Skip to content

Commit

Permalink
trivy ignore at resource level
Browse files Browse the repository at this point in the history
  • Loading branch information
@richgreen-moj
richgreen-moj committed Oct 15, 2024
1 parent 5e305bc commit a2f39f0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
1 change: 0 additions & 1 deletion terraform/environments/core-vpc/vpc.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,6 @@ module "vpc" {
tags_prefix = each.key
}

#trivy:ignore:AVD-AWS-0102:All ports open by design https://user-guide.modernisation-platform.service.justice.gov.uk/concepts/networking/subnet-nacls.html#all-subnets-data-private-public
module "vpc_nacls" {
source = "../../modules/vpc-nacls"
for_each = local.vpcs[terraform.workspace]
Expand Down
3 changes: 3 additions & 0 deletions terraform/modules/vpc-nacls/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ resource "aws_network_acl" "protected" {
resource "aws_network_acl_rule" "data_subnet_static_rules" {
#checkov:skip=CKV_AWS_352:Verified - these rules are reasonable
#checkov:skip=CKV_AWS_231:Allow ingress from 0.0.0.0:0 to port 3389 required
#trivy:ignore:AVD-AWS-0102:All ports open by design https://user-guide.modernisation-platform.service.justice.gov.uk/concepts/networking/subnet-nacls.html#all-subnets-data-private-public
for_each = local.static_acl_rules
cidr_block = each.value.cidr_block
egress = each.value.egress
Expand All @@ -54,6 +55,7 @@ resource "aws_network_acl_rule" "data_subnet_static_rules" {
resource "aws_network_acl_rule" "private_subnet_static_rules" {
#checkov:skip=CKV_AWS_352:Verified - these rules are reasonable
#checkov:skip=CKV_AWS_231:Allow ingress from 0.0.0.0:0 to port 3389 required
#trivy:ignore:AVD-AWS-0102:All ports open by design https://user-guide.modernisation-platform.service.justice.gov.uk/concepts/networking/subnet-nacls.html#all-subnets-data-private-public
for_each = local.static_acl_rules
cidr_block = each.value.cidr_block
egress = each.value.egress
Expand Down Expand Up @@ -83,6 +85,7 @@ resource "aws_network_acl_rule" "public_subnet_static_rules" {
#tfsec:ignore:aws-vpc-no-excessive-port-access tfsec:ignore:aws-ec2-no-public-ingress-acl
resource "aws_network_acl_rule" "public_subnet_internet_access_rules" {
#checkov:skip=CKV_AWS_231:Verified - these rules are reasonable
#trivy:ignore:AVD-AWS-0102:All ports open by design https://user-guide.modernisation-platform.service.justice.gov.uk/concepts/networking/subnet-nacls.html#all-subnets-data-private-public
for_each = local.public_access_acl_rules
cidr_block = each.value.cidr_block
egress = each.value.egress
Expand Down

0 comments on commit a2f39f0

Please sign in to comment.