https://github.com/andgineer/terraform-aws-cloudmap/issues/1

chechov 2
andgineer · Oct 19, 2024 · 761120d · 761120d
1 parent 9d9c8e4
commit 761120d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/terraform/modules/common/s3.tf b/terraform/modules/common/s3.tf
@@ -5,6 +5,9 @@ locals {
 }
 
 resource "aws_s3_bucket" "this" {
+  #checkov:skip=CKV_AWS_62: S3 bucket no notfication
+  #checkov:skip=CKV_AWS_18: no logging access
+  #checkov:skip=CKV2_AWS_6: no public access
   count  = terraform.workspace == local.common_workspace ? 1 : 0
   bucket = "andgineer-bucket"
     force_destroy = true # 'terraform destroy' will remove the S3 bucket, even if it contains objects

diff --git a/terraform/modules/ecs-ec2/database.tf b/terraform/modules/ecs-ec2/database.tf
@@ -5,6 +5,7 @@ resource "random_password" "db" {  # tflint-ignore: terraform_required_providers
 
 resource "aws_secretsmanager_secret" "database" {  # tfsec:ignore:aws-ssm-secret-use-customer-key
   #checkov:skip=CKV_AWS_149: KMS encryption
+  #checkov:skip=CKV_AWS_57: no rotation
   name                    = "${var.ecs_name}-database"
   description             = "Credentials for the database"
   recovery_window_in_days = 0 # remove AWS delete protection to ease terraform destroy
@@ -44,6 +45,7 @@ resource "aws_rds_cluster" "database" {  # tfsec:ignore:aws-rds-encrypt-cluster-
   #checkov:skip=CKV_AWS_327: KMS encryption
   #checkov:skip=CKV_AWS_162: no IAM auth
   #checkov:skip=CKV_AWS_324: no DB logs
+  #checkov:skip=CKV2_AWS_8: backup retention
   cluster_identifier              = "${var.ecs_name}-db"
   engine                          = "aurora-postgresql"
   engine_mode                     = "provisioned" # "serverless" for serverless v1