Update TFLint plugin terraform-linters/tflint-ruleset-aws to v0.37.0 #211
Annotations
11 warnings
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
Run KICS:
cloudfront.tf#L22
All AWS CloudFront distributions should be integrated with the Web Application Firewall (AWS WAF) service
|
Run KICS:
s3.tf#L10
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
Run KICS:
cloudfront.tf#L5
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
Run KICS:
acm.tf#L5
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
Run KICS:
cloudfront.tf#L22
AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing, and Amazon CloudFront Distribution to protect these resources against robust DDoS attacks
|
Run KICS:
.github/workflows/terraform_checks.yml#L62
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Run KICS:
.github/workflows/terraform-docs.yml#L21
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Run KICS:
.github/workflows/terraform_checks.yml#L22
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Run KICS:
.github/workflows/terraform_checks.yml#L97
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Run KICS:
.github/workflows/terraform_checks.yml#L81
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Loading