Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Describe the issue
Since the last few versions CKV2_AWS_14 and CKV2_AWS_21 started failing without changes to the Terraform configuration. There don't seem to be changes to the checks within the last 2 years too. That said, I don't know what changed. Based on the implementation of the checks I would assume that the configuration is valid as aws_iam_group_membership has a connection to aws_iam_group and defines the users property (see example below).
Examples
resource "aws_iam_group" "groupa" {
name = "groupa"
}
resource "aws_iam_group_membership" "groupa" {
name = "groupa"
group = aws_iam_group.groupa.name
users = [
"someuser",
"anotheruser",
]
}
Version (please complete the following information):
Checkov Version 3.2.124
Additional context
The last version, where the problem was not present seems to be 3.2.108.
Describe the issue Since the last few versions CKV2_AWS_14 and CKV2_AWS_21 started failing without changes to the Terraform configuration. There don't seem to be changes to the checks within the last 2 years too. That said, I don't know what changed. Based on the implementation of the checks I would assume that the configuration is valid as
aws_iam_group_membership
has a connection toaws_iam_group
and defines theusers
property (see example below).Examples
Version (please complete the following information):
Additional context The last version, where the problem was not present seems to be 3.2.108.