Skip to content

Feat/amazon mq testing: add and update module #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 40 commits into
base: master
Choose a base branch
from
Open

Feat/amazon mq testing: add and update module #5

wants to merge 40 commits into from

Conversation

rakeshclouddevops
Copy link
Contributor

what

  • added the parameter for used the hard coded secrets.

why

  • it is required to be latest.

references

  • Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow).
  • Use closes #123, if this PR closes a Jira issue #123

VishwajitNagulkar and others added 30 commits November 12, 2024 23:43
@VishwajitNagulkar
Initialize feat/update_terraform_module_template
81549d8
updated code
064e651
updated code
dd4fe04
@rakeshclouddevops
updated code
5dcdd53
updated code
2c6c534
updated code
254e93f
@rakeshclouddevops
update tf version
0d7d1e7
@rakeshclouddevops
updated description
13f4de0
@rakeshclouddevops
update tfchecks
260011f
@rakeshclouddevops
test
bdc72dd
updated code
9be2349
Merged master into feat/amazon-mq and resolved conflicts
bea2cc6
Fix Terraform formatting
1451c98
updated sg
ade0dfa
updated sg
f5e44f5
updated sg
708b9b7
updated sg
478e000
updated sg
cd2d60a
updated sg
dff32c2
updated sg
2619a15
ran fmt
e187b34
fix: added public_inbound_acl in public subnet
7accb46
fix: added private_inbound_acl in public subnet
4ad3a24
RUN: terraform fmt
a0f4fda
change: rule action in inbound
0bd8fac
change: remove acl rules from public subnet
2bc5953
change: change the cidr block in inblound rules
bec1348
change: make changes in inblound rules
861c709
fix: indentation
97c3239
fix: change the cidr_block in acl rule in public subnet
23007b0
rakeshclouddevops and others added 10 commits November 14, 2024 22:06
fix: remove duplicate example directory
965721c
@VishwajitNagulkar
feat: updated readme configuration
9557c19
update: add logic for setup hardcoded secrets in main module
7b2098e
Merge branch 'feat/amazon-mq' of https://github.com/clouddrove/terraf…
1241264 
…orm-aws-mq into feat/amazon-mq
update: add lifecycle to control how resourese created and destroyed …
57fcabc 
…and depends on in main module to ensure resources created in right order
remove: remove tf-checks.yml from the github workflow
2ce4986
@VishwajitNagulkar
Feat: updated trigger
5cfd01b
fix: test the code that hardcoded user name pass are used if set secr…
df63802 
…et manager is set: false
Merge branch 'feat/amazon-mq-testing' of https://github.com/clouddrov…
ae80db4 
…e/terraform-aws-mq into feat/amazon-mq-testing
fix: Resolved merge conflicts between feat/amazon-mq-testing and master
5e6d24b
@clouddrove-ci clouddrove-ci self-assigned this Nov 15, 2024
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 MEDIUM Broker does not have audit logging enabled. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:230
────────────────────────────────────────────────────────────────────────────────
  204    resource "aws_mq_broker" "default" {
  ...  
  230  [     audit   = var.audit_log_enabled ? true : false (false)
  ...  
  278    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-mq-enable-audit-logging
      Impact Without audit logging it is difficult to trace activity in the MQ broker
  Resolution Enable audit logging

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/mq/enable-audit-logging/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#audit
────────────────────────────────────────────────────────────────────────────────


Result #2 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:196-201
────────────────────────────────────────────────────────────────────────────────
  196    resource "aws_cloudwatch_log_group" "mq_logs" {
  197      count             = var.enable_cloudwatch_logs ? 1 : 0
  198      name              = "/aws/mq/${var.mq_broker_name}"
  199      retention_in_days = var.cloudwatch_log_retention_days
  200      tags              = var.tags
  201    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


Result #3 LOW Broker does not have general logging enabled. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:229
────────────────────────────────────────────────────────────────────────────────
  204    resource "aws_mq_broker" "default" {
  ...  
  229  [     general = var.general_log_enabled ? true : false (false)
  ...  
  278    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-mq-enable-general-logging
      Impact Without logging it is difficult to trace issues
  Resolution Enable general logging

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/mq/enable-general-logging/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#general
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             93.543µs
  parsing              111.83324ms
  adaptation           120.936µs
  checks               3.317639ms
  total                115.365358ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     86
  files read           4

  results
  ──────────────────────────────────────────
  passed               1
  ignored              0
  critical             0
  high                 0
  medium               1
  low                  2

  1 passed, 3 potential problem(s) detected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VishwajitNagulkar VishwajitNagulkar Awaiting requested review from VishwajitNagulkar

@anmolnagpal anmolnagpal Awaiting requested review from anmolnagpal anmolnagpal is a code owner

@clouddrove-ci clouddrove-ci Awaiting requested review from clouddrove-ci clouddrove-ci is a code owner

Assignees

@clouddrove-ci clouddrove-ci

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rakeshclouddevops @clouddrove-ci @VishwajitNagulkar