From 4f9ef99b17062c9da41e3c0f275be126e52e6442 Mon Sep 17 00:00:00 2001 From: d3adb5 Date: Thu, 12 Oct 2023 04:08:37 -0700 Subject: [PATCH 1/2] refactor: use assume_role block for role_arn Use the assume_role.role_arn property instead of the now deprecated role_arn. This should also fix potential issues with the AWS provider trying to assume a nonexistent role. --- templates/backend.tf.tpl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/backend.tf.tpl b/templates/backend.tf.tpl index 3e2f7f9..16683ea 100644 --- a/templates/backend.tf.tpl +++ b/templates/backend.tf.tpl @@ -7,7 +7,11 @@ terraform { dynamodb_table = "${dynamodb_table}" %{~ endif ~} profile = "${profile}" - role_arn = "${role_arn}" encrypt = "${encrypt}" + %{~ if role_arn != "" ~} + assume_role { + role_arn = "${role_arn}" + } + %{~ endif ~} } } From 9551a57a53829ef6e292d0f4a58120ebcc39df5e Mon Sep 17 00:00:00 2001 From: martingaleano Date: Wed, 24 Jan 2024 11:51:19 -0300 Subject: [PATCH 2/2] Add checkov Skip --- bucket_replication.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bucket_replication.tf b/bucket_replication.tf index 296ec7c..3cacebe 100644 --- a/bucket_replication.tf +++ b/bucket_replication.tf @@ -4,6 +4,13 @@ resource "aws_s3_bucket" "replication_bucket" { # checkov:skip=CKV2_AWS_62:False Positive. This bucket is the replication destination # checkov:skip=CKV_AWS_144:False Positive. This bucket is the replication destination + ## Since we use the attribute 'count' to create an aws_s3_bucket, checkov has a known issue that results in + ## an error even though we are using the correct configurations. (Ref https://github.com/bridgecrewio/checkov/issues/3847) + # checkov:skip=CKV2_AWS_61:Skip due to above comment + # checkov:skip=CKV_AWS_145:Skip due to above comment + # checkov:skip=CKV_AWS_21:Skip due to above comment + # checkov:skip=CKV2_AWS_6:Skip due to above comment + provider = aws.secondary bucket = format("%s-%s-%s-%s", var.namespace, var.stage, var.name, var.bucket_replication_name)