question: Is there a Rule ID fo aws-iam-set-max-password-age #1483
-
|
Is there any rule for aws-iam-set-max-password-age that can be added to tfsec exclusions? Reason is that, this is failing from our validations even though we already have the parameter added The value is being passed using an ansible role so there's no default value for this on variables.tf |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
|
Hey @peraltadavidtrvlx - tfsec can only work with the information it has. If it doesn't have a default or the You have a number of tfsec based options
resource "aws_iam_account_password_policy" "name_here" {
...
max_password_age = var.max_password_age #tfsec:ignore:aws-iam-set-max-password-age
...
}
|
Beta Was this translation helpful? Give feedback.
-
|
Hi, we're leaning towards option number 2 but there's no rule ID for |
Beta Was this translation helpful? Give feedback.
-
|
the rule id is |
Beta Was this translation helpful? Give feedback.
-
|
oh okay. so should we use that now instead of AWS** IDs? |
Beta Was this translation helpful? Give feedback.
-
|
👍 That's right - we switched the ID format so they're a bit easier to interpret at a glance, without needing to look up the meaning of |
Beta Was this translation helpful? Give feedback.
-
|
Awesome. Thank you |
Beta Was this translation helpful? Give feedback.
Hey @peraltadavidtrvlx - tfsec can only work with the information it has. If it doesn't have a default or the
tfvarsfile with the used values it can only deduce there is no value.You have a number of tfsec based options
https://aquasecurity.github.io/tfsec/v1.0.8/getting-started/configuration/config/