This repository was archived by the owner on Sep 3, 2024. It is now read-only.
This repository was archived by the owner on Sep 3, 2024. It is now read-only.
[BUG] Regression in FG_R00054 #393
Description
Describe the bug
Regula v3.0.0 checks FG_R00054 incorrectly, reporting that VPC flow logs are not enabled when they actually are.
How you're running Regula
- I'm using Regula v3.0.0 as a CLI tool and my Terraform source code as an input:
regula run .Operating System
6.0.18-200.fc36.x86_64
Steps to reproduce
With Regula v3.0.0:
regula run .
FG_R00054: VPC flow logging should be enabled [Medium]
https://docs.fugue.co/FG_R00054.html
[1]: module.vpc.aws_vpc.this[0]
in .terraform/modules/vpc/main.tf
FG_R00068: CloudWatch log groups should be encrypted with customer managed KMS keys [Medium]
https://docs.fugue.co/FG_R00068.html
[1]: module.vpc.aws_cloudwatch_log_group.flow_log[0]
in .terraform/modules/vpc/vpc-flow-logs.tf
FG_R00089: VPC default security group should restrict all traffic [Medium]
https://docs.fugue.co/FG_R00089.html
[1]: module.vpc.aws_vpc.this[0]
in .terraform/modules/vpc/main.tf
Found 3 problems.With Regula v2.10.0:
~/Downloads/regula_2.10.0_Linux_x86_64/regula run .
FG_R00068: CloudWatch log groups should be encrypted with customer managed KMS keys [Medium]
https://docs.fugue.co/FG_R00068.html
[1]: module.vpc.aws_cloudwatch_log_group.flow_log
in .terraform/modules/vpc/vpc-flow-logs.tf:44:1
included at main.tf:2:42
FG_R00089: VPC default security group should restrict all traffic [Medium]
https://docs.fugue.co/FG_R00089.html
[1]: module.vpc.aws_vpc.this
in .terraform/modules/vpc/main.tf:20:1
included at main.tf:2:42
Found 2 problems.IaC Configuration
module "vpc" {
source = "registry.terraform.io/terraform-aws-modules/vpc/aws"
version = "3.14.4"
cidr = "10.0.0.0/16"
enable_flow_log = true
create_flow_log_cloudwatch_iam_role = true
create_flow_log_cloudwatch_log_group = true
}Additional context
Add any other context about the problem here.