Skip to content

Gomboc Fix for #20 - tf-test #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: pepegc-patch-15
Choose a base branch
from
Open

Gomboc Fix for #20 - tf-test #21

wants to merge 2 commits into from

Conversation

gomboc-ai-community[bot]
Copy link

This fix was produced in response to #20 on the following target:

Repository Branch Directory
pepegc/rattleback pepegc-patch-15 tf-test
Rules with observations 10
Affected resources 4
Resource types 4
Code fixes 7
Files modified 1
Recommendation Resources Observations
API Key Authentication 1 1
Client Authentication via IAM SigV4 1 1
Encryption At-Rest with Provider Managed Key 2 2
Encryption At-Rest with Bespoke Service Implementation 1 1
Encryption At-Rest with Customer Managed Key (CMK) 1 1
Deletion Protection 1 1
Request Tracing 2 2
On-Demand Capacity 1 1
Provisioned Capacity 1 1
Resource Tags 1 1

These recommendations come from the following benchmarks

Benchmark
Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
CIS Critical Security Controls v8.1

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf

resource "aws_dynamodb_table" "test_table_a" {

deletion_protection_enabled = true
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.9 Recommended applying Deletion Protection:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1

Leave feedback (ref: d464e376604756a617e8baccc5cc483f0de93c9d80f2d39c7ee5e0a0d2572966)

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
Copy link
Author

@gomboc-ai-community gomboc-ai-community bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I scanned the tf-test directory in search of Terraform misconfigurations. No issues found!

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf
resource "aws_dynamodb_table" "test_table_a" {

deletion_protection_enabled = true
billing_mode = "PAY_PER_REQUEST"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.10 Recommended applying On-Demand Capacity:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

Leave feedback (ref: 2611ff7b5b3eae44bcc9796c834cd2d2c7935c9e97dd43e531cea620e981feb1)

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf

deletion_protection_enabled = true
billing_mode = "PAY_PER_REQUEST"
tags = "null"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.11 Recommended applying Resource Tags:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1

Leave feedback (ref: 411f3e36ed53e52f7e3cbaf9072767d6262fc37d250785221664e8503f0fb156)

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf
billing_mode = "PAY_PER_REQUEST"
tags = "null"
server_side_encryption {
enabled = false
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.13 Recommended applying Encryption At-Rest with Bespoke Service Implementation:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

Leave feedback (ref: b0f7e9f4458edaed4cd2552dd0d3c1f1f2afaf3a233e43f01c1c0ba789462c97)

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf

resource "aws_lambda_function" "myfunction" {
tracing_config {
mode = "Active"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.19 Recommended applying Request Tracing:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1

Leave feedback (ref: 62765aecbde07930d8afdc5696a332e40096397147c55134f82a87707ef492b7)

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf

resource "aws_appsync_graphql_api" "test_api" {
authentication_type = "API_KEY"
xray_enabled = true
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.25 Recommended applying Request Tracing:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
    • CIS Critical Security Controls v8.1

Leave feedback (ref: af879331249c525901eab405f59e69d22c6054f0f9210c45442068029cac615e)

gomboc-ai-community[bot]
gomboc-ai-community bot commented Jun 30, 2025
View reviewed changes
tf-test/main.tf
resource "aws_keyspaces_table" "mykeyspacestable" {
}
encryption_specification {
type = "AWS_OWNED_KMS_KEY"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • l.30 Recommended applying Encryption At-Rest with Provider Managed Key:
    • Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

Leave feedback (ref: 836e766e32572c9b826b7b6eb5f08575aaa011e2acd90073135728da07e46486)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants