From 7d3b1f2472d447229a66f1e06966900313c23693 Mon Sep 17 00:00:00 2001 From: Maliha <62126354+MalihaAmin@users.noreply.github.com> Date: Tue, 29 Oct 2024 15:43:08 +0000 Subject: [PATCH] Update --- run_all_tools.sh | 2 +- tempCodeRunnerFile.sh | 1 + .../aws/best-practices/alb_drop_http_headers/main.tf | 2 +- .../config_aggregator_all_regions/checkov_results.txt | 2 +- .../config_aggregator_all_regions/main.tf | 2 +- .../config_aggregator_all_regions/tfsec_results.txt | 2 +- .../best-practices/deploy_ec2_to_default_vpc/main.tf | 4 ++-- .../deploy_ec2_to_default_vpc/tfsec_results.txt | 2 +- .../security_group_no_description_for_rules/main.tf | 2 +- .../main.tf | 2 +- .../terraform/aws/best-practices/tag_all_items/main.tf | 2 +- .../aws/best-practices/tag_all_items/plan.json | 2 +- .../aws/best-practices/tag_all_items/tfsec_results.txt | 2 +- .../aws/best-practices/using_public_amis/main.tf | 2 +- .../at-rest/cloudtrail_not_encrypted/main.tf | 2 +- .../at-rest/cloudwatch_groups_not_encrypted/main.tf | 2 +- .../cloudwatch_groups_not_encrypted/tfsec_results.txt | 2 +- .../encryption/at-rest/codbuild_using_aws_key/main.tf | 2 +- .../at-rest/dax_cluster_not_encrypted/main.tf | 2 +- .../main.tf | 2 +- .../docdb_cluster_encrypted_without_kms_key/main.tf | 2 +- .../tfsec_results.txt | 4 ++-- .../at-rest/docdb_clusters_non_encrypted/main.tf | 2 +- .../docdb_clusters_non_encrypted/tfsec_results.txt | 6 +++--- .../at-rest/rest_api_cache_non_encrypted/main.tf | 2 +- .../encryption/at-rest/s3_bucket_non_encrypted/main.tf | 2 +- .../at-rest/s3_bucket_non_encrypted/tfsec_results.txt | 6 +++--- .../main.tf | 2 +- .../tfsec_results.txt | 2 +- .../main.tf | 2 +- .../main.tf | 2 +- .../encryption/at-rest/sqs_queue_not_encrypted/main.tf | 2 +- .../at-rest/sqs_queue_not_encrypted/tfsec_results.txt | 2 +- .../at-rest/workgroups_non_encrypted/main.tf | 2 +- .../at-rest/workgroups_non_encrypted/tfsec_results.txt | 6 +++--- .../main.tf | 2 +- .../cloudfront_distribution_not_encrypted/main.tf | 2 +- .../main.tf | 2 +- .../tfsec_results.txt | 2 +- .../main.tf | 2 +- .../tfsec_results.txt | 4 ++-- .../main.tf | 2 +- .../tfsec_results.txt | 10 +++++----- .../cloudrail_results.txt | 4 ++-- .../vpc_has_only_dynamodb_vpce_gw_connection/main.tf | 2 +- .../aws/iam/iam-entities/human_users_defined/main.tf | 2 +- .../iam-entities/iam_user_inline_policy_attach/main.tf | 2 +- .../iam_user_managed_policy_direct_attachment/main.tf | 2 +- .../main.tf | 2 +- .../aws/iam/iam-entities/policy-too-broad/main.tf | 2 +- .../iam/iam-entities/policy_missing_principal/main.tf | 2 +- .../policy_missing_principal/tfsec_results.txt | 2 +- .../public_and_private_ec2_same_role/main.tf | 4 ++-- .../rest_api_without_authorization/main.tf | 2 +- .../cloudwatch_log_destination_insecure_policy/main.tf | 2 +- .../resource-policies/efs_not_secure_policy/main.tf | 2 +- .../efs_not_secure_policy/tfsec_results.txt | 2 +- .../elasticsearch_domain_not_secure_policy/main.tf | 2 +- .../tfsec_results.txt | 10 +++++----- .../checkov_results.txt | 2 +- .../glacier_vault_not_secure_policy/main.tf | 4 ++-- .../glacier_vault_not_secure_policy/tfsec_results.txt | 2 +- .../cloudrail_results.txt | 4 ++-- .../glue_data_catalog_not_secure_policy/main.tf | 2 +- .../kms_key_not_secure_policy/main.tf | 2 +- .../kms_key_not_secure_policy/tfsec_results.txt | 2 +- .../resource-policies/lambda_not_secure_policy/main.tf | 4 ++-- .../lambda_not_secure_policy/tfsec_results.txt | 2 +- .../rest_api_not_secure_policy/main.tf | 2 +- .../main.tf | 2 +- .../tfsec_results.txt | 10 +++++----- .../s3_bucket_acl_public_all_users_canned/main.tf | 2 +- .../tfsec_results.txt | 8 ++++---- .../main.tf | 2 +- .../tfsec_results.txt | 6 +++--- .../main.tf | 2 +- .../tfsec_results.txt | 8 ++++---- .../secrets_manager_not_secure_policy/main.tf | 2 +- .../tfsec_results.txt | 2 +- .../terraform/aws/logging/api_gateway_no_xray/main.tf | 2 +- .../cloudtrail_file_log_validation_disabled/main.tf | 2 +- .../logging/cloudwatch_log_groups_no_retention/main.tf | 2 +- .../tfsec_results.txt | 2 +- .../logging/lambda_without_explicit_log_group/main.tf | 2 +- .../aws/logging/rest_api_no_access_logging/main.tf | 2 +- .../aws/networking/over_exposed_vpc_peering/main.tf | 6 +++--- .../networking/publicly_accessible_neptune_db/main.tf | 6 +++--- .../kics_results.txt | 4 ++-- .../main.tf | 4 ++-- .../cloudrail_results.txt | 6 +++--- .../sqs-vpc-endpoint-without-dns-resolution/main.tf | 2 +- 91 files changed, 133 insertions(+), 132 deletions(-) create mode 100644 tempCodeRunnerFile.sh diff --git a/run_all_tools.sh b/run_all_tools.sh index a59b78aa..5786a8ae 100755 --- a/run_all_tools.sh +++ b/run_all_tools.sh @@ -111,7 +111,7 @@ if [ -z "$AWS_ACCESS_KEY_ID" -a -z "$AWS_DEFAULT_PROFILE" ]; then echo "To run this script, you'll need AWS credentials (for use with terraform plan)." exit 1 fi -export AWS_REGION=us-west-1 +export AWS_REGION=eu-west-1 # Verify Azure access for plan az account list > /dev/null diff --git a/tempCodeRunnerFile.sh b/tempCodeRunnerFile.sh new file mode 100644 index 00000000..36380537 --- /dev/null +++ b/tempCodeRunnerFile.sh @@ -0,0 +1 @@ +AWS_DEFAULT_PROFILE = maliha \ No newline at end of file diff --git a/test-cases/terraform/aws/best-practices/alb_drop_http_headers/main.tf b/test-cases/terraform/aws/best-practices/alb_drop_http_headers/main.tf index c4bfe06d..8ab6baf4 100644 --- a/test-cases/terraform/aws/best-practices/alb_drop_http_headers/main.tf +++ b/test-cases/terraform/aws/best-practices/alb_drop_http_headers/main.tf @@ -2,7 +2,7 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" name = "Ec2RoleShareRule1" - azs = ["us-east-1a", "us-east-1b", "us-east-1c"] + azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] diff --git a/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/checkov_results.txt b/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/checkov_results.txt index c12e31db..1fa635e3 100644 --- a/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/checkov_results.txt +++ b/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/checkov_results.txt @@ -26,7 +26,7 @@ Check: CKV_AWS_121: "Ensure AWS Config is enabled in all regions" 4 | 5 | account_aggregation_source { 6 | account_ids = ["123456789012"] - 7 | regions = ["us-east-2", "us-east-1", "us-west-1", "us-west-2"] + 7 | regions = ["us-east-2", "eu-west-1", "us-west-1", "us-west-2"] 8 | } 9 | } diff --git a/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/main.tf b/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/main.tf index c870f9ff..cdbd9498 100644 --- a/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/main.tf +++ b/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/main.tf @@ -4,6 +4,6 @@ resource "aws_config_configuration_aggregator" "organization" { account_aggregation_source { account_ids = ["123456789012"] - regions = ["us-east-2", "us-east-1", "us-west-1", "us-west-2"] + regions = ["us-east-2", "eu-west-1", "us-west-1", "us-west-2"] } } diff --git a/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/tfsec_results.txt b/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/tfsec_results.txt index 01834d97..133d91a5 100644 --- a/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/tfsec_results.txt +++ b/test-cases/terraform/aws/best-practices/config_aggregator_all_regions/tfsec_results.txt @@ -11,7 +11,7 @@ 4 | 5 | account_aggregation_source { 6 | account_ids = ["123456789012"] - 7 | regions = ["us-east-2", "us-east-1", "us-west-1", "us-west-2"] + 7 | regions = ["us-east-2", "eu-west-1", "us-west-1", "us-west-2"] 8 | } 9 | } 10 | diff --git a/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/main.tf b/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/main.tf index ece1a20e..62dc58e7 100644 --- a/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/main.tf +++ b/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/main.tf @@ -1,12 +1,12 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { test_description = "spin up EC2 in default VPC" test_name = "TestDisallowDefaultVpcRule test - use case 1" cidr_block = "10.10.0.0/16" - region = "us-east-1" + region = "eu-west-1" } resource "aws_default_vpc" "default" { diff --git a/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/tfsec_results.txt b/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/tfsec_results.txt index 97712794..05cdef65 100644 --- a/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/tfsec_results.txt +++ b/test-cases/terraform/aws/best-practices/deploy_ec2_to_default_vpc/tfsec_results.txt @@ -30,7 +30,7 @@ /src/main.tf:12-16 - 9 | region = "us-east-1" + 9 | region = "eu-west-1" 10 | } 11 | 12 | resource "aws_default_vpc" "default" { diff --git a/test-cases/terraform/aws/best-practices/security_group_no_description_for_rules/main.tf b/test-cases/terraform/aws/best-practices/security_group_no_description_for_rules/main.tf index b133a469..3e279d8f 100644 --- a/test-cases/terraform/aws/best-practices/security_group_no_description_for_rules/main.tf +++ b/test-cases/terraform/aws/best-practices/security_group_no_description_for_rules/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/best-practices/security_group_no_description_for_security_group/main.tf b/test-cases/terraform/aws/best-practices/security_group_no_description_for_security_group/main.tf index 0c52fcf8..b74b5c27 100644 --- a/test-cases/terraform/aws/best-practices/security_group_no_description_for_security_group/main.tf +++ b/test-cases/terraform/aws/best-practices/security_group_no_description_for_security_group/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/best-practices/tag_all_items/main.tf b/test-cases/terraform/aws/best-practices/tag_all_items/main.tf index e93c7295..8fbb8c6a 100644 --- a/test-cases/terraform/aws/best-practices/tag_all_items/main.tf +++ b/test-cases/terraform/aws/best-practices/tag_all_items/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_sns_topic" "cloudrail_1" { diff --git a/test-cases/terraform/aws/best-practices/tag_all_items/plan.json b/test-cases/terraform/aws/best-practices/tag_all_items/plan.json index fab198b0..ed488b68 100644 --- a/test-cases/terraform/aws/best-practices/tag_all_items/plan.json +++ b/test-cases/terraform/aws/best-practices/tag_all_items/plan.json @@ -1 +1 @@ -{"format_version":"0.1","terraform_version":"0.15.1-dev","planned_values":{"root_module":{"resources":[{"address":"aws_sns_topic.cloudrail_1","mode":"managed","type":"aws_sns_topic","name":"cloudrail_1","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"application_failure_feedback_role_arn":null,"application_success_feedback_role_arn":null,"application_success_feedback_sample_rate":null,"delivery_policy":null,"display_name":null,"http_failure_feedback_role_arn":null,"http_success_feedback_role_arn":null,"http_success_feedback_sample_rate":null,"kms_master_key_id":null,"lambda_failure_feedback_role_arn":null,"lambda_success_feedback_role_arn":null,"lambda_success_feedback_sample_rate":null,"name":"sns_not_ecnrypted-1","name_prefix":null,"sqs_failure_feedback_role_arn":null,"sqs_success_feedback_role_arn":null,"sqs_success_feedback_sample_rate":null,"tags":{"Name":"Sns Topic Cloudrail Test"}}},{"address":"aws_sqs_queue.cloudrail","mode":"managed","type":"aws_sqs_queue","name":"cloudrail","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"content_based_deduplication":false,"delay_seconds":0,"fifo_queue":false,"kms_master_key_id":null,"max_message_size":262144,"message_retention_seconds":345600,"name":"sqs_non_encrypted","name_prefix":null,"receive_wait_time_seconds":0,"redrive_policy":null,"tags":{"Name":"Sqs Cloudrail Test"},"visibility_timeout_seconds":30}}]}},"resource_changes":[{"address":"aws_sns_topic.cloudrail_1","mode":"managed","type":"aws_sns_topic","name":"cloudrail_1","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"application_failure_feedback_role_arn":null,"application_success_feedback_role_arn":null,"application_success_feedback_sample_rate":null,"delivery_policy":null,"display_name":null,"http_failure_feedback_role_arn":null,"http_success_feedback_role_arn":null,"http_success_feedback_sample_rate":null,"kms_master_key_id":null,"lambda_failure_feedback_role_arn":null,"lambda_success_feedback_role_arn":null,"lambda_success_feedback_sample_rate":null,"name":"sns_not_ecnrypted-1","name_prefix":null,"sqs_failure_feedback_role_arn":null,"sqs_success_feedback_role_arn":null,"sqs_success_feedback_sample_rate":null,"tags":{"Name":"Sns Topic Cloudrail Test"}},"after_unknown":{"arn":true,"id":true,"policy":true,"tags":{}},"before_sensitive":false,"after_sensitive":{"tags":{}}}},{"address":"aws_sqs_queue.cloudrail","mode":"managed","type":"aws_sqs_queue","name":"cloudrail","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"content_based_deduplication":false,"delay_seconds":0,"fifo_queue":false,"kms_master_key_id":null,"max_message_size":262144,"message_retention_seconds":345600,"name":"sqs_non_encrypted","name_prefix":null,"receive_wait_time_seconds":0,"redrive_policy":null,"tags":{"Name":"Sqs Cloudrail Test"},"visibility_timeout_seconds":30},"after_unknown":{"arn":true,"id":true,"kms_data_key_reuse_period_seconds":true,"policy":true,"tags":{}},"before_sensitive":false,"after_sensitive":{"tags":{}}}}],"configuration":{"provider_config":{"aws":{"name":"aws","expressions":{"region":{"constant_value":"us-east-1"}}}},"root_module":{"resources":[{"address":"aws_sns_topic.cloudrail_1","mode":"managed","type":"aws_sns_topic","name":"cloudrail_1","provider_config_key":"aws","expressions":{"name":{"constant_value":"sns_not_ecnrypted-1"},"tags":{"constant_value":{"Name":"Sns Topic Cloudrail Test"}}},"schema_version":0},{"address":"aws_sqs_queue.cloudrail","mode":"managed","type":"aws_sqs_queue","name":"cloudrail","provider_config_key":"aws","expressions":{"name":{"constant_value":"sqs_non_encrypted"},"tags":{"constant_value":{"Name":"Sqs Cloudrail Test"}}},"schema_version":0}]}}} +{"format_version":"0.1","terraform_version":"0.15.1-dev","planned_values":{"root_module":{"resources":[{"address":"aws_sns_topic.cloudrail_1","mode":"managed","type":"aws_sns_topic","name":"cloudrail_1","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"application_failure_feedback_role_arn":null,"application_success_feedback_role_arn":null,"application_success_feedback_sample_rate":null,"delivery_policy":null,"display_name":null,"http_failure_feedback_role_arn":null,"http_success_feedback_role_arn":null,"http_success_feedback_sample_rate":null,"kms_master_key_id":null,"lambda_failure_feedback_role_arn":null,"lambda_success_feedback_role_arn":null,"lambda_success_feedback_sample_rate":null,"name":"sns_not_ecnrypted-1","name_prefix":null,"sqs_failure_feedback_role_arn":null,"sqs_success_feedback_role_arn":null,"sqs_success_feedback_sample_rate":null,"tags":{"Name":"Sns Topic Cloudrail Test"}}},{"address":"aws_sqs_queue.cloudrail","mode":"managed","type":"aws_sqs_queue","name":"cloudrail","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"content_based_deduplication":false,"delay_seconds":0,"fifo_queue":false,"kms_master_key_id":null,"max_message_size":262144,"message_retention_seconds":345600,"name":"sqs_non_encrypted","name_prefix":null,"receive_wait_time_seconds":0,"redrive_policy":null,"tags":{"Name":"Sqs Cloudrail Test"},"visibility_timeout_seconds":30}}]}},"resource_changes":[{"address":"aws_sns_topic.cloudrail_1","mode":"managed","type":"aws_sns_topic","name":"cloudrail_1","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"application_failure_feedback_role_arn":null,"application_success_feedback_role_arn":null,"application_success_feedback_sample_rate":null,"delivery_policy":null,"display_name":null,"http_failure_feedback_role_arn":null,"http_success_feedback_role_arn":null,"http_success_feedback_sample_rate":null,"kms_master_key_id":null,"lambda_failure_feedback_role_arn":null,"lambda_success_feedback_role_arn":null,"lambda_success_feedback_sample_rate":null,"name":"sns_not_ecnrypted-1","name_prefix":null,"sqs_failure_feedback_role_arn":null,"sqs_success_feedback_role_arn":null,"sqs_success_feedback_sample_rate":null,"tags":{"Name":"Sns Topic Cloudrail Test"}},"after_unknown":{"arn":true,"id":true,"policy":true,"tags":{}},"before_sensitive":false,"after_sensitive":{"tags":{}}}},{"address":"aws_sqs_queue.cloudrail","mode":"managed","type":"aws_sqs_queue","name":"cloudrail","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"content_based_deduplication":false,"delay_seconds":0,"fifo_queue":false,"kms_master_key_id":null,"max_message_size":262144,"message_retention_seconds":345600,"name":"sqs_non_encrypted","name_prefix":null,"receive_wait_time_seconds":0,"redrive_policy":null,"tags":{"Name":"Sqs Cloudrail Test"},"visibility_timeout_seconds":30},"after_unknown":{"arn":true,"id":true,"kms_data_key_reuse_period_seconds":true,"policy":true,"tags":{}},"before_sensitive":false,"after_sensitive":{"tags":{}}}}],"configuration":{"provider_config":{"aws":{"name":"aws","expressions":{"region":{"constant_value":"eu-west-1"}}}},"root_module":{"resources":[{"address":"aws_sns_topic.cloudrail_1","mode":"managed","type":"aws_sns_topic","name":"cloudrail_1","provider_config_key":"aws","expressions":{"name":{"constant_value":"sns_not_ecnrypted-1"},"tags":{"constant_value":{"Name":"Sns Topic Cloudrail Test"}}},"schema_version":0},{"address":"aws_sqs_queue.cloudrail","mode":"managed","type":"aws_sqs_queue","name":"cloudrail","provider_config_key":"aws","expressions":{"name":{"constant_value":"sqs_non_encrypted"},"tags":{"constant_value":{"Name":"Sqs Cloudrail Test"}}},"schema_version":0}]}}} diff --git a/test-cases/terraform/aws/best-practices/tag_all_items/tfsec_results.txt b/test-cases/terraform/aws/best-practices/tag_all_items/tfsec_results.txt index 94c72d13..6b6914dc 100644 --- a/test-cases/terraform/aws/best-practices/tag_all_items/tfsec_results.txt +++ b/test-cases/terraform/aws/best-practices/tag_all_items/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-10 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_sns_topic" "cloudrail_1" { diff --git a/test-cases/terraform/aws/best-practices/using_public_amis/main.tf b/test-cases/terraform/aws/best-practices/using_public_amis/main.tf index 7b4ff10b..1a810124 100644 --- a/test-cases/terraform/aws/best-practices/using_public_amis/main.tf +++ b/test-cases/terraform/aws/best-practices/using_public_amis/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/encryption/at-rest/cloudtrail_not_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/cloudtrail_not_encrypted/main.tf index 8b312abd..f54b10f2 100644 --- a/test-cases/terraform/aws/encryption/at-rest/cloudtrail_not_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/cloudtrail_not_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/main.tf index 11d76d78..6e26ee1c 100644 --- a/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_cloudwatch_log_group" "cloudrail-test" { diff --git a/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/tfsec_results.txt index af28a9fa..8eb2859e 100644 --- a/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/cloudwatch_groups_not_encrypted/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_cloudwatch_log_group" "cloudrail-test" { diff --git a/test-cases/terraform/aws/encryption/at-rest/codbuild_using_aws_key/main.tf b/test-cases/terraform/aws/encryption/at-rest/codbuild_using_aws_key/main.tf index e0d54154..be51d04e 100644 --- a/test-cases/terraform/aws/encryption/at-rest/codbuild_using_aws_key/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/codbuild_using_aws_key/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } data "aws_kms_key" "by_alias" { diff --git a/test-cases/terraform/aws/encryption/at-rest/dax_cluster_not_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/dax_cluster_not_encrypted/main.tf index f25c8e84..53c97a13 100644 --- a/test-cases/terraform/aws/encryption/at-rest/dax_cluster_not_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/dax_cluster_not_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } # No policy attached to this role because it is for testing purposes diff --git a/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_at_rest_using_cmk_not_customer_managed/main.tf b/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_at_rest_using_cmk_not_customer_managed/main.tf index 77ce6abe..51094c82 100644 --- a/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_at_rest_using_cmk_not_customer_managed/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_at_rest_using_cmk_not_customer_managed/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } data "aws_kms_key" "test" { diff --git a/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/main.tf b/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/main.tf index 4e742c08..8b5a3a97 100644 --- a/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_docdb_cluster" "test1" { diff --git a/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/tfsec_results.txt index d3157839..4e19db87 100644 --- a/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/docdb_cluster_encrypted_without_kms_key/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-12 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_docdb_cluster" "test1" { @@ -31,7 +31,7 @@ /src/main.tf:5-12 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_docdb_cluster" "test1" { diff --git a/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/main.tf index 95541576..f1a1e329 100644 --- a/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_docdb_cluster" "docdb" { diff --git a/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/tfsec_results.txt index b0242b17..cd1de30a 100644 --- a/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/docdb_clusters_non_encrypted/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-11 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_docdb_cluster" "docdb" { @@ -29,7 +29,7 @@ /src/main.tf:5-11 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_docdb_cluster" "docdb" { @@ -53,7 +53,7 @@ /src/main.tf:5-11 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_docdb_cluster" "docdb" { diff --git a/test-cases/terraform/aws/encryption/at-rest/rest_api_cache_non_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/rest_api_cache_non_encrypted/main.tf index b59ee5a0..8574cf2b 100644 --- a/test-cases/terraform/aws/encryption/at-rest/rest_api_cache_non_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/rest_api_cache_non_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_api_gateway_rest_api" "api_gw" { diff --git a/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/main.tf index ee939192..2e6f1be9 100644 --- a/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_s3_bucket" "cloudrail" { diff --git a/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/tfsec_results.txt index da0cc50a..38a18ba8 100644 --- a/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/s3_bucket_non_encrypted/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "cloudrail" { @@ -31,7 +31,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "cloudrail" { @@ -57,7 +57,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "cloudrail" { diff --git a/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/main.tf b/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/main.tf index 749714b9..2fecc48c 100644 --- a/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_secretsmanager_secret" "test" { diff --git a/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/tfsec_results.txt index 1fba2201..2d84b4ac 100644 --- a/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_default/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_secretsmanager_secret" "test" { diff --git a/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf b/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf index bdfb776e..9b761d98 100644 --- a/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/secretsmanager_secrets_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } data "aws_kms_key" "by_alias" { diff --git a/test-cases/terraform/aws/encryption/at-rest/sns_topic_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf b/test-cases/terraform/aws/encryption/at-rest/sns_topic_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf index a93931c6..153b70dc 100644 --- a/test-cases/terraform/aws/encryption/at-rest/sns_topic_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/sns_topic_encrypted_at_rest_with_aws_managed_key_by_key_arn/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } data "aws_kms_key" "by_alias" { diff --git a/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/main.tf index 5134e28c..954dd872 100644 --- a/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_sqs_queue" "cloudrail" { diff --git a/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/tfsec_results.txt index c6509b2b..8726c242 100644 --- a/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/sqs_queue_not_encrypted/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_sqs_queue" "cloudrail" { diff --git a/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/main.tf b/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/main.tf index d01b6ac4..c839de2c 100644 --- a/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_s3_bucket" "cloudrail_anthena_bucket" { diff --git a/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/tfsec_results.txt b/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/tfsec_results.txt index 38650217..dc309e35 100644 --- a/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/at-rest/workgroups_non_encrypted/tfsec_results.txt @@ -31,7 +31,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "cloudrail_anthena_bucket" { @@ -152,7 +152,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "cloudrail_anthena_bucket" { @@ -204,7 +204,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "cloudrail_anthena_bucket" { diff --git a/test-cases/terraform/aws/encryption/at-rest/workspace_root_volume_not_encrypted_at_rest/main.tf b/test-cases/terraform/aws/encryption/at-rest/workspace_root_volume_not_encrypted_at_rest/main.tf index 5420883f..600d7873 100644 --- a/test-cases/terraform/aws/encryption/at-rest/workspace_root_volume_not_encrypted_at_rest/main.tf +++ b/test-cases/terraform/aws/encryption/at-rest/workspace_root_volume_not_encrypted_at_rest/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/encryption/in-transit/cloudfront_distribution_not_encrypted/main.tf b/test-cases/terraform/aws/encryption/in-transit/cloudfront_distribution_not_encrypted/main.tf index 1de5cbe4..e83f36fc 100644 --- a/test-cases/terraform/aws/encryption/in-transit/cloudfront_distribution_not_encrypted/main.tf +++ b/test-cases/terraform/aws/encryption/in-transit/cloudfront_distribution_not_encrypted/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/main.tf b/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/main.tf index f9d941c3..73686430 100644 --- a/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/main.tf +++ b/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_efs_file_system" "test" { diff --git a/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/tfsec_results.txt b/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/tfsec_results.txt index 92092fdd..b62e92b6 100644 --- a/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/in-transit/ecs_task_definition_not_encrypted_in_transit/tfsec_results.txt @@ -67,7 +67,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_efs_file_system" "test" { diff --git a/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/main.tf b/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/main.tf index f059d5f8..cfc6bc34 100644 --- a/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/main.tf +++ b/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_elasticache_replication_group" "example" { diff --git a/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/tfsec_results.txt b/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/tfsec_results.txt index 13d89ba2..85ad0e4d 100644 --- a/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/in-transit/elasticache_replication_group_not_encrypted_in_transit/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-14 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticache_replication_group" "example" { @@ -35,7 +35,7 @@ /src/main.tf:5-14 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticache_replication_group" "example" { diff --git a/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/main.tf b/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/main.tf index 72a25868..480727db 100644 --- a/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/main.tf +++ b/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_elasticsearch_domain" "example" { diff --git a/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/tfsec_results.txt b/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/tfsec_results.txt index fc88a1ab..949d3663 100644 --- a/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/tfsec_results.txt +++ b/test-cases/terraform/aws/encryption/in-transit/elasticsearch_encrypt_node_to_node_disabled/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "example" { @@ -33,7 +33,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "example" { @@ -61,7 +61,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "example" { @@ -89,7 +89,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "example" { @@ -116,7 +116,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "example" { diff --git a/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/cloudrail_results.txt b/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/cloudrail_results.txt index 3a6a696d..7b5cccb0 100644 --- a/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/cloudrail_results.txt +++ b/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/cloudrail_results.txt @@ -143,7 +143,7 @@ Rule: Ensure VPC Endpoint for EC2 is enabled in all VPCs in use Violating Resource: [aws_vpc.main] (main.tf:5) Evidence: - | The service EC2 is in use in region us-east-1, but VPC aws_vpc.main + | The service EC2 is in use in region eu-west-1, but VPC aws_vpc.main | is not configured to use a VPC Endpoint for EC2 @@ -167,7 +167,7 @@ Rule: Ensure VPC Endpoint for DynamoDB is enabled in all VPCs Evidence: The VPC - | aws_vpc.main in region us-east-1 is in use but not leveraging DYNAMODB Endpoint Gateway + | aws_vpc.main in region eu-west-1 is in use but not leveraging DYNAMODB Endpoint Gateway ----------------------------------------------- diff --git a/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/main.tf b/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/main.tf index a9ebb7bb..a211fc22 100644 --- a/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/main.tf +++ b/test-cases/terraform/aws/encryption/in-transit/vpc_has_only_dynamodb_vpce_gw_connection/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_vpc" "main" { diff --git a/test-cases/terraform/aws/iam/iam-entities/human_users_defined/main.tf b/test-cases/terraform/aws/iam/iam-entities/human_users_defined/main.tf index 13219c7c..bb3c9315 100644 --- a/test-cases/terraform/aws/iam/iam-entities/human_users_defined/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/human_users_defined/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_iam_user" "iam_user_1" { diff --git a/test-cases/terraform/aws/iam/iam-entities/iam_user_inline_policy_attach/main.tf b/test-cases/terraform/aws/iam/iam-entities/iam_user_inline_policy_attach/main.tf index ec58d8e9..1e840608 100644 --- a/test-cases/terraform/aws/iam/iam-entities/iam_user_inline_policy_attach/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/iam_user_inline_policy_attach/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_iam_user" "user-1" { diff --git a/test-cases/terraform/aws/iam/iam-entities/iam_user_managed_policy_direct_attachment/main.tf b/test-cases/terraform/aws/iam/iam-entities/iam_user_managed_policy_direct_attachment/main.tf index f5c821c7..f976307a 100644 --- a/test-cases/terraform/aws/iam/iam-entities/iam_user_managed_policy_direct_attachment/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/iam_user_managed_policy_direct_attachment/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_iam_user" "user-1" { diff --git a/test-cases/terraform/aws/iam/iam-entities/passrole_and_lambda_permissions_cause_priv_escalation/main.tf b/test-cases/terraform/aws/iam/iam-entities/passrole_and_lambda_permissions_cause_priv_escalation/main.tf index c8c01033..782b7bb7 100644 --- a/test-cases/terraform/aws/iam/iam-entities/passrole_and_lambda_permissions_cause_priv_escalation/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/passrole_and_lambda_permissions_cause_priv_escalation/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_iam_role" "role" { diff --git a/test-cases/terraform/aws/iam/iam-entities/policy-too-broad/main.tf b/test-cases/terraform/aws/iam/iam-entities/policy-too-broad/main.tf index 214b6547..702b6428 100644 --- a/test-cases/terraform/aws/iam/iam-entities/policy-too-broad/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/policy-too-broad/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_iam_role" "role" { diff --git a/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/main.tf b/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/main.tf index 5e8566eb..2324e6b4 100644 --- a/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_kms_key" "secure_policy" { diff --git a/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/tfsec_results.txt b/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/tfsec_results.txt index 0f6aa843..8a48a311 100644 --- a/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/iam-entities/policy_missing_principal/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-37 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_kms_key" "secure_policy" { diff --git a/test-cases/terraform/aws/iam/iam-entities/public_and_private_ec2_same_role/main.tf b/test-cases/terraform/aws/iam/iam-entities/public_and_private_ec2_same_role/main.tf index e68c45a6..b7b48bda 100644 --- a/test-cases/terraform/aws/iam/iam-entities/public_and_private_ec2_same_role/main.tf +++ b/test-cases/terraform/aws/iam/iam-entities/public_and_private_ec2_same_role/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { @@ -11,7 +11,7 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" name = "Ec2RoleShareRule1" - azs = ["us-east-1a", "us-east-1b", "us-east-1c"] + azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] diff --git a/test-cases/terraform/aws/iam/resource-authentication/rest_api_without_authorization/main.tf b/test-cases/terraform/aws/iam/resource-authentication/rest_api_without_authorization/main.tf index b59ee5a0..8574cf2b 100644 --- a/test-cases/terraform/aws/iam/resource-authentication/rest_api_without_authorization/main.tf +++ b/test-cases/terraform/aws/iam/resource-authentication/rest_api_without_authorization/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_api_gateway_rest_api" "api_gw" { diff --git a/test-cases/terraform/aws/iam/resource-policies/cloudwatch_log_destination_insecure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/cloudwatch_log_destination_insecure_policy/main.tf index e4c19767..8a760f1a 100644 --- a/test-cases/terraform/aws/iam/resource-policies/cloudwatch_log_destination_insecure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/cloudwatch_log_destination_insecure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } data "aws_region" "current" {} diff --git a/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/main.tf index b871a156..400c5d15 100644 --- a/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_efs_file_system" "not_secure" { diff --git a/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/tfsec_results.txt index ad1b9dc6..53024c74 100644 --- a/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/efs_not_secure_policy/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-11 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_efs_file_system" "not_secure" { diff --git a/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/main.tf index c6665fbb..5a74c124 100644 --- a/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_elasticsearch_domain" "es-not-secure-policy" { diff --git a/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/tfsec_results.txt index 39e1acc5..f3993cdc 100644 --- a/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/elasticsearch_domain_not_secure_policy/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "es-not-secure-policy" { @@ -36,7 +36,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "es-not-secure-policy" { @@ -67,7 +67,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "es-not-secure-policy" { @@ -97,7 +97,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "es-not-secure-policy" { @@ -128,7 +128,7 @@ /src/main.tf:5-13 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_elasticsearch_domain" "es-not-secure-policy" { diff --git a/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/checkov_results.txt b/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/checkov_results.txt index ece5d6ca..7cc28ab8 100644 --- a/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/checkov_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/checkov_results.txt @@ -49,7 +49,7 @@ Check: CKV_AWS_167: "Ensure Glacier Vault access policy is not public by only al 25 | "Action": [ 26 | "glacier:*" 27 | ], - 28 | "Resource": "arn:aws:glacier:us-east-1:115553109071:vaults/not_secure_archive" + 28 | "Resource": "arn:aws:glacier:eu-west-1:115553109071:vaults/not_secure_archive" 29 | } 30 | ] 31 | } diff --git a/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/main.tf index 2c99a469..69646849 100644 --- a/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_sns_topic" "aws_sns_topic" { @@ -25,7 +25,7 @@ resource "aws_glacier_vault" "not_secure_archive" { "Action": [ "glacier:*" ], - "Resource": "arn:aws:glacier:us-east-1:115553109071:vaults/not_secure_archive" + "Resource": "arn:aws:glacier:eu-west-1:115553109071:vaults/not_secure_archive" } ] } diff --git a/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/tfsec_results.txt index 6a6653d7..b9433865 100644 --- a/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/glacier_vault_not_secure_policy/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_sns_topic" "aws_sns_topic" { diff --git a/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/cloudrail_results.txt b/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/cloudrail_results.txt index 94a999db..44e1882c 100644 --- a/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/cloudrail_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/cloudrail_results.txt @@ -67,14 +67,14 @@ Rule: Ensure use of Glue data catalog policy, and no action wildcards are being Violating Resource: [aws_glue_resource_policy.example] (main.tf:67) Evidence: - | The Glue Data Catalog resource policy in region us-east-1 is using wildcard action glue:*, and principal AWS: *, without any condition + | The Glue Data Catalog resource policy in region eu-west-1 is using wildcard action glue:*, and principal AWS: *, without any condition - Exposed Resource: [aws_glue_catalog_table.cloudrail_table] (main.tf:9) Violating Resource: [aws_glue_resource_policy.example] (main.tf:67) Evidence: - | The Glue Data Catalog resource policy in region us-east-1 is using wildcard action glue:*, and principal AWS: *, without any condition + | The Glue Data Catalog resource policy in region eu-west-1 is using wildcard action glue:*, and principal AWS: *, without any condition ----------------------------------------------- diff --git a/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/main.tf index 64132f3f..9e970838 100644 --- a/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/glue_data_catalog_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_glue_catalog_database" "cloudrail_table_database" { diff --git a/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/main.tf index 6db05f7d..093cd157 100644 --- a/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_kms_key" "not_secure_policy" { diff --git a/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/tfsec_results.txt index 97f2083e..6e5b31fa 100644 --- a/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/kms_key_not_secure_policy/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-25 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_kms_key" "not_secure_policy" { diff --git a/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/main.tf index e93e03ac..2f750620 100644 --- a/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_lambda_function" "my-lambda" { @@ -35,7 +35,7 @@ resource "aws_lambda_permission" "all" { action = "lambda:*" function_name = aws_lambda_function.my-lambda.function_name principal = "s3.amazonaws.com" - source_arn = "arn:aws:s3:::delete-me-us-east-1-permissions-tests" + source_arn = "arn:aws:s3:::delete-me-eu-west-1-permissions-tests" source_account = "111111111111" qualifier = aws_lambda_alias.my-lambda-alias.name } diff --git a/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/tfsec_results.txt index cbd232c0..813a0a6f 100644 --- a/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/lambda_not_secure_policy/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-11 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_lambda_function" "my-lambda" { diff --git a/test-cases/terraform/aws/iam/resource-policies/rest_api_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/rest_api_not_secure_policy/main.tf index b15c7e34..73d4233b 100644 --- a/test-cases/terraform/aws/iam/resource-policies/rest_api_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/rest_api_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_api_gateway_rest_api" "api_gw" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/main.tf b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/main.tf index 88cba056..ea291d11 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/tfsec_results.txt index fa83e2e9..fd91d8ef 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_authenticated_users_canned/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -30,7 +30,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -55,7 +55,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -80,7 +80,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -105,7 +105,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/main.tf b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/main.tf index 2eb939f1..d93f9501 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/tfsec_results.txt index 92979e77..c2adf0b8 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -29,7 +29,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -53,7 +53,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -99,7 +99,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/main.tf b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/main.tf index 7ed68ce6..31e0c457 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/tfsec_results.txt index ca0194d7..71767a73 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_acl_public_all_users_canned_with_overriding_access_block/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -31,7 +31,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -57,7 +57,7 @@ /src/main.tf:5-8 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/main.tf b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/main.tf index b32df903..602993ca 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/tfsec_results.txt index 94c50ebf..5b7598ca 100644 --- a/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/s3_bucket_policy_public_to_all_authenticated_users/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -30,7 +30,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -55,7 +55,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { @@ -80,7 +80,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_s3_bucket" "public-bucket" { diff --git a/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/main.tf b/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/main.tf index f0bc2e14..d5c0608b 100644 --- a/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/main.tf +++ b/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_secretsmanager_secret" "not_secure_policy" { diff --git a/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/tfsec_results.txt b/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/tfsec_results.txt index 49a17712..81667038 100644 --- a/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/tfsec_results.txt +++ b/test-cases/terraform/aws/iam/resource-policies/secrets_manager_not_secure_policy/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-7 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_secretsmanager_secret" "not_secure_policy" { diff --git a/test-cases/terraform/aws/logging/api_gateway_no_xray/main.tf b/test-cases/terraform/aws/logging/api_gateway_no_xray/main.tf index b59ee5a0..8574cf2b 100644 --- a/test-cases/terraform/aws/logging/api_gateway_no_xray/main.tf +++ b/test-cases/terraform/aws/logging/api_gateway_no_xray/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_api_gateway_rest_api" "api_gw" { diff --git a/test-cases/terraform/aws/logging/cloudtrail_file_log_validation_disabled/main.tf b/test-cases/terraform/aws/logging/cloudtrail_file_log_validation_disabled/main.tf index 8b312abd..f54b10f2 100644 --- a/test-cases/terraform/aws/logging/cloudtrail_file_log_validation_disabled/main.tf +++ b/test-cases/terraform/aws/logging/cloudtrail_file_log_validation_disabled/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/main.tf b/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/main.tf index 2abc44e4..bb76dfbd 100644 --- a/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/main.tf +++ b/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_cloudwatch_log_group" "yada" { diff --git a/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/tfsec_results.txt b/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/tfsec_results.txt index 6b0e592d..d713ed6f 100644 --- a/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/tfsec_results.txt +++ b/test-cases/terraform/aws/logging/cloudwatch_log_groups_no_retention/tfsec_results.txt @@ -5,7 +5,7 @@ /src/main.tf:5-12 - 2 | region = "us-east-1" + 2 | region = "eu-west-1" 3 | } 4 | 5 | resource "aws_cloudwatch_log_group" "yada" { diff --git a/test-cases/terraform/aws/logging/lambda_without_explicit_log_group/main.tf b/test-cases/terraform/aws/logging/lambda_without_explicit_log_group/main.tf index 54f07fa5..55fb6c61 100644 --- a/test-cases/terraform/aws/logging/lambda_without_explicit_log_group/main.tf +++ b/test-cases/terraform/aws/logging/lambda_without_explicit_log_group/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { diff --git a/test-cases/terraform/aws/logging/rest_api_no_access_logging/main.tf b/test-cases/terraform/aws/logging/rest_api_no_access_logging/main.tf index b59ee5a0..8574cf2b 100644 --- a/test-cases/terraform/aws/logging/rest_api_no_access_logging/main.tf +++ b/test-cases/terraform/aws/logging/rest_api_no_access_logging/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_api_gateway_rest_api" "api_gw" { diff --git a/test-cases/terraform/aws/networking/over_exposed_vpc_peering/main.tf b/test-cases/terraform/aws/networking/over_exposed_vpc_peering/main.tf index 073fd411..51f6e2d7 100644 --- a/test-cases/terraform/aws/networking/over_exposed_vpc_peering/main.tf +++ b/test-cases/terraform/aws/networking/over_exposed_vpc_peering/main.tf @@ -1,14 +1,14 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } provider "aws" { - region = "us-east-1" + region = "eu-west-1" alias = "this" } provider "aws" { - region = "us-east-1" + region = "eu-west-1" alias = "peer" } diff --git a/test-cases/terraform/aws/networking/publicly_accessible_neptune_db/main.tf b/test-cases/terraform/aws/networking/publicly_accessible_neptune_db/main.tf index 3310d5cb..259f2d7a 100644 --- a/test-cases/terraform/aws/networking/publicly_accessible_neptune_db/main.tf +++ b/test-cases/terraform/aws/networking/publicly_accessible_neptune_db/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } resource "aws_vpc" "external" { @@ -47,13 +47,13 @@ resource "aws_route_table_association" "rt2" { resource "aws_subnet" "free_1" { vpc_id = aws_vpc.external.id cidr_block = "10.1.1.128/25" - availability_zone = "us-east-1a" + availability_zone = "eu-west-1a" } resource "aws_subnet" "free_2" { vpc_id = aws_vpc.external.id cidr_block = "10.1.1.0/25" - availability_zone = "us-east-1b" + availability_zone = "eu-west-1b" } resource "aws_db_subnet_group" free { diff --git a/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/kics_results.txt b/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/kics_results.txt index 01674e8c..a6dbaba5 100644 --- a/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/kics_results.txt +++ b/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/kics_results.txt @@ -19,7 +19,7 @@ xkkk: ,kkkkx okkkl ;xKXKx; ;dOKKkc Scanning with Keeping Infrastructure as Code Secure v1.3.2 - + Files scanned: 1 Parsed files: 1 Queries loaded: 575 @@ -150,7 +150,7 @@ Platform: Terraform 030: resource "aws_vpc_endpoint" "dynamodb-vpce-gw" { 031: vpc_id = aws_vpc.main.id - 032: service_name = "com.amazonaws.us-east-1.dynamodb" + 032: service_name = "com.amazonaws.eu-west-1.dynamodb" DynamoDB Table Not Encrypted, Severity: MEDIUM, Results: 1 diff --git a/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/main.tf b/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/main.tf index c6bf515c..5c6914f1 100644 --- a/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/main.tf +++ b/test-cases/terraform/aws/networking/vpc-endpoints/dynamodb-vpce-exist-without-routeassociation/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "eu-west-1" } locals { @@ -29,7 +29,7 @@ resource "aws_route_table" "private-rtb" { resource "aws_vpc_endpoint" "dynamodb-vpce-gw" { vpc_id = aws_vpc.main.id - service_name = "com.amazonaws.us-east-1.dynamodb" + service_name = "com.amazonaws.eu-west-1.dynamodb" } resource "aws_network_acl" "allow-public-outbound-nacl" { diff --git a/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/cloudrail_results.txt b/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/cloudrail_results.txt index 41444e8d..318fb5bc 100644 --- a/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/cloudrail_results.txt +++ b/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/cloudrail_results.txt @@ -93,7 +93,7 @@ Rule: Ensure VPC Endpoint for EC2 is enabled in all VPCs in use Violating Resource: [aws_vpc.main] (main.tf:12) Evidence: - | The service EC2 is in use in region us-east-1, but VPC aws_vpc.main + | The service EC2 is in use in region eu-west-1, but VPC aws_vpc.main | is not configured to use a VPC Endpoint for EC2 @@ -105,7 +105,7 @@ Rule: Ensure VPC Endpoint for SQS is enabled in all Availability Zones in use a Violating Resource: [aws_vpc.main] (main.tf:12) Evidence: - | The service SQS is in use in region us-east-1 + | The service SQS is in use in region eu-west-1 | which contains a VPC aws_vpc.main.id | and the following subnets ['aws_subnet.public-subnet.id'] | in availability zones {'aws_subnet.public-subnet.availability_zone'} @@ -120,7 +120,7 @@ Rule: Ensure VPC Endpoint for SQS is enabled in all VPCs in use Violating Resource: [aws_vpc.main] (main.tf:12) Evidence: - | The service SQS is in use in region us-east-1, but VPC aws_vpc.main + | The service SQS is in use in region eu-west-1, but VPC aws_vpc.main | is not configured to use a VPC Endpoint for SQS diff --git a/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/main.tf b/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/main.tf index 94065ba8..f3263dc5 100644 --- a/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/main.tf +++ b/test-cases/terraform/aws/networking/vpc-endpoints/sqs-vpc-endpoint-without-dns-resolution/main.tf @@ -1,5 +1,5 @@ locals { - region = "us-east-1" + region = "eu-west-1" cidr_block = "172.16.0.0/16" public_subnet_cidr_block = "172.16.100.0/24" quad_zero_cidr_block = "0.0.0.0/0"