Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic block for Terraform AWS ALB access_logs #776

Closed
ArneRiemann4711 opened this issue Jan 11, 2021 · 10 comments
Closed

Dynamic block for Terraform AWS ALB access_logs #776

ArneRiemann4711 opened this issue Jan 11, 2021 · 10 comments
Assignees
@schosterbarak

Comments

@ArneRiemann4711
Copy link

ArneRiemann4711 commented Jan 11, 2021
edited
Loading

Describe the bug
When using dynamic blocks to enable access_logs for AWS ALB checkov is marking
the check CKV_AWS_91 as failed.

To Reproduce
Steps to reproduce the behavior:

  1. Surround access_log bock with "dynamic"
  2. Run checkov
  3. Test for CKV_AWS_91 will fail

Expected behavior
Test for CKV_AWS_91 will pass

Desktop (please complete the following information):

  • OS: MacOs Big Sur
  • Checkov Version [1.0.675]

Additional context

  dynamic "access_logs" {
    for_each = module.s3_bucket
    content {
      bucket  = access_logs.value.bucket.id
      prefix  = "${var.environment}-public"
      enabled = true
    }
}
@schosterbarak
Copy link
Contributor

@tronxd had an idea on how to solve a similar issue. @tronxd @nimrodkor let's talk somewhere this week. Maybe I can take this one.

@ngocketit
Copy link

Looks like Checkov doesn't work at all with dynamic bocks, not just the one in this example. Could someone please confirm?

@schosterbarak
Copy link
Contributor

@ngocketit yes, you are correct. the current workaround would be to use checkov plan analysis (See guide here)

I do plan to start working on that feature soon to enable dynamic blocks across the board.

@ArneRiemann4711
Copy link
Author

@ngocketit yes, you are correct. the current workaround would be to use checkov plan analysis (See guide here)

I do plan to start working on that feature soon to enable dynamic blocks across the board.

Thanks, we are using the GitHub action to run Checkov - looks like this is not a workaround for us (;

@ArneRiemann4711
Copy link
Author

Howdy, any updates on this?

@schosterbarak
Copy link
Contributor

Hi @ArneRiemann4711 haven't started yet. I would accept a PR on it. Hope I will have time to get back to it soon.

@ArneRiemann4711
Copy link
Author

Hi @ArneRiemann4711 haven't started yet. I would accept a PR on it. Hope I will have time to get back to it soon.

Would love to contribute, but my python skills are horrible (-;

@schosterbarak
Copy link
Contributor

@ArneRiemann4711 i've just created a PR that does basic support #836

@schosterbarak
Copy link
Contributor

@ArneRiemann4711 do you mind testing checkov latest version and see if it works for you?

@ArneRiemann4711
Copy link
Author

@schosterbarak Works like a charm (tested with Github Action) .. the package on Brew for Mac isn't updated today (-:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schosterbarak schosterbarak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ngocketit @schosterbarak @ArneRiemann4711