Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Creating an AWS security group in terraform via a calling module with a count parameter. Resource checks relevant to security groups (for example: CKV_AWS_23, CKV_AWS_24, CKV_AWS_25, CKV_AWS_260, SKV_AWS_277) aren't running for me when the resource is created via a calling module with a count > 0. If there is no count parameter, the checks run. If the count is set to 0, the checks run. If the count is set to 1 or more, the checks don't run.
Example calling module (in directory ./examples/complete)
variable "tags" {
description = <<EOF
"A map of tags to assign to the Security group.
EOF
type = map(string)
}
variable "vpc_id" {
description = "VPC ID where the Security Group should be installed."
type = string
}
The code works fine to spin up and tear down a basic security group, and passes most of the checks if you comment out the count in the calling module, or set it to zero.
My expected behavior would be the opposite of what's happening: that the checks would run if count is > 0, because a resource is being created, but the checks wouldn't run if the count is 0, since no resource is being created.
Using Checkov version 3.2.39
I found some comments from a while back that count hadn't been implemented in early version 2, but wasn't able to find anything current on this. I appreciate any help you can offer or any status updates on count.
Creating an AWS security group in terraform via a calling module with a count parameter. Resource checks relevant to security groups (for example: CKV_AWS_23, CKV_AWS_24, CKV_AWS_25, CKV_AWS_260, SKV_AWS_277) aren't running for me when the resource is created via a calling module with a count > 0. If there is no count parameter, the checks run. If the count is set to 0, the checks run. If the count is set to 1 or more, the checks don't run.
Example calling module (in directory ./examples/complete)
The module it's calling (./modules/sg.tf)
Accompanying variables file (./modules/variables.tf):
The code works fine to spin up and tear down a basic security group, and passes most of the checks if you comment out the count in the calling module, or set it to zero.
My expected behavior would be the opposite of what's happening: that the checks would run if count is > 0, because a resource is being created, but the checks wouldn't run if the count is 0, since no resource is being created.
Using Checkov version 3.2.39
I found some comments from a while back that count hadn't been implemented in early version 2, but wasn't able to find anything current on this. I appreciate any help you can offer or any status updates on count.