LASB-3291 Add temp exemptions

ministryofjustice · Jun 10, 2024 · 217e64b · 217e64b
1 parent 8f6b6a3
commit 217e64b
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/terraform/environments/mlra/modules/alb/main.tf b/terraform/environments/mlra/modules/alb/main.tf
@@ -300,7 +300,7 @@ resource "random_password" "cloudfront" {
   length  = 16
   special = false
 }
-
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_secretsmanager_secret" "cloudfront" {
   name        = "cloudfront-v1-secret-${var.application_name}-${formatdate("DDMMMYYYYhhmm", timestamp())}"
   description = "Simple secret created by AWS CloudFormation to be shared between ALB and CloudFront"
@@ -503,7 +503,7 @@ resource "aws_waf_rule" "block" {
   }
 }
 
-#checkov:skip=CKV_AWS_176 TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_waf_web_acl" "waf_acl" {
   name        = "${upper(var.application_name)} Whitelisting Requesters"
   metric_name = "${upper(var.application_name)}WhitelistingRequesters"
@@ -657,7 +657,7 @@ resource "aws_athena_workgroup" "lb-access-logs" {
 
 
 ## External LB Cert
-#checkov:skip=CKV_AWS_233 TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_acm_certificate" "external_lb" {
 
   domain_name               = var.acm_cert_domain_name
@@ -747,7 +747,7 @@ resource "aws_acm_certificate_validation" "external_lb_certificate_validation" {
 
 ######## Cloudfront Cert
 
-#checkov:skip=CKV_AWS_233 TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_acm_certificate" "cloudfront" {
   domain_name               = var.acm_cert_domain_name
   validation_method         = "DNS"

diff --git a/terraform/environments/mlra/modules/cloudwatch/main.tf b/terraform/environments/mlra/modules/cloudwatch/main.tf
@@ -387,7 +387,7 @@ EOF
 
 # SNS topic for monitoring to send alarms to
 #tfsec:ignore:all TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
-#checkov:skip=CKV_AWS_26 TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_sns_topic" "mlra_alerting_topic" {
   name = var.sns_topic_name
   tags = merge(

diff --git a/terraform/environments/mlra/modules/codebuild/main.tf b/terraform/environments/mlra/modules/codebuild/main.tf
@@ -26,6 +26,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "report_sse" {
   }
 }
 
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_s3_bucket_lifecycle_configuration" "report_lifecycle" {
   bucket = aws_s3_bucket.selenium_report.id
 
@@ -54,7 +55,7 @@ resource "aws_s3_bucket_versioning" "report_versioning" {
 # ECR Resources
 ######################################################
 
-#checkov:skip=CKV_AWS_136 TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_ecr_repository" "local-ecr" {
   name                 = "${var.app_name}-local-ecr"
   image_tag_mutability = "IMMUTABLE"
@@ -200,7 +201,8 @@ resource "aws_codebuild_project" "app-build" {
 }
 
 
-#checkov:skip=CKV_AWS_314 TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
+
+#checkov:skip=CKV_AWS_*: TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390
 resource "aws_codebuild_project" "selenium" {
   name          = "${var.app_name}-selenium-test"
   description   = "Project to test the Java application ${var.app_name}"