Skip to content
pull request

Monitor AMIs, Service Limits, PHD events #23

Sign in to view logs

Monitor AMIs, Service Limits, PHD events

Monitor AMIs, Service Limits, PHD events #23

GitHub Actions / tfsec completed Aug 9, 2024 in 0s

reviewdog [tfsec] report

reported by reviewdog 🐶

Findings (6)

monitor_service_quotas.tf|100| Log group is not encrypted.
monitor_ami_usage.tf|109| Log group is not encrypted.
monitor_service_quotas.tf|9| IAM policy document uses sensitive action 'service-quotas:ListServices' on wildcarded resource ''
monitor_ami_usage.tf|20| IAM policy document uses sensitive action 'cloudformation:DescribeStacks' on wildcarded resource ''
monitor_service_quotas.tf|80| Function does not have tracing enabled.
monitor_ami_usage.tf|89| Function does not have tracing enabled.

Filtered Findings (0)

Annotations

Check notice on line 100 in monitor_service_quotas.tf

See this annotation in the file changed.

@github-actions github-actions / tfsec

[tfsec] monitor_service_quotas.tf#L100 <AVD-AWS-0017>(https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/cloudwatch/log-group-customer-key/) 

Log group is not encrypted.
Raw output 
message:"Log group is not encrypted."  location:{path:"/home/runner/work/terraform-aws-rhythmic-account-monitor/terraform-aws-rhythmic-account-monitor/monitor_service_quotas.tf"  range:{start:{line:100}}}  severity:INFO  source:{name:"tfsec"  url:"https://github.com/aquasecurity/tfsec"}  code:{value:"AVD-AWS-0017"  url:"https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/cloudwatch/log-group-customer-key/"}

Check notice on line 109 in monitor_ami_usage.tf

See this annotation in the file changed.

@github-actions github-actions / tfsec

[tfsec] monitor_ami_usage.tf#L109 <AVD-AWS-0017>(https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/cloudwatch/log-group-customer-key/) 

Log group is not encrypted.
Raw output 
message:"Log group is not encrypted."  location:{path:"/home/runner/work/terraform-aws-rhythmic-account-monitor/terraform-aws-rhythmic-account-monitor/monitor_ami_usage.tf"  range:{start:{line:109}}}  severity:INFO  source:{name:"tfsec"  url:"https://github.com/aquasecurity/tfsec"}  code:{value:"AVD-AWS-0017"  url:"https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/cloudwatch/log-group-customer-key/"}

Check failure on line 9 in monitor_service_quotas.tf

See this annotation in the file changed.

@github-actions github-actions / tfsec

[tfsec] monitor_service_quotas.tf#L9 <AVD-AWS-0057>(https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/iam/no-policy-wildcards/) 

IAM policy document uses sensitive action 'service-quotas:ListServices' on wildcarded resource '*'
Raw output 
message:"IAM policy document uses sensitive action 'service-quotas:ListServices' on wildcarded resource '*'"  location:{path:"/home/runner/work/terraform-aws-rhythmic-account-monitor/terraform-aws-rhythmic-account-monitor/monitor_service_quotas.tf"  range:{start:{line:9}}}  severity:ERROR  source:{name:"tfsec"  url:"https://github.com/aquasecurity/tfsec"}  code:{value:"AVD-AWS-0057"  url:"https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/iam/no-policy-wildcards/"}

Check failure on line 20 in monitor_ami_usage.tf

See this annotation in the file changed.

@github-actions github-actions / tfsec

[tfsec] monitor_ami_usage.tf#L20 <AVD-AWS-0057>(https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/iam/no-policy-wildcards/) 

IAM policy document uses sensitive action 'cloudformation:DescribeStacks' on wildcarded resource '*'
Raw output 
message:"IAM policy document uses sensitive action 'cloudformation:DescribeStacks' on wildcarded resource '*'"  location:{path:"/home/runner/work/terraform-aws-rhythmic-account-monitor/terraform-aws-rhythmic-account-monitor/monitor_ami_usage.tf"  range:{start:{line:20}}}  severity:ERROR  source:{name:"tfsec"  url:"https://github.com/aquasecurity/tfsec"}  code:{value:"AVD-AWS-0057"  url:"https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/iam/no-policy-wildcards/"}

Check notice on line 80 in monitor_service_quotas.tf

See this annotation in the file changed.

@github-actions github-actions / tfsec

[tfsec] monitor_service_quotas.tf#L80 <AVD-AWS-0066>(https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/lambda/enable-tracing/) 

Function does not have tracing enabled.
Raw output 
message:"Function does not have tracing enabled."  location:{path:"/home/runner/work/terraform-aws-rhythmic-account-monitor/terraform-aws-rhythmic-account-monitor/monitor_service_quotas.tf"  range:{start:{line:80}}}  severity:INFO  source:{name:"tfsec"  url:"https://github.com/aquasecurity/tfsec"}  code:{value:"AVD-AWS-0066"  url:"https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/lambda/enable-tracing/"}

Check notice on line 89 in monitor_ami_usage.tf

See this annotation in the file changed.

@github-actions github-actions / tfsec

[tfsec] monitor_ami_usage.tf#L89 <AVD-AWS-0066>(https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/lambda/enable-tracing/) 

Function does not have tracing enabled.
Raw output 
message:"Function does not have tracing enabled."  location:{path:"/home/runner/work/terraform-aws-rhythmic-account-monitor/terraform-aws-rhythmic-account-monitor/monitor_ami_usage.tf"  range:{start:{line:89}}}  severity:INFO  source:{name:"tfsec"  url:"https://github.com/aquasecurity/tfsec"}  code:{value:"AVD-AWS-0066"  url:"https://aquasecurity.github.io/tfsec/v1.28.10/checks/aws/lambda/enable-tracing/"}
View more details on GitHub Actions