search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.72k stars 1.08k forks source link

fix(terraform): CKV_AWS_339 add Kubernetes 1.30 to AWS EKS version checks #6353

Closed james-bjss closed 1 week ago

james-bjss commented 1 month ago

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[//]: # "

PR Title

Be aware that we use the title to create changelog automatically and therefore only allow specific prefixes
- break:    to indicate a breaking change, this supersedes any of the types
- feat:     to indicate new features or checks
- fix:      to indicate a bugfix or handling of edge cases of existing checks
- docs:     to indicate an update to our documentation
- chore:    to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Additionally a scope is needs to be added to the prefix, which indicates the targeted framework, in doubt choose 'general'.
#    
Allowed prefixs:
ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance

"

Description

Add newly released 1.30 version of Kubernetes for EKS into supported version strings.

Fixes #6352

New/Edited policies (Delete if not relevant)

Description

Kubernetes 1.30 is now supported on AWS EKS: https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

james-bjss commented 1 month ago

Checked the tests and there was nothing to explicitly update. Have built locally and tested against our TF config to confirm it no longer reports 1.30 as being an unsupported EKS/Kube version.