search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.98k stars 1.1k forks source link

CKV2_AWS_5: Security group attached to an Elastic DocumentDB cluster is not recognized #6686

Open bhean opened 2 weeks ago

bhean commented 2 weeks ago

Issue Check CKV2_AWS_5 is failing when you try to create an Elastic DocumentDB cluster using Terraform because the Security Group attached to the cluster is not recognized.

Example

resource "aws_security_group" "main" {
...
}

resource "aws_docdbelastic_cluster" "main" {
  name = "docdbelastic_cluster"

  vpc_security_group_ids = [aws_security_group.main.id]
...
}
Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
  FAILED for resource: aws_security_group.docdb_sg
  File: /main.tf:39-58
  Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis
bhean commented 2 weeks ago

I'll try to send a pull-request with the fix in a while...