chore: fix checkov

makandra · Jun 15, 2023 · ef05809 · ef05809
1 parent 2161b8b
commit ef05809
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/modules/RDSOSMetrics_loggroup/data.tf b/modules/RDSOSMetrics_loggroup/data.tf
@@ -5,6 +5,7 @@ data "aws_region" "current" {}
 data "aws_iam_policy_document" "RDSOS_KMS" {
   #checkov:skip=CKV_AWS_109:This is required for a working KMS key policy
   #checkov:skip=CKV_AWS_111:This is required for a working KMS key policy
+  #checkov:skip=CKV_AWS_356:Does not apply here because KMS key policies only apply to the key itself.
   count     = var.create_kms_key ? 1 : 0
   policy_id = "key-policy-cloudwatch"
   statement {

diff --git a/modules/RDSOSMetrics_loggroup/main.tf b/modules/RDSOSMetrics_loggroup/main.tf
@@ -4,6 +4,7 @@ locals {
 }
 
 resource "aws_cloudwatch_log_group" "this" {
+  #checkov:skip=CKV_AWS_338:Logs retention time does not always have to be at least 1 year
   name              = "RDSOSMetrics"
   retention_in_days = var.log_rentention_days
   kms_key_id        = local.kms_key_id

diff --git a/modules/eks/kms.tf b/modules/eks/kms.tf
@@ -1,6 +1,7 @@
 data "aws_iam_policy_document" "eks_ebs" {
   #checkov:skip=CKV_AWS_111: Does not apply here because KMS key policies only apply to the key itself. (https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint)
   #checkov:skip=CKV_AWS_109: Does not apply here because KMS key policies only apply to the key itself. (https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint)
+  #checkov:skip=CKV_AWS_356:Does not apply here because KMS key policies only apply to the key itself.
   statement {
     sid       = "Enable IAM User Permissions"
     actions   = ["kms:*"]
@@ -97,6 +98,7 @@ resource "aws_kms_alias" "eks_logging" {
 data "aws_iam_policy_document" "eks_logging" {
   #checkov:skip=CKV_AWS_111: Does not apply here because KMS key policies only apply to the key itself. (https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint)
   #checkov:skip=CKV_AWS_109: Does not apply here because KMS key policies only apply to the key itself. (https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint)
+  #checkov:skip=CKV_AWS_356:Does not apply here because KMS key policies only apply to the key itself.
   policy_id = "key-policy-cloudwatch"
   statement {
     sid = "Enable IAM User Permissions"