Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Precisely patches #15

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Precisely patches #15

wants to merge 7 commits into from

Conversation

herman-wong-cf
Copy link

  • Updated AzureRM provider from 3.X => 4.X
  • Adjusted "azurerm_storage_account" resource "enable_https_traffic_only" => "https_traffic_only_enabled"
  • Pointed pak module calls to a specific tag. (tflint)
  • Removed all data sources and variables that were declared but not used (tflint).
  • Added data_collection_rule_id = var.log_analytics_data_collection_rule_id in the "azurerm_log_analytics_workspace". In Terraform, this is the ONLY method of associating a Workspace Transformation Data Collection Rule to the Workspace (only 1 allowed per Workspace).
  • Adjusted "azurerm_monitor_aad_diagnostic_setting" resource "log" => "enabled_log". The only accepted parameter for the block is "category".
  • Added required_version and required_providers (tflint), used loose versioning to only lock to a major version.

@github-actions GitHub Actions
Copy link

Checkov Scan Results 📖:

File Check ID Description Resource Checkov Result
/blob_tstate.tf CKV_AZURE_244 Avoid the use of local users for Azure Storage unless necessary azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV_AZURE_33 Ensure Storage logging is enabled for Queue service for read, write and delete requests azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV_AZURE_59 Ensure that Storage accounts disallow public access azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV2_AZURE_33 Ensure storage account is configured with private endpoint azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV2_AZURE_38 Ensure soft-delete is enabled on Azure storage account azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV2_AZURE_41 Ensure storage account is configured with SAS expiration policy azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV2_AZURE_40 Ensure storage account is not configured with Shared Key authorization azurerm_storage_account.tf_state FAILED
/blob_tstate.tf CKV2_AZURE_21 Ensure Storage logging is enabled for Blob service for read requests azurerm_storage_container.tf_state_lock FAILED

Please review the above report. ⚠️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@douglas-f douglas-f Awaiting requested review from douglas-f douglas-f is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@herman-wong-cf