Closed
Description
If there is no cluster for the database instances, they are added to an empty cluster that we don't have to check.
Discussed in #7894
Originally posted by camobrie-ukhsa November 8, 2024
IDs
AVD-AWS-0343
Description
AVD-AWS-0343 triggers for Terraform resource "aws_rds_cluster_instance". Also, trying to ignore the finding for the resource does not work
Reproduction Steps
1.Create a resource such as
resource "aws_rds_cluster_instance" "example" {
cluster_identifier = redacted
instance_class = "redacted"
availability_zone = var.redacted
engine = redacted.engine
engine_version = redacted.engine_version
}
2. Run trivy config . on file
3.Output is:
Tests: 1 (SUCCESSES: 0, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
AVD-AWS-0343 (MEDIUM): Cluster does not have Deletion Protection enabled
══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure deletion protection is enabled for RDS clusters.
See https://avd.aquasec.com/misconfig/avd-aws-0343
────────────────────────────────────────────────────────Target
AWS
Scanner
Misconfiguration
Target OS
na
Debug Output
N/A, private sourceVersion
Version: 0.57.0
Vulnerability DB:
Version: 2
UpdatedAt: 2024-11-08 06:17:22.236878087 +0000 UTC
NextUpdate: 2024-11-09 06:17:22.236877697 +0000 UTC
DownloadedAt: 2024-11-08 12:12:57.520835 +0000 UTC
Check Bundle:
Digest: sha256:9cc30e6eb1c0dc0b4a4791b61c3dbff8799d08daeac893c08317e7b054ecab14
DownloadedAt: 2024-11-08 12:11:37.754425 +0000 UTCChecklist
- Read the documentation regarding wrong detection
- Ran Trivy with
-f jsonthat shows data sources and confirmed that the security advisory in data sources was correct
Metadata
Metadata
Assignees
Type
Projects
Status
No status