Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Dynamic block for Terraform AWS ALB access_logs
See original GitHub issueDescribe the bug When using dynamic blocks to enable access_logs for AWS ALB checkov is marking the check CKV_AWS_91 as failed.
To Reproduce Steps to reproduce the behavior:
- Surround access_log bock with “dynamic”
- Run checkov
- Test for CKV_AWS_91 will fail
Expected behavior Test for CKV_AWS_91 will pass
Desktop (please complete the following information):
- OS: MacOs Big Sur
- Checkov Version [1.0.675]
Additional context
dynamic "access_logs" {
for_each = module.s3_bucket
content {
bucket = access_logs.value.bucket.id
prefix = "${var.environment}-public"
enabled = true
}
}
Issue Analytics
- State:
- Created 3 years ago
- Comments:10 (5 by maintainers)
Top Results From Across the Web
AWS ALB Access Logs Dynamic Block Fails Plan Correctly
We are utilizing a Module with an ALB which exposes the ability to add access_logs based upon a variable. To populate the parameters...
Read more >aws_lb | Resources | hashicorp/aws - Terraform Registry
access_logs - (Optional) An Access Logs block. Access Logs documented below. subnets - (Optional) A list of subnet IDs to attach to the...
Read more >Is it possible to turn the access_logs block on and off via the ...
One way to achieve this with TF 0.12 onwards is to use dynamic blocks: dynamic "access_logs" { for_each = var.environment_name ...
Read more >Dynamic Blocks - Configuration Language | Terraform
Dynamic blocks automatically construct multi-level, nested block structures. Learn to configure dynamic blocks and understand their behavior.
Read more >Terraform Dynamic Blocks with Examples - CloudBolt Software
The below code shows one way of deploying multiple subnets within a VPC in AWS using the for_each meta-argument. # VPC variable variable...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@tronxd had an idea on how to solve a similar issue. @tronxd @nimrodkor let’s talk somewhere this week. Maybe I can take this one.
Looks like Checkov doesn’t work at all with dynamic bocks, not just the one in this example. Could someone please confirm?