fix checkov finding

aws-samples · Jul 17, 2024 · 99ca314 · 99ca314
1 parent 0b466b7
commit 99ca314
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf b/aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf
@@ -59,6 +59,7 @@ data "aws_iam_policy_document" "sra_guardduty_org_policy_cloudformation" {
 }
 
 data "aws_iam_policy_document" "sra_guardduty_org_policy_acct" {
+  #checkov:skip=CKV_AWS_356: Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions
   statement {
     sid       = "AcctListRegions"
     effect    = "Allow"
@@ -485,4 +486,4 @@ resource "aws_sns_topic_subscription" "guardduty_dlq_alarm_subscription" {
   topic_arn = aws_sns_topic.guardduty_dlq_alarm_topic[0].arn
   protocol  = "email"
   endpoint  = var.sra_alarm_email
-}
+}