Skip to content

Commit

Permalink
feat(terraform): Adding 2 new AWS policies (#5599)
Browse files Browse the repository at this point in the history 
* adding 2 YAML policies - S3 & Neptune security config

* adding 2 YAML policies

* adding 2 YAML policies

* adding 2 YAML policies

* added 2 YAML policies

* updated the pass and fail cases

* Updated terraform pass and fail cases

* Deleted - AWS S3 global ACL view check

* added policy "Ensure Elastic Search has dedicated master node enabled"

CKV2_AWS_59: Ensure Elastic Search has dedicated master node enabled

* added policy "CKV2_AWS_60: Ensure RDS instance with copy tags to snapshots is enabled"

Ensure RDS instance with copy tags to snapshots is enabled

* [New Policy]: CKV2_AZURE_23: Ensure Azure spring cloud is configured with Virtual network (Vnet)

CKV2_AZURE_23: Ensure Azure spring cloud is configured with Virtual network (Vnet)

* [2 new Policies]: CKV2_AZURE_24, CKV2_AZURE_25

CKV2_AZURE_24: Ensure Azure automation account is NOT overly permissive

CKV2_AZURE_25: Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled

* Update checkov/terraform/checks/graph_checks/aws/ElasticSearchDedicatedMasterEnabled.yaml

Added opensearch check capability

Co-authored-by: Anton Grübel <[email protected]>

* Modified CKV2_AWS_59: Ensure ElasticSearch/OpenSearch has dedicated master node enabled

* Renamed/Modified CKV2_AZURE_24: Ensure Azure automation account does NOT have overly permissive network access

* Renamed/Modified CKV2_AZURE_24: Ensure Azure automation account does NOT have overly permissive network access

* Modified CKV2_AZURE_23: Ensure Azure spring cloud is configured with Virtual network (Vnet)

* CKV2_AZURE_25: Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled

* Modified CKV2_AWS_60: Ensure RDS instance with copy tags to snapshots is enabled

* Added 5 YAML policies

* Modified CKV2_AWS_60: Ensure RDS instance with copy tags to snapshots is enabled

* Added 2 policies related to customer ask (GIC)

* Optimised the policy name for CKV2_AWS_66

* Added the 2 policies records to test_yaml_policies.py

* Modified policies as per suggestions

* fix resource references

---------

Co-authored-by: Anton Grübel <[email protected]>
  • Loading branch information
@praveen-panw @gruebel @actions-user
2 people authored and actions-user committed Sep 28, 2023
1 parent 83c272a commit f697637
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion checkov/version.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
version = '2.4.53'
version = '2.4.54'
2 changes: 1 addition & 1 deletion kubernetes/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
checkov==2.4.53
checkov==2.4.54

0 comments on commit f697637

Please sign in to comment.