Skip to content

Gomboc Fix for #26 - tf-test #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Gomboc Fix for #26 - tf-test #27

wants to merge 2 commits into from

Conversation

@gomboc-community-dev
Copy link

@gomboc-community-dev gomboc-community-dev bot commented Jul 1, 2025

This fix was produced in response to #26 on the following target:

Repository Branch Directory
pepegc/rattleback pepegc-patch-18 tf-test
Rules with observations 10
Affected resources 4
Resource types 4
Code fixes 7
Files modified 1
Recommendation Resources Observations
API Key Authentication 1 1
Client Authentication via IAM SigV4 1 1
Encryption At-Rest with Provider Managed Key 2 2
Encryption At-Rest with Bespoke Service Implementation 1 1
Encryption At-Rest with Customer Managed Key (CMK) 1 1
Deletion Protection 1 1
Request Tracing 2 2
On-Demand Capacity 1 1
Provisioned Capacity 1 1
Resource Tags 1 1

These recommendations come from the following benchmarks

Benchmark
Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
CIS Critical Security Controls v8.1

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf

resource "aws_dynamodb_table" "test_table_a" {

deletion_protection_enabled = true
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.9 Recommended applying Deletion Protection:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1
Leave feedback
Please post on our discussions channel. You can provide the following reference: d464e376604756a617e8baccc5cc483f0de93c9d80f2d39c7ee5e0a0d2572966

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf
resource "aws_dynamodb_table" "test_table_a" {

deletion_protection_enabled = true
billing_mode = "PAY_PER_REQUEST"
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.10 Recommended applying On-Demand Capacity:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
Leave feedback
Please post on our discussions channel. You can provide the following reference: 2611ff7b5b3eae44bcc9796c834cd2d2c7935c9e97dd43e531cea620e981feb1

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf

deletion_protection_enabled = true
billing_mode = "PAY_PER_REQUEST"
tags = "null"
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.11 Recommended applying Resource Tags:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1
Leave feedback
Please post on our discussions channel. You can provide the following reference: 411f3e36ed53e52f7e3cbaf9072767d6262fc37d250785221664e8503f0fb156

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf
billing_mode = "PAY_PER_REQUEST"
tags = "null"
server_side_encryption {
enabled = false
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.13 Recommended applying Encryption At-Rest with Bespoke Service Implementation:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
Leave feedback
Please post on our discussions channel. You can provide the following reference: b0f7e9f4458edaed4cd2552dd0d3c1f1f2afaf3a233e43f01c1c0ba789462c97

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf

resource "aws_lambda_function" "myfunction" {
tracing_config {
mode = "Active"
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.19 Recommended applying Request Tracing:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1
Leave feedback
Please post on our discussions channel. You can provide the following reference: 62765aecbde07930d8afdc5696a332e40096397147c55134f82a87707ef492b7

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf

resource "aws_appsync_graphql_api" "test_api" {
authentication_type = "API_KEY"
xray_enabled = true
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.25 Recommended applying Request Tracing:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1
Leave feedback
Please post on our discussions channel. You can provide the following reference: af879331249c525901eab405f59e69d22c6054f0f9210c45442068029cac615e

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
tf-test/main.tf
resource "aws_keyspaces_table" "mykeyspacestable" {
}
encryption_specification {
type = "AWS_OWNED_KMS_KEY"
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.30 Recommended applying Encryption At-Rest with Provider Managed Key:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
Leave feedback
Please post on our discussions channel. You can provide the following reference: 836e766e32572c9b826b7b6eb5f08575aaa011e2acd90073135728da07e46486

gomboc-community-dev[bot]
gomboc-community-dev bot commented Jul 1, 2025
View reviewed changes
Copy link
Author

@gomboc-community-dev gomboc-community-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I scanned the tf-test directory in search of Terraform misconfigurations. No issues found!

@pepegc pepegc closed this Jul 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pepegc