Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

[BUG] Regression in FG_R00054 #393

Open
Octogonapus opened this issue Feb 10, 2023 · 0 comments
Open

[BUG] Regression in FG_R00054 #393

Octogonapus opened this issue Feb 10, 2023 · 0 comments

Comments

@Octogonapus
Copy link

Describe the bug
Regula v3.0.0 checks FG_R00054 incorrectly, reporting that VPC flow logs are not enabled when they actually are.

How you're running Regula

  • I'm using Regula v3.0.0 as a CLI tool and my Terraform source code as an input:
regula run .

Operating System
6.0.18-200.fc36.x86_64

Steps to reproduce

With Regula v3.0.0:

regula run .

FG_R00054: VPC flow logging should be enabled [Medium]
           https://docs.fugue.co/FG_R00054.html

  [1]: module.vpc.aws_vpc.this[0]
       in .terraform/modules/vpc/main.tf

FG_R00068: CloudWatch log groups should be encrypted with customer managed KMS keys [Medium]
           https://docs.fugue.co/FG_R00068.html

  [1]: module.vpc.aws_cloudwatch_log_group.flow_log[0]
       in .terraform/modules/vpc/vpc-flow-logs.tf

FG_R00089: VPC default security group should restrict all traffic [Medium]
           https://docs.fugue.co/FG_R00089.html

  [1]: module.vpc.aws_vpc.this[0]
       in .terraform/modules/vpc/main.tf

Found 3 problems.

With Regula v2.10.0:

~/Downloads/regula_2.10.0_Linux_x86_64/regula run .

FG_R00068: CloudWatch log groups should be encrypted with customer managed KMS keys [Medium]
           https://docs.fugue.co/FG_R00068.html

  [1]: module.vpc.aws_cloudwatch_log_group.flow_log
       in .terraform/modules/vpc/vpc-flow-logs.tf:44:1
       included at main.tf:2:42

FG_R00089: VPC default security group should restrict all traffic [Medium]
           https://docs.fugue.co/FG_R00089.html

  [1]: module.vpc.aws_vpc.this
       in .terraform/modules/vpc/main.tf:20:1
       included at main.tf:2:42

Found 2 problems.

IaC Configuration

module "vpc" {
  source                               = "registry.terraform.io/terraform-aws-modules/vpc/aws"
  version                              = "3.14.4"
  cidr                                 = "10.0.0.0/16"
  enable_flow_log                      = true
  create_flow_log_cloudwatch_iam_role  = true
  create_flow_log_cloudwatch_log_group = true
}

Additional context
Add any other context about the problem here.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Octogonapus