Output format using TF planfile with for_each
See original GitHub issueGood day! We faced problem we faced with tool and output. We use Atlantis+Terragrunt+Terraform to deploy infra and wanted to implement checks. But most part of our TF config is based on “for_each” dynamic blocks. So when we make checks checkov -f planfile.json --framework terraform_plan
on JSON planfile we cannot understand where (in what lines of planfile) checkov have found problems:
terraform_plan scan results:
Passed checks: 5, Failed checks: 1, Skipped checks: 0
Check: BC_AWS_IAM_44: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: aws_iam_role.roles
File: /planfile.json:195-218
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: BC_AWS_IAM_45: "Ensure IAM role allows only specific principals in account to assume it"
PASSED for resource: aws_iam_role.roles
File: /planfile.json:195-218
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
Check: BC_AWS_IAM_44: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: aws_iam_role.roles
File: /planfile.json:195-218
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: BC_AWS_IAM_45: "Ensure IAM role allows only specific principals in account to assume it"
PASSED for resource: aws_iam_role.roles
File: /planfile.json:195-218
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
Check: BC_AWS_IAM_44: "Ensure IAM role allows only specific services or principals to assume it"
PASSED for resource: aws_iam_role.roles
File: /planfile.json:195-218
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
Check: BC_AWS_IAM_45: "Ensure IAM role allows only specific principals in account to assume it"
FAILED for resource: aws_iam_role.roles
File: /planfile.json:195-218
Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
It seems that checkov process all for_each resources like one block, and cannot show in what specifically resorce it found problem. At the same time number of run checks corresponds to number of resources. Can output be tuned someway to see in what resource it found problems?
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Terraform For Each Examples - How to use for_each
Let's look at below simple example of Terraform for each. Here we have used terraform null_resource. Create main.tf file with below contents.
Read more >The for_each Meta-Argument - Configuration Language
The value used in for_each is used to identify the resource instance and will always be disclosed in UI output, which is why...
Read more >Terraform Output Values with for_each and for loop
We need to use regular for loop in output values to get the values of a specific attribute or argument from a Resource...
Read more >Building Dynamic Outputs with Terraform Expressions and ...
We know we can define a Terraform module that produces output for another module to use as input. But how can we build...
Read more >Terraform tips & tricks: loops, if-statements, and gotchas
Instead of just deleting the “trinity” IAM user, the plan output is indicating that Terraform wants to rename the “trinity” IAM user to...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@njgibbon Yeah, of coarse
Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!