search

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
Apache License 2.0
787 stars 996 forks source link

Checkov Scan Findings for "terraform-aws-iam" Repository #494

Closed m5jain closed 3 months ago

m5jain commented 3 months ago

Description

While running the Checkov scanning tool for the "terraform-aws-iam" repo, we identified several issues, which are attached. Please review them.

Versions

Reproduction Code [Required]

Steps to reproduce the behavior: Run the Checkov tool on the module as suggested on the Checkov official page: https://www.checkov.io/7.Scan%20Examples/Terraform%20Plan%20Scanning.html

Expected behavior

There should not be any findings in the output.

Actual behavior

We encountered the following findings: ID: CKV_AWS_356 ID: CKV_AWS_111 ID: CKV_AWS_109

Terminal Output Screenshot(s)

Refer to the attached file for the line numbers where the issues are located.

iam_issues.txt

bryantbiggs commented 3 months ago

scanners do not work on modules because modules do not define the end intent. its sort of like trying to stress test a blueprint for a building, it doesn't work - you test the final implementation

github-actions[bot] commented 2 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.