Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Regression in FG_R00054 #393

Open
Octogonapus opened this issue Feb 10, 2023 · 0 comments
Open

[BUG] Regression in FG_R00054 #393

Octogonapus opened this issue Feb 10, 2023 · 0 comments

Comments

@Octogonapus
Copy link

Describe the bug
Regula v3.0.0 checks FG_R00054 incorrectly, reporting that VPC flow logs are not enabled when they actually are.

How you're running Regula

  • I'm using Regula v3.0.0 as a CLI tool and my Terraform source code as an input:
regula run .

Operating System
6.0.18-200.fc36.x86_64

Steps to reproduce

With Regula v3.0.0:

regula run .

FG_R00054: VPC flow logging should be enabled [Medium]
           https://docs.fugue.co/FG_R00054.html

  [1]: module.vpc.aws_vpc.this[0]
       in .terraform/modules/vpc/main.tf

FG_R00068: CloudWatch log groups should be encrypted with customer managed KMS keys [Medium]
           https://docs.fugue.co/FG_R00068.html

  [1]: module.vpc.aws_cloudwatch_log_group.flow_log[0]
       in .terraform/modules/vpc/vpc-flow-logs.tf

FG_R00089: VPC default security group should restrict all traffic [Medium]
           https://docs.fugue.co/FG_R00089.html

  [1]: module.vpc.aws_vpc.this[0]
       in .terraform/modules/vpc/main.tf

Found 3 problems.

With Regula v2.10.0:

~/Downloads/regula_2.10.0_Linux_x86_64/regula run .

FG_R00068: CloudWatch log groups should be encrypted with customer managed KMS keys [Medium]
           https://docs.fugue.co/FG_R00068.html

  [1]: module.vpc.aws_cloudwatch_log_group.flow_log
       in .terraform/modules/vpc/vpc-flow-logs.tf:44:1
       included at main.tf:2:42

FG_R00089: VPC default security group should restrict all traffic [Medium]
           https://docs.fugue.co/FG_R00089.html

  [1]: module.vpc.aws_vpc.this
       in .terraform/modules/vpc/main.tf:20:1
       included at main.tf:2:42

Found 2 problems.

IaC Configuration

module "vpc" {
  source                               = "registry.terraform.io/terraform-aws-modules/vpc/aws"
  version                              = "3.14.4"
  cidr                                 = "10.0.0.0/16"
  enable_flow_log                      = true
  create_flow_log_cloudwatch_iam_role  = true
  create_flow_log_cloudwatch_log_group = true
}

Additional context
Add any other context about the problem here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Octogonapus