diff --git a/README.md b/README.md index 19cd42d..021e345 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ If you're looking to raise an issue with this module, please create a new issue | Name | Source | Version | |------|--------|---------| -| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v7.0.0 | +| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | 8688bc15a08fbf5a4f4eef9b7433c5a417df8df1 | ## Resources diff --git a/main.tf b/main.tf index 33fdc35..a2e0f5a 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ module "s3-bucket" { count = var.existing_bucket_name == "" ? 1 : 0 - source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0" + source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1" # v7.0.0 providers = { aws.bucket-replication = aws.bucket-replication @@ -121,6 +121,16 @@ data "aws_elb_service_account" "default" {} ###### IAM ##### data "aws_iam_policy_document" "ssm-admin-policy-doc" { + + # Not relevant to what we are doing. This sets a high level access policy + #checkov:skip=CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation" + #checkov:skip=CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints" + #checkov:skip=CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure" + #checkov:skip=CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration" + #checkov:skip=CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions" + #checkov:skip=CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints" + #checkov:skip=CKV_TF_1: "Ensure Terraform module sources use a commit hash" + statement { actions = ["s3:*", "ec2:*",