From 0a2bb5be60d418f87c74a55d28a164e8191986d4 Mon Sep 17 00:00:00 2001 From: avazula Date: Mon, 12 Feb 2024 15:41:20 +0100 Subject: [PATCH 1/3] Update tf code for fixing CKV_AWS_312 --- .../aws-policies/aws-general-policies/bc-aws-312.adoc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc index de9128bc53..7fdfa72f81 100644 --- a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc @@ -32,7 +32,7 @@ This policy is checking to make sure that Elastic Beanstalk environments have en *Terraform* * *Resource:* aws_elastic_beanstalk_environment -* *Arguments:* namespace, HealthStreamingEnabled +* *Arguments:* namespace, SystemType, EnhancedHealthAuthEnabled In order to fix this issue, you need to enable enhanced health reporting in your Elastic Beanstalk environment configuration. @@ -49,7 +49,12 @@ resource "aws_elastic_beanstalk_environment" "pass" { tags = local.tags + setting { + namespace = "aws:elasticbeanstalk:healthreporting:system" -+ name = "HealthStreamingEnabled" ++ name = "SystemType" ++ value = "enhanced" ++ } ++ setting { ++ namespace = "aws:elasticbeanstalk:healthreporting:system" ++ name = "EnhancedHealthAuthEnabled" + value = "true" + } } From ce35a5cb4817df258c1b1e28cd4902569c5d5ae1 Mon Sep 17 00:00:00 2001 From: avazula Date: Mon, 12 Feb 2024 16:12:06 +0100 Subject: [PATCH 2/3] Wrong setting used --- .../aws-policies/aws-general-policies/bc-aws-312.adoc | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc index 7fdfa72f81..aeb1a5e682 100644 --- a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc @@ -48,13 +48,8 @@ resource "aws_elastic_beanstalk_environment" "pass" { version_label = var.version_label tags = local.tags + setting { -+ namespace = "aws:elasticbeanstalk:healthreporting:system" -+ name = "SystemType" -+ value = "enhanced" -+ } -+ setting { -+ namespace = "aws:elasticbeanstalk:healthreporting:system" -+ name = "EnhancedHealthAuthEnabled" ++ namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" ++ name = "HealthStreamingEnabled" + value = "true" + } } From 82700d0a54b692aed086c7c915c72e582a9b50bb Mon Sep 17 00:00:00 2001 From: avazula Date: Mon, 12 Feb 2024 16:13:14 +0100 Subject: [PATCH 3/3] fixed arguments --- .../aws-policies/aws-general-policies/bc-aws-312.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc index aeb1a5e682..86a1668e35 100644 --- a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc @@ -32,7 +32,7 @@ This policy is checking to make sure that Elastic Beanstalk environments have en *Terraform* * *Resource:* aws_elastic_beanstalk_environment -* *Arguments:* namespace, SystemType, EnhancedHealthAuthEnabled +* *Arguments:* namespace, HealthStreamingEnabled In order to fix this issue, you need to enable enhanced health reporting in your Elastic Beanstalk environment configuration.