Terraform hotfix
Before fix error =>
tflint
1 issue(s) found:
Warning: Module source "git::https://github.com/udjin10/yandex_compute_instance.git?ref=main" uses a default branch as ref (main) (terraform_module_pinned_source)
on main.tf line 43:
43: source = "git::https://github.com/udjin10/yandex_compute_instance.git?ref=main"checkov
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 2.3.340
terraform scan results:
Passed checks: 9, Failed checks: 1, Skipped checks: 0
Check: CKV_YC_1: "Ensure security group is assigned to database cluster."
PASSED for resource: module.mysql.yandex_mdb_mysql_cluster.mysql
File: /modules/mysql/main.tf:2-30
Calling File: /main.tf:1-17
Check: CKV_YC_12: "Ensure public IP is not assigned to database cluster."
PASSED for resource: module.mysql.yandex_mdb_mysql_cluster.mysql
File: /modules/mysql/main.tf:2-30
Calling File: /main.tf:1-17
Check: CKV_YC_19: "Ensure security group does not contain allow-all rules."
PASSED for resource: module.mysql.yandex_vpc_security_group.mysql-sg
File: /modules/mysql/sg.tf:1-11
Calling File: /main.tf:1-17
Check: CKV_YC_23: "Ensure folder member does not have elevated access."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.sa-roles
File: /modules/s3-state/iam.tf:7-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_24: "Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.sa-roles
File: /modules/s3-state/iam.tf:7-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_9: "Ensure KMS symmetric key is rotated."
PASSED for resource: module.s3-state.yandex_kms_symmetric_key.key-a
File: /modules/s3-state/main.tf:1-6
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_23: "Ensure folder member does not have elevated access."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.admin
File: /modules/s3-state/main.tf:8-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_24: "Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.admin
File: /modules/s3-state/main.tf:8-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_3: "Ensure storage bucket is encrypted."
PASSED for resource: module.s3-state.yandex_storage_bucket.tfstate
File: /modules/s3-state/main.tf:14-37
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
FAILED for resource: test-vm
File: /main.tf:42-62
42 | module "test-vm" {
43 | source = "git::https://github.com/udjin10/yandex_compute_instance.git?ref=main"
44 | env_name = var.env_name
45 | network_id = module.vpc.vpc_id
46 | subnet_zones = module.vpc.subnet_zone
47 | subnet_ids = module.vpc.subnet_id
48 | instance_name = var.vm_web_name
49 | instance_count = 0
50 | image_family = var.image_family
51 | platform = var.platform_id
52 | public_ip = true
53 | labels = var.labels
54 | preemptible = true
55 | boot_disk_type = var.boot_disk_type
56 |
57 | metadata = {
58 | user-data = data.template_file.cloudinit.rendered
59 | serial-port-enable = 1
60 | }
61 |
62 | }After fix error =>
chekov
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 2.3.340
terraform scan results:
Passed checks: 10, Failed checks: 0, Skipped checks: 0
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
PASSED for resource: test-vm
File: /main.tf:42-62
Check: CKV_YC_1: "Ensure security group is assigned to database cluster."
PASSED for resource: module.mysql.yandex_mdb_mysql_cluster.mysql
File: /modules/mysql/main.tf:2-30
Calling File: /main.tf:1-17
Check: CKV_YC_12: "Ensure public IP is not assigned to database cluster."
PASSED for resource: module.mysql.yandex_mdb_mysql_cluster.mysql
File: /modules/mysql/main.tf:2-30
Calling File: /main.tf:1-17
Check: CKV_YC_19: "Ensure security group does not contain allow-all rules."
PASSED for resource: module.mysql.yandex_vpc_security_group.mysql-sg
File: /modules/mysql/sg.tf:1-11
Calling File: /main.tf:1-17
Check: CKV_YC_23: "Ensure folder member does not have elevated access."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.sa-roles
File: /modules/s3-state/iam.tf:7-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_24: "Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.sa-roles
File: /modules/s3-state/iam.tf:7-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_9: "Ensure KMS symmetric key is rotated."
PASSED for resource: module.s3-state.yandex_kms_symmetric_key.key-a
File: /modules/s3-state/main.tf:1-6
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_23: "Ensure folder member does not have elevated access."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.key-a
File: /modules/s3-state/main.tf:8-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_24: "Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible."
PASSED for resource: module.s3-state.yandex_resourcemanager_folder_iam_member.key-a
File: /modules/s3-state/main.tf:8-12
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19
Check: CKV_YC_3: "Ensure storage bucket is encrypted."
PASSED for resource: module.s3-state.yandex_storage_bucket.tfstate
File: /modules/s3-state/main.tf:14-37
Calling File: /live/global/s3-tfstate-yandex/main.tf:1-19Terraform plan
terraform plan
data.template_file.cloudinit: Reading...
data.template_file.cloudinit: Read complete after 0s [id=57866bd82fcb33507cf609b28db767bb1739887d746848f48488d8a7002e7682]
module.test-vm.data.yandex_compute_image.my_image: Reading...
module.vpc.yandex_vpc_network.develop[0]: Refreshing state... [id=enppm0uh4ghnini4bveg]
module.test-vm.data.yandex_compute_image.my_image: Read complete after 0s [id=fd81mpc969gbg44vndkv]
module.vpc.yandex_vpc_subnet.develop["ru-central1-a"]: Refreshing state... [id=e9b72ehcehvp8haguhsk]
module.vpc.yandex_vpc_subnet.develop["ru-central1-c"]: Refreshing state... [id=b0cphj4hcvcgb49dnq8v]
module.mysql.yandex_vpc_security_group.mysql-sg: Refreshing state... [id=enpcposhe6dta7k75arr]
module.vpc.yandex_vpc_subnet.develop["ru-central1-b"]: Refreshing state... [id=e2l159oh7b7rufvkah3t]
module.mysql.yandex_mdb_mysql_cluster.mysql: Refreshing state... [id=c9qpson17l47bm4uf7ps]
vault_generic_secret.terra_secret: Refreshing state... [id=secret/terra]
data.vault_generic_secret.vault_pass: Reading...
data.vault_generic_secret.vault_pass: Read complete after 0s [id=secret/pass_db_mysql]
module.mysql-conf.yandex_mdb_mysql_database.base: Refreshing state... [id=c9qpson17l47bm4uf7ps:db-one]
module.mysql-conf.yandex_mdb_mysql_user.user: Refreshing state... [id=c9qpson17l47bm4uf7ps:infernofeniks]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.