How to use the checkov.terraform.checks.resource.aws.ElasticsearchNodeToNodeEncryption.check.scan_resource_conf function in checkov

To help you get started, we’ve selected a few checkov examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_ElasticsearchNodeToNodeEncryption.py View on Github external
'zone_awareness_config': [
                                                 {'availability_zone_count': ['${var.availability_zone_count}']}]}],
                         'node_to_node_encryption': [{'enabled': [True]}], 'vpc_options': [
                {'security_group_ids': [['${join("",aws_security_group.default.*.id)}']],
                 'subnet_ids': ['${var.subnet_ids}']}], 'snapshot_options': [
                {'automated_snapshot_start_hour': ['${var.automated_snapshot_start_hour}']}],
                         'log_publishing_options': [
                             {'enabled': ['${var.log_publishing_index_enabled}'], 'log_type': ['INDEX_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_index_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_search_enabled}'], 'log_type': ['SEARCH_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_search_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_application_enabled}'],
                              'log_type': ['ES_APPLICATION_LOGS'], 'cloudwatch_log_group_arn': [
                                 '${var.log_publishing_application_cloudwatch_log_group_arn}']}],
                         'tags': ['${module.label.tags}'], 'depends_on': [['${aws_iam_service_linked_role.default}']]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_ElasticsearchNodeToNodeEncryption.py View on Github external
'zone_awareness_config': [
                                                 {'availability_zone_count': ['${var.availability_zone_count}']}]}],
                         'vpc_options': [
                             {'security_group_ids': [['${join("",aws_security_group.default.*.id)}']],
                              'subnet_ids': ['${var.subnet_ids}']}], 'snapshot_options': [
                {'automated_snapshot_start_hour': ['${var.automated_snapshot_start_hour}']}],
                         'log_publishing_options': [
                             {'enabled': ['${var.log_publishing_index_enabled}'], 'log_type': ['INDEX_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_index_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_search_enabled}'], 'log_type': ['SEARCH_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_search_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_application_enabled}'],
                              'log_type': ['ES_APPLICATION_LOGS'], 'cloudwatch_log_group_arn': [
                                 '${var.log_publishing_application_cloudwatch_log_group_arn}']}],
                         'tags': ['${module.label.tags}'], 'depends_on': [['${aws_iam_service_linked_role.default}']]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.UNKNOWN, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_ElasticsearchNodeToNodeEncryption.py View on Github external
'zone_awareness_config': [
                                                 {'availability_zone_count': ['${var.availability_zone_count}']}]}],
                         'vpc_options': [
                             {'security_group_ids': [['${join("",aws_security_group.default.*.id)}']],
                              'subnet_ids': ['${var.subnet_ids}']}], 'snapshot_options': [
                {'automated_snapshot_start_hour': ['${var.automated_snapshot_start_hour}']}],
                         'log_publishing_options': [
                             {'enabled': ['${var.log_publishing_index_enabled}'], 'log_type': ['INDEX_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_index_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_search_enabled}'], 'log_type': ['SEARCH_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_search_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_application_enabled}'],
                              'log_type': ['ES_APPLICATION_LOGS'], 'cloudwatch_log_group_arn': [
                                 '${var.log_publishing_application_cloudwatch_log_group_arn}']}],
                         'tags': ['${module.label.tags}'], 'depends_on': [['${aws_iam_service_linked_role.default}']]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_ElasticsearchNodeToNodeEncryption.py View on Github external
'zone_awareness_config': [
                                                 {'availability_zone_count': ['${var.availability_zone_count}']}]}],
                         'node_to_node_encryption': [{'enabled': [False]}], 'vpc_options': [
                {'security_group_ids': [['${join("",aws_security_group.default.*.id)}']],
                 'subnet_ids': ['${var.subnet_ids}']}], 'snapshot_options': [
                {'automated_snapshot_start_hour': ['${var.automated_snapshot_start_hour}']}],
                         'log_publishing_options': [
                             {'enabled': ['${var.log_publishing_index_enabled}'], 'log_type': ['INDEX_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_index_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_search_enabled}'], 'log_type': ['SEARCH_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_search_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_application_enabled}'],
                              'log_type': ['ES_APPLICATION_LOGS'], 'cloudwatch_log_group_arn': [
                                 '${var.log_publishing_application_cloudwatch_log_group_arn}']}],
                         'tags': ['${module.label.tags}'], 'depends_on': [['${aws_iam_service_linked_role.default}']]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_ElasticsearchNodeToNodeEncryption.py View on Github external
'zone_awareness_config': [
                                                 {'availability_zone_count': ['${var.availability_zone_count}']}]}],
                         'node_to_node_encryption': [{'enabled': [False]}], 'vpc_options': [
                {'security_group_ids': [['${join("",aws_security_group.default.*.id)}']],
                 'subnet_ids': ['${var.subnet_ids}']}], 'snapshot_options': [
                {'automated_snapshot_start_hour': ['${var.automated_snapshot_start_hour}']}],
                         'log_publishing_options': [
                             {'enabled': ['${var.log_publishing_index_enabled}'], 'log_type': ['INDEX_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_index_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_search_enabled}'], 'log_type': ['SEARCH_SLOW_LOGS'],
                              'cloudwatch_log_group_arn': ['${var.log_publishing_search_cloudwatch_log_group_arn}']},
                             {'enabled': ['${var.log_publishing_application_enabled}'],
                              'log_type': ['ES_APPLICATION_LOGS'], 'cloudwatch_log_group_arn': [
                                 '${var.log_publishing_application_cloudwatch_log_group_arn}']}],
                         'tags': ['${module.label.tags}'], 'depends_on': [['${aws_iam_service_linked_role.default}']]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)

checkov

Infrastructure as code static analysis

Apache-2.0
Latest version published 23 hours ago

Package Health Score

94 / 100
Full package analysis