-acl from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access } resource "aws_network_acl_rule" "public6_egress" { @@ -156,5 +156,5 @@ resource "aws_network_acl_rule" "public6_egress" { ipv6_cidr_block = "::/0" from_port = 0 to_port = 0 - protocol = "-1" + protocol = "-1" #tfsec:ignore:aws-ec2-no-excessive-port-access }