Open stevec1980 opened 9 months ago
JamesWoolfenden
commented
9 months ago it's missing the execution of it's test case:
def test_Route53ZoneEnableDNSSECSigning(self):
self.go("Route53ZoneEnableDNSSECSigning")and so its test is never running, which fails for your case.
Saarett
commented
9 months ago @JamesWoolfenden Good catch 💪 @stevec1980 How do you feel about contributing the fix? 😄
stale[bot]
commented
3 months ago Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!
aayushsrivastava
commented
3 months ago I faced this same problem today. I'll look into contributing a fix when ever I have some free time.
Describe the issue CKV2_AWS_38 - This cehck should only faile in the route53 hosted zone is public, however it also fails for private too.
Examples
resource "aws_route53_zone" "ses_private_hosted_zone" { comment = "phz for ses vpc endpoint" lifecycle { ignore_changes = [vpc] } name = "email-smtp.${local.aws_region_name}.amazonaws.com" vpc { vpc_id = aws_vpc.shared_services_vpc.id } }
The presence of vpc config in the resource shows it is a private zone, but the check still fails.
Version (please complete the following information):
Additional context none