fix(terraform): Security group attached to aws_mskconnect_connector i…

…s not recognized
bridgecrewio · Oct 17, 2024 · d90d70f · d90d70f
1 parent cbb7316
commit d90d70f
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/checkov/terraform/checks/graph_checks/aws/SGAttachedToResource.yaml b/checkov/terraform/checks/graph_checks/aws/SGAttachedToResource.yaml
@@ -47,6 +47,7 @@ definition:
         - aws_memorydb_cluster
         - aws_mq_broker
         - aws_msk_cluster
+        - aws_mskconnect_connector
         - aws_mwaa_environment
         - aws_neptune_cluster
         - aws_network_interface

diff --git a/tests/terraform/graph/checks/resources/SGAttachedToResource/expected.yaml b/tests/terraform/graph/checks/resources/SGAttachedToResource/expected.yaml
@@ -35,6 +35,7 @@ pass:
   - "aws_security_group.pass_mq"
   - "aws_security_group.pass_mq_broker"
   - "aws_security_group.pass_msk"
+  - "aws_security_group.pass_msk_connect"
   - "aws_security_group.pass_mwaa"
   - "aws_security_group.pass_neptune"
   - "aws_security_group.pass_quicksight"

diff --git a/tests/terraform/graph/checks/resources/SGAttachedToResource/main.tf b/tests/terraform/graph/checks/resources/SGAttachedToResource/main.tf
@@ -694,6 +694,37 @@ resource "aws_msk_cluster" "pass_msk" {
   }
 }
 
+
+# MSK Connect
+
+resource "aws_security_group" "pass_msk_connect" {
+  ingress {
+    description = "TLS from VPC"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_mskconnect_connector" "pass_msk_connect" {
+  connector_configuration    = {}
+  kafkaconnect_version       = "example-version"
+  name                       = "msk-connect"
+  service_execution_role_arn = "aws_iam_role.msk_connect.arn"
+
+  kafka_cluster {
+    apache_kafka_cluster {
+      bootstrap_servers = "bootstrap-servers"
+
+      vpc {
+        security_groups = [aws_security_group.pass_msk_connect.id]
+        subnets         = []
+      }
+    }
+  }
+}
+
 # MWAA
 
 resource "aws_security_group" "pass_mwaa" {