Can not find the rule in the policy and skip it - "Ensure that your AWS application is not deployed within the default Virtual Private Cloud in order to follow security best practices"

[ibmer921150]

• terrascan version: v1.4.0
• Operating System: Ubuntu 20.04

Description

Got below error after Terrascan scan for the models. I can not search the rule in the policy and also can not skip it.

Violation Details -

        Description    :        Ensure that your AWS application is not deployed within the default Virtual Private Cloud in order to follow security best practices
        File           :        ../ec2/main.tf
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

What I Did

terrascan scan --skip-rules="AWS.S3Bucket.DS.High.1043,AWS.VPC.Logging.Medium.0470"

Can you please help me to skip it? Thanks

[kanchwala-yusuf]

Hey @ibmer921150,

Can you please try running terrascan with a -v option? -v will give you the exact rule ID for the violation.

$ terrascan scan -d count -v

Violation Details -

    Description    :    EC2 instances should disable IMDS or require IMDSv2 as this can be related to the weaponization phase of kill chain
    File           :    main.tf
    Line           :    1
    Severity       :    MEDIUM
    Rule Name      :    ec2UsingIMDSv1
    Rule ID        :    AC-AWS-NS-IN-M-1172
    Resource Name  :    server
    Resource Type  :    aws_instance
    Category       :    Infrastructure Security

    -----------------------------------------------------------------------

    Description    :    Ensure that your AWS application is not deployed within the default Virtual Private Cloud in order to follow security best practices
    File           :    main.tf
    Line           :    1
    Severity       :    MEDIUM
    Rule Name      :    instanceWithNoVpc
    Rule ID        :    AC-AW-IS-IN-M-0144
    Resource Name  :    server
    Resource Type  :    aws_instance
    Category       :    Infrastructure Security

    -----------------------------------------------------------------------

Scan Summary -

    File/Folder         :   /Users/jarvis/go/src/github.com/accurics/terrascan/pkg/iac-providers/terraform/v14/testdata/count
    IaC Type            :   terraform
    Scanned At          :   2021-04-08 03:34:42.129432 +0000 UTC
    Policies Validated  :   561
    Violated Policies   :   2
    Low                 :   0
    Medium              :   2
    High                :   0

If you want to skip the violations reported by terrascan there are two ways of achieving it:

1. Use --skip-rules:

   
   $ terrascan scan -d count -v --skip-rules=AC-AWS-NS-IN-M-1172,AC-AW-IS-IN-M-0144

Scan Summary -

File/Folder         :   /Users/jarvis/go/src/github.com/accurics/terrascan/pkg/iac-providers/terraform/v14/testdata/count
IaC Type            :   terraform
Scanned At          :   2021-04-08 03:35:18.418201 +0000 UTC
Policies Validated  :   559
Violated Policies   :   0
Low                 :   0
Medium              :   0
High                :   0

2. Use of comments in a terraform resource in a terraform file. Please refer https://github.com/accurics/terrascan#rule-suppression

You can also refer to the explanations in https://github.com/accurics/terrascan/issues/628

Please let us know if this helps?

[ibmer921150]

Thanks @kanchwala-yusuf . It's very helpful. It would be good to add the rule in the latest policy as reference for other people.