From 65906203c76fd1bb8f1fba927d34bcb72acab5eb Mon Sep 17 00:00:00 2001
From: Ruben Aleman <ruben.aleman@makandra.de>
Date: Wed, 7 Aug 2024 13:02:59 +0200
Subject: [PATCH] fix: resolve checkov findings

---
 .checkov.yaml      | 3 +++
 modules/eks/kms.tf | 1 +
 2 files changed, 4 insertions(+)
 create mode 100644 .checkov.yaml

diff --git a/.checkov.yaml b/.checkov.yaml
new file mode 100644
index 0000000..f8fc13c
--- /dev/null
+++ b/.checkov.yaml
@@ -0,0 +1,3 @@
+skip-check:
+# modules
+  - CKV_TF_1 # We are fine just using the module tag for the source
diff --git a/modules/eks/kms.tf b/modules/eks/kms.tf
index 6ae9061..0799723 100644
--- a/modules/eks/kms.tf
+++ b/modules/eks/kms.tf
@@ -60,6 +60,7 @@ data "aws_iam_policy_document" "eks_ebs" {
 }
 
 resource "aws_kms_key" "eks" {
+  #checkov:skip=CKV2_AWS_64: We do not need a resource policy for this key
   description             = "EKS Secret Encryption Key"
   deletion_window_in_days = 7
   enable_key_rotation     = true