Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Issue with lookup values
See original GitHub issueDescribe the bug When i’m using “terraform-aws-modules/autoscaling/aws” looks like encrypted ebs check is false positive
To Reproduce Create file main.tf:
module "asg" {
source = "terraform-aws-modules/autoscaling/aws"
name = "ag-asg"
lc_name = "asg-lc"
image_id = "123"
instance_type = "t2-micro"
associate_public_ip_address = true
ebs_optimized = true
iam_instance_profile = aws_iam_instance_profile.instance-profile.name
key_name = var.aws_key_name
root_block_device = [
{
volume_size = "20"
volume_type = "gp2"
encrypted = true
}
]
# Auto scaling group
vpc_zone_identifier = "zone"
asg_name = "abc"
health_check_type = "EC2"
min_size = 1
max_size = 1
desired_capacity = 1
health_check_grace_period = 600
}
- terraform init
- checkov -d .
You will see:
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
by bridgecrew.io | version: 1.0.324
terraform scan results:
Passed checks: 5, Failed checks: 2, Skipped checks: 0
Check: CKV_AWS_41: "Ensure no hard coded AWS access key and and secret key exists in provider"
PASSED for resource: aws
File: /main.tf:1-3
Check: CKV_AWS_41: "Ensure no hard coded AWS access key and and secret key exists in provider"
PASSED for resource: aws
File: /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/examples/asg_elb/main.tf:1-3
Check: CKV_AWS_41: "Ensure no hard coded AWS access key and and secret key exists in provider"
PASSED for resource: aws
File: /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/examples/asg_inital_lifecycle_hook/main.tf:1-10
Check: CKV_AWS_41: "Ensure no hard coded AWS access key and and secret key exists in provider"
PASSED for resource: aws
File: /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/examples/asg_ec2/main.tf:1-10
Check: CKV_AWS_41: "Ensure no hard coded AWS access key and and secret key exists in provider"
PASSED for resource: aws
File: /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/examples/asg_ec2_external_launch_configuration/main.tf:1-10
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration EBS is securely encrypted "
FAILED for resource: aws_launch_configuration.this
File: /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/main.tf:4-56
4 | resource "aws_launch_configuration" "this" {
5 | count = var.create_lc ? 1 : 0
6 |
7 | name_prefix = "${coalesce(var.lc_name, var.name)}-"
8 | image_id = var.image_id
9 | instance_type = var.instance_type
10 | iam_instance_profile = var.iam_instance_profile
11 | key_name = var.key_name
12 | security_groups = var.security_groups
13 | associate_public_ip_address = var.associate_public_ip_address
14 | user_data = var.user_data
15 | enable_monitoring = var.enable_monitoring
16 | spot_price = var.spot_price
17 | placement_tenancy = var.spot_price == "" ? var.placement_tenancy : ""
18 | ebs_optimized = var.ebs_optimized
19 |
20 | dynamic "ebs_block_device" {
21 | for_each = var.ebs_block_device
22 | content {
23 | delete_on_termination = lookup(ebs_block_device.value, "delete_on_termination", null)
24 | device_name = ebs_block_device.value.device_name
25 | encrypted = lookup(ebs_block_device.value, "encrypted", null)
26 | iops = lookup(ebs_block_device.value, "iops", null)
27 | no_device = lookup(ebs_block_device.value, "no_device", null)
28 | snapshot_id = lookup(ebs_block_device.value, "snapshot_id", null)
29 | volume_size = lookup(ebs_block_device.value, "volume_size", null)
30 | volume_type = lookup(ebs_block_device.value, "volume_type", null)
31 | }
32 | }
33 |
34 | dynamic "ephemeral_block_device" {
35 | for_each = var.ephemeral_block_device
36 | content {
37 | device_name = ephemeral_block_device.value.device_name
38 | virtual_name = ephemeral_block_device.value.virtual_name
39 | }
40 | }
41 |
42 | dynamic "root_block_device" {
43 | for_each = var.root_block_device
44 | content {
45 | delete_on_termination = lookup(root_block_device.value, "delete_on_termination", null)
46 | iops = lookup(root_block_device.value, "iops", null)
47 | volume_size = lookup(root_block_device.value, "volume_size", null)
48 | volume_type = lookup(root_block_device.value, "volume_type", null)
49 | encrypted = lookup(root_block_device.value, "encrypted", null)
50 | }
51 | }
52 |
53 | lifecycle {
54 | create_before_destroy = true
55 | }
56 | }
Variable create_lc (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "True" in expression: count = ${var.create_lc ? 1 : 0}
Variable lc_name (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: name_prefix = ${coalesce(var.lc_name, var.name)}-
Variable image_id (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: image_id = ${var.image_id}
Variable instance_type (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: instance_type = ${var.instance_type}
Variable iam_instance_profile (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: iam_instance_profile = ${var.iam_instance_profile}
Variable key_name (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: key_name = ${var.key_name}
Variable associate_public_ip_address (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "False" in expression: associate_public_ip_address = ${var.associate_public_ip_address}
Variable user_data (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value " " in expression: user_data = ${var.user_data}
Variable enable_monitoring (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "True" in expression: enable_monitoring = ${var.enable_monitoring}
Variable ebs_optimized (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "False" in expression: ebs_optimized = ${var.ebs_optimized}
Variable spot_price (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: spot_price = ${var.spot_price}
Variable spot_price (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "" in expression: placement_tenancy = ${var.spot_price == "" ? var.placement_tenancy : ""}
Variable placement_tenancy (of /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/variables.tf) evaluated to value "default" in expression: placement_tenancy = == "" ? var.placement_tenancy : ""}
Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration EBS is securely encrypted "
FAILED for resource: aws_launch_configuration.this
File: /.terraform/modules/asg/terraform-aws-autoscaling-3.5.0/examples/asg_ec2_external_launch_configuration/main.tf:48-56
48 | resource "aws_launch_configuration" "this" {
49 | name_prefix = "my-launch-configuration-"
50 | image_id = data.aws_ami.amazon_linux.id
51 | instance_type = "t2.micro"
52 |
53 | lifecycle {
54 | create_before_destroy = true
55 | }
56 | }
Expected behavior No errors
Screenshots
Desktop (please complete the following information):
- OS: OSX
- Checkov Version 1.0.324
Issue Analytics
- State:
- Created 3 years ago
- Comments:5
Top Results From Across the Web
How to correct a #N/A error in the VLOOKUP function
Problem : The lookup value is not in the first column in the table_array argument · Consider using INDEX/MATCH instead · Problem: The...
Read more >Excel VLOOKUP not working - fixing #N/A and #VALUE errors
In VLOOKUP formulas, the #N/A error message (meaning "not available") is displayed when Excel cannot find a lookup value.
Read more >Top Reasons Why Your VLOOKUP is Not Working, and How ...
Want to find out why your VLOOKUP is not working? This post will outline some of the most common errors and how to...
Read more >How to Fix Excel VLOOKUP Numbers Problem NA Errors
How to fix Excel VLOOKUP numbers problem if result is NA error. Get free workbook with VLOOKUP examples.
Read more >LOOKUP FUNCTION ANNOYANCES - Excel ... - O'Reilly
LOOKUP FUNCTION ANNOYANCES · LOOK UP VALUES IN DATA LISTS · LOOK UP A VALUE IN ANY COLUMN · CORRECT AN INCORRECT VLOOKUP()...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Looks like the code is checking for explicit values for the parameter ‘encrypted’
encrypted = trueI am now using this
encrypted = var.bastion_data_volume_encryptionand var.bastion_data_volume_encryption evaluates to true.
Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!