Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create main.tf #106

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
resource "aws_ebs_volume" "v" {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM  AWS EBS Volume not encrypted using Customer Managed Key
    Resource: aws_ebs_volume.v | Checkov ID: CKV_AWS_189

How to Fix

resource "aws_ebs_volume" "example" {
  availability_zone = "us-west-2a"
  size              = 40
+ kms_key_id = "ckv_kms"
  tags = {
    Name = "HelloWorld"
  }
}

Description

Amazon EBS automatically creates a unique AWS managed key in each Region where you store AWS resources.
This KMS key has the alias alias/aws/ebs.
By default, Amazon EBS uses this KMS key for encryption.
Alternatively, you can specify a symmetric customer managed key that you created as the default KMS key for EBS encryption.
Using your own KMS key gives you more flexibility, including the ability to create, rotate, and disable KMS keys.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM  fail always 2
    Resource: aws_ebs_volume.v | Policy ID: 927241494778216448_AWS_1684176445066

Description

fail

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  AWS resources that support tags do not have Tags
    Resource: aws_ebs_volume.v | Checkov ID: CKV_AWS_CUSTOM_1

How to Fix

resource "aws_security_group" "sg" {
  name = "my-sg"
  ...
+ tags = {
+   Environment = "dev"
+   Owner = "apps-team"
+ }
}

Description

Many AWS resources support tags. Without tags, it is difficult to organize, manage and track resources.
Tags allow you to add metadata to a resource to help identify ownership, perform cost / billing analysis, and to enrich a resource with other valuable information, such as descriptions and environment names.

While there are many ways that tags can be used, we recommend you follow a tagging practice.
View AWS's recommended tagging best practices https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf[here].

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  fail always 3
    Resource: aws_ebs_volume.v | Policy ID: 927241494778216448_AWS_1684760158123

Description

fail

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  fail always
    Resource: aws_ebs_volume.v | Policy ID: 927241494778216448_AWS_1679497236765

Description

fail


}
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Mar 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  AWS EBS volumes are not encrypted
    Resource: aws_ebs_volume.v | Checkov ID: CKV_AWS_3

Description

Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed.
AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots.
Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
We recommend you encrypt all data stored in the EBS.

     🎉   Fixed by commit 5c29566 - Prisma Cloud bot fix for main.tf