Update iac_scan.yaml #103
liorj-orcaAnnotations
8 errors and 10 warnings
|
[HIGH] GKE using non-private nodes:
aws/positive1.yaml#L4
Details:
Kubernetes Clusters must be created with Private Clusters enabled
Recommendation:
'privateClusterConfig' should be defined and not null
|
|
[HIGH] Ec2 instance with public IPv4 address:
aws/ec22.tf#L1
Details:
EC2 Instance should not have a public IP address.
Recommendation:
'associate_public_ip_address' should be defined and not null
|
|
[HIGH] Ec2 instance with public IPv4 address:
aws/ec2.tf#L1
Details:
EC2 Instance should not have a public IP address.
Recommendation:
'associate_public_ip_address' should be defined and not null
|
|
[HIGH] Ec2 instance with public IPv4 address:
aws/ec222.tf#L1
Details:
EC2 Instance should not have a public IP address.
Recommendation:
'associate_public_ip_address' should be defined and not null
|
|
[HIGH] Global Security Field Is Undefined:
aws/positive3.json#L2
Details:
Global security field should be defined to prevent API to have insecure paths and
have this rules defined on securitySchemes
Recommendation:
A default security property should be defined
|
|
[HIGH] Global Security Field Is Undefined:
aws/positive2.yaml#L1
Details:
Global security field should be defined to prevent API to have insecure paths and
have this rules defined on securitySchemes
Recommendation:
A default security property should be defined
|
|
[HIGH] Cluster Master Authentication Disabled:
aws/positive1.yaml#L4
Details:
Kubernetes Engine Clusters must have Master Authentication set to enabled
Recommendation:
'masterAuth' should be defined and not null
|
|
Orca IaC Scan
Orca IaC scan failed with exit code 3
|
|
[MEDIUM] Field 'securityScheme' On Components Is Undefined:
aws/positive3.json#L2
Details:
Components' securityScheme field must have a valid scheme
Recommendation:
A security scheme on components should be defined
|
|
[MEDIUM] Additional Properties Too Permissive:
aws/positive3.json#L17
Details:
Objects should not accept 'additionalProperties' if it is possible
Recommendation:
'additionalProperties' needs to be set and to false
|
|
[MEDIUM] EBS Volume Encryption Disabled:
aws/ec2.tf#L34
Details:
EBS volumes should be encrypted
Recommendation:
One of 'aws_ebs_volume.encrypted' should be defined
|
|
[MEDIUM] EBS Volume Encryption Disabled:
aws/ec222.tf#L34
Details:
EBS volumes should be encrypted
Recommendation:
One of 'aws_ebs_volume.encrypted' should be defined
|
|
[MEDIUM] EBS Volume Encryption Disabled:
aws/ec22.tf#L34
Details:
EBS volumes should be encrypted
Recommendation:
One of 'aws_ebs_volume.encrypted' should be defined
|
|
[MEDIUM] Global Server Object Uses HTTP:
aws/positive3.json#L2
Details:
Global server object URL should use 'https' protocol instead of 'http'
Recommendation:
Global servers array should be defined
|
|
[MEDIUM] S3 Bucket SSE Disabled:
aws/ec22.tf#L271
Details:
If algorithm is AES256 then the master key is null, empty or undefined, otherwise
the master key is required
Recommendation:
'aws_s3_bucket' to have 'server_side_encryption_configuration' associated
|
|
[MEDIUM] S3 Bucket SSE Disabled:
aws/ppp.tf#L1
Details:
If algorithm is AES256 then the master key is null, empty or undefined, otherwise
the master key is required
Recommendation:
'aws_s3_bucket' to have 'server_side_encryption_configuration' associated
|
|
[MEDIUM] S3 Bucket SSE Disabled:
aws/ec222.tf#L271
Details:
If algorithm is AES256 then the master key is null, empty or undefined, otherwise
the master key is required
Recommendation:
'aws_s3_bucket' to have 'server_side_encryption_configuration' associated
|
|
[MEDIUM] S3 Bucket SSE Disabled:
aws/ec2.tf#L271
Details:
If algorithm is AES256 then the master key is null, empty or undefined, otherwise
the master key is required
Recommendation:
'aws_s3_bucket' to have 'server_side_encryption_configuration' associated
|