search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.07k stars 1.11k forks source link

CKV_AWS_312 ElasticBeanstalkUseEnhancedHealthChecks is checking the wrong parameter #6042

Open igordust opened 7 months ago

igordust commented 7 months ago

Describe the issue CKV_AWS_312 is checking that the parameter HealthStreamingEnabled in namespace aws:elasticbeanstalk:healthreporting:system is set, but such parameter doesn't exist.

Looking at official documentation: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-cloudwatchlogs-health the parameter is HealthStreamingEnabled in namespace aws:elasticbeanstalk:cloudwatch:logs:health

Examples

resource "aws_elastic_beanstalk_environment" "pass" {
  name                   = "beany"
  application            = var.elastic_beanstalk_application_name
  description            = var.description
  tier                   = var.tier
  solution_stack_name    = var.solution_stack_name
  wait_for_ready_timeout = var.wait_for_ready_timeout
  version_label          = var.version_label
  tags                   = local.tags
+ setting {
+   namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
+   name      = "HealthStreamingEnabled"
+   value     = "true"
+ }
}

Version (please complete the following information):

Additional context Add any other context about the problem here.

avazula commented 7 months ago

Hey @igordust, this issue was reported by Steve here: https://github.com/bridgecrewio/checkov/issues/6007

I offered a PR to fix it but no reviews so far/no sign of Bridgecrew. https://github.com/bridgecrewio/checkov/pull/6027

If you can I'd love it if you could review it.

igordust commented 7 months ago

I would be more than happy to review it, what do I need to do? I don't know the checkov rules review process.

stale[bot] commented 1 month ago

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!