Comments (2)
eerkunt
commented on May 24, 2024
1
Hi!
It might be problematic since "public facing" is something hard to decide. So you need to be careful while setting up this rule, since you might have some "public facing" AWS Resources ( like ELB/ALB/NLB ) and "vpc internal" ones. So checking for all security groups and checking for no "ingress" port would be a problem. Since internal ones will have and they need to pass.
Thus, first you need to identify which security group/aws resource will be public.
I need to check a bit deeper, we might create a BDD test where ;
- Among all the (for e.g.) ELBs, find the ones with Public IP
- Find the Security Groups are used. - not sure about this capability right now, since there is a resource mounting but not sure if it is working for SG -> Resource. Need to check.
- Within that SG, check if there is any
Ingressrules defined.
This might require some changes within terraform-compliance like in resource mounting and some enhancements might require to be implemented ( like storing a resource with a custom name that can be used by other tests/scenarios within the same Feature ).
from cli.
eerkunt
commented on May 24, 2024
There is a workaround introduced with #73, state storing defined in #69 will be in next releases.
from cli.
Related Issues (20)
- cleanup tmp HOT 3
- --coverage flag with docker HOT 1
- FATAL ERROR: Unsupported terraform version (1.4.0). HOT 4
- Support for Terraform 1.4.* HOT 2
- Add support for testing the terraform block HOT 1
- tagging feature - false positive for aws_lambda_function's "environment" argument HOT 2
- Terregarrunt support
- Applying test cases to only resources from specific provider HOT 1
- Support for Terraform 1.5.* HOT 8
- Can not find aws_msk_cluster defined in target terraform plan
- Question: Using Terraform Compliance in CircleCI with Terraform and Python Orbs HOT 4
- Add support for Terraform Version 1.6.0 HOT 4
- Is `or` logic supported at all? HOT 1
- STDERR isn't being used, log level cannot be changed.
- THEN's condition matches for child properties in absence of a property at expected level. Is this expected? HOT 1
- 'AttributeError: 'str' object has no attribute 'append'' HOT 2
- "AttributeError: 'dict' object has no attribute 'startswith'" when using resources defining their own "references" blocks
- FATAL ERROR: Unsupported terraform version (1.7.0)
- Get rid of "/root/.cache" directory
- When condition on resource which has its own type property fails HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.