Skip to content

Example: S3 Auto Create README.md docs #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Navapon wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Example: S3 Auto Create README.md docs #3

Navapon wants to merge 2 commits into from

Conversation

@Navapon
Copy link
Owner

@Navapon Navapon commented Jan 24, 2025

Trigger test auto create docs

@infracost
Copy link

infracost bot commented Jan 24, 2025
edited
Loading

💰 Infracost report

Monthly estimate generated

This comment will be updated when code changes.

@Navapon Navapon changed the title ci: trigger Example: S3 Auto Create README.md docs Jan 24, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jan 24, 2025

Change detected in the following directories: modules/s3 🚀

Terraform Initialization ⚙️ success

Terraform Plan 📖 failure

[command]/home/runner/work/_temp/e51530e6-41ce-4544-9177-52eec60abb43/terraform-bin plan -no-color -input=false

Error: No value for required variable

  on variables.tf line 25:
  25: variable "bucket_policy" {

The root module input variable "bucket_policy" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.

Error: No value for required variable

  on variables.tf line 31:
  31: variable "tags" {

The root module input variable "tags" is not set, and has no default value.
Use a -var or -var-file command line argument to provide a value for this
variable.

Error: No value for required variable

  on variables.tf line 60:
  60: variable "expected_bucket_owner" {

The root module input variable "expected_bucket_owner" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.

Error: No value for required variable

  on variables.tf line 122:
 122: variable "create_s3_website_configuration" {

The root module input variable "create_s3_website_configuration" is not set,
and has no default value. Use a -var or -var-file command line argument to
provide a value for this variable.
::debug::Terraform exited with code 1.
::debug::stdout: 
::debug::stderr: %0AError: No value for required variable%0A%0A  on variables.tf line 25:%0A  25: variable "bucket_policy" {%0A%0AThe root module input variable "bucket_policy" is not set, and has no default%0Avalue. Use a -var or -var-file command line argument to provide a value for%0Athis variable.%0A%0AError: No value for required variable%0A%0A  on variables.tf line 31:%0A  31: variable "tags" {%0A%0AThe root module input variable "tags" is not set, and has no default value.%0AUse a -var or -var-file command line argument to provide a value for this%0Avariable.%0A%0AError: No value for required variable%0A%0A  on variables.tf line 60:%0A  60: variable "expected_bucket_owner" {%0A%0AThe root module input variable "expected_bucket_owner" is not set, and has no%0Adefault value. Use a -var or -var-file command line argument to provide a%0Avalue for this variable.%0A%0AError: No value for required variable%0A%0A  on variables.tf line 122:%0A 122: variable "create_s3_website_configuration" {%0A%0AThe root module input variable "create_s3_website_configuration" is not set,%0Aand has no default value. Use a -var or -var-file command line argument to%0Aprovide a value for this variable.%0A
::debug::exitcode: 1
::error::Terraform exited with code 1.

Pushed by: @Navapon, Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Jan 24, 2025

Run pre-commit at modules/s3
Location: /home/runner/work/terraform-precommit/terraform-precommit/modules/s3

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
[INFO] Initializing environment for https://github.com/gitleaks/gitleaks.
[INFO] Initializing environment for https://github.com/antonbabenko/pre-commit-terraform.
[INFO] Installing environment for https://github.com/pre-commit/pre-commit-hooks.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
[INFO] Installing environment for https://github.com/gitleaks/gitleaks.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
check yaml...........................................(no files to check)Skipped
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing modules/s3/outputs.tf

trim trailing whitespace.................................................Passed
check for added large files..............................................Passed
detect private key.......................................................Passed
Detect hardcoded secrets.................................................Passed
Terraform fmt............................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
Terraform validate.......................................................Passed
Terraform validate with trivy........................(no files to check)Skipped
Checkov..................................................................Failed
- hook id: terraform_checkov
- exit code: 1

_               _
   ___| |__   ___  ___| | _______   __
  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
 | (__| | | |  __/ (__|   < (_) \ V /
  \___|_| |_|\___|\___|_|\_\___/ \_/

By Prisma Cloud | version: 3.2.352 
Update available 3.2.352 -> 3.2.357
Run pip3 install -U checkov to update 


terraform scan results:

Passed checks: 18, Failed checks: 4, Skipped checks: 0

Check: CKV_AWS_93: "Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)"
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-24
Check: CKV_AWS_93: "Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)"
	PASSED for resource: aws_s3_bucket_policy.this[0]
	File: /main.tf:9-14
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-24
Check: CKV_AWS_379: "Ensure AWS S3 bucket is configured with secure data transport policy"
	PASSED for resource: aws_s3_bucket_acl.this
	File: /main.tf:23-29
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-379
Check: CKV_AWS_375: "Ensure AWS S3 bucket does not have global view ACL permissions enabled"
	PASSED for resource: aws_s3_bucket_acl.this
	File: /main.tf:23-29
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-375
Check: CKV_AWS_54: "Ensure S3 bucket has block public policy enabled"
	PASSED for resource: aws_s3_bucket_public_access_block.this
	File: /main.tf:79-86
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-20
Check: CKV_AWS_53: "Ensure S3 bucket has block public ACLS enabled"
	PASSED for resource: aws_s3_bucket_public_access_block.this
	File: /main.tf:79-86
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-19
Check: CKV_AWS_55: "Ensure S3 bucket has ignore public ACLs enabled"
	PASSED for resource: aws_s3_bucket_public_access_block.this
	File: /main.tf:79-86
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-21
Check: CKV_AWS_56: "Ensure S3 bucket has 'restrict_public_buckets' enabled"
	PASSED for resource: aws_s3_bucket_public_access_block.this
	File: /main.tf:79-86
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-22
Check: CKV_AWS_300: "Ensure S3 lifecycle configuration sets period for aborting failed uploads"
	PASSED for resource: aws_s3_bucket_lifecycle_configuration.this
	File: /main.tf:127-173
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-300
Check: CKV_AWS_41: "Ensure no hard coded AWS access key and secret key exists in provider"
	PASSED for resource: aws.default
	File: /versions.tf:12-19
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-5
Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging
Check: CKV_AWS_57: "S3 Bucket has an ACL defined which allows public WRITE access."
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-2-acl-write-permissions-everyone
Check: CKV2_AWS_65: "Ensure access control lists for S3 buckets are disabled"
	PASSED for resource: aws_s3_bucket_ownership_controls.this
	File: /main.tf:16-21
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-112
Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning
Check: CKV_AWS_20: "S3 Bucket has an ACL defined which allows public READ access."
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-1-acl-read-permissions-everyone
Check: CKV2_AWS_43: "Ensure S3 Bucket does not allow access to all Authenticated users"
	PASSED for resource: aws_s3_bucket_acl.this
	File: /main.tf:23-29
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-s3-bucket-does-not-allow-access-to-all-authenticated-users
Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-61
Check: CKV2_AWS_6: "Ensure that S3 bucket has a Public Access block"
	PASSED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached
Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
	FAILED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-62

		1 | resource "aws_s3_bucket" "this" {
		2 |   force_destroy = var.force_destroy
		3 |   bucket        = var.bucket
		4 |   tags          = var.tags
		5 | 
		6 |   object_lock_enabled = var.bucket_lock_enabled
		7 | }

Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
	FAILED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled

		1 | resource "aws_s3_bucket" "this" {
		2 |   force_destroy = var.force_destroy
		3 |   bucket        = var.bucket
		4 |   tags          = var.tags
		5 | 
		6 |   object_lock_enabled = var.bucket_lock_enabled
		7 | }

Check: CKV_AWS_145: "Ensure that S3 buckets are encrypted with KMS by default"
	FAILED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default

		1 | resource "aws_s3_bucket" "this" {
		2 |   force_destroy = var.force_destroy
		3 |   bucket        = var.bucket
		4 |   tags          = var.tags
		5 | 
		6 |   object_lock_enabled = var.bucket_lock_enabled
		7 | }

Check: CKV_AWS_19: "Ensure all data stored in the S3 bucket is securely encrypted at rest"
	FAILED for resource: aws_s3_bucket.this
	File: /main.tf:1-7
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-14-data-encrypted-at-rest

		1 | resource "aws_s3_bucket" "this" {
		2 |   force_destroy = var.force_destroy
		3 |   bucket        = var.bucket
		4 |   tags          = var.tags
		5 | 
		6 |   object_lock_enabled = var.bucket_lock_enabled
		7 | }

Infracost breakdown......................................................Passed
- hook id: infracost_breakdown
- duration: 1.39s

2025-01-24T17:22:44Z INFO Autodetected 1 Terraform project across 1 root module
2025-01-24T17:22:44Z INFO Found Terraform project "main" at directory "." using Terraform var files "prod.tfvars", "dev.tfvars"


Running in "community-days/live"

Summary: {
  "totalDetectedResources": 0,
  "totalSupportedResources": 0,
  "totalUnsupportedResources": 0,
  "totalUsageBasedResources": 0,
  "totalNoPriceResources": 0,
  "unsupportedResourceCounts": {},
  "noPriceResourceCounts": {}
}

Total Monthly Cost:        0 USD
Total Monthly Cost (diff): 0 USD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Navapon