From 7385045ae99d387ca4dfce9111e2c6db423ba690 Mon Sep 17 00:00:00 2001 From: "prisma-cloud-devsecops[bot]" <89982750+prisma-cloud-devsecops[bot]@users.noreply.github.com> Date: Tue, 9 May 2023 10:18:24 +0000 Subject: [PATCH] Prisma Cloud [bot] commented --- eks.yaml | 94 ++++++++++++++++++++++++++++++++++++ example/main.tf | 5 ++ image_example/ecs2.tf | 5 ++ image_example/ecs_openssl.tf | 5 ++ main.tf | 32 +++++++++--- 5 files changed, 135 insertions(+), 6 deletions(-) diff --git a/eks.yaml b/eks.yaml index 422c6d61..d4ed2ce4 100644 --- a/eks.yaml +++ b/eks.yaml @@ -56,6 +56,13 @@ Resources: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy - arn:aws:iam::aws:policy/AmazonEKSServicePolicy + Tags: + - Key: yor_trace + Value: cd0acf1d-0d4d-4cce-89d6-cd22f2a9e368 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac VPC: Type: AWS::EC2::VPC Properties: @@ -65,12 +72,24 @@ Resources: Tags: - Key: Name Value: !Sub '${AWS::StackName}-VPC' + - Key: yor_trace + Value: 20d8e2e7-cdc7-4e66-a680-4fafdd252b16 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac InternetGateway: Type: "AWS::EC2::InternetGateway" Properties: Tags: - Key: Name Value: !Sub '${AWS::StackName}-Internet Gateway' + - Key: yor_trace + Value: a09ef949-63c6-4446-9382-2cda44a15a60 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac VPCGatewayAttachment: Type: "AWS::EC2::VPCGatewayAttachment" Properties: @@ -85,6 +104,12 @@ Resources: Value: Public Subnets - Key: Network Value: Public + - Key: yor_trace + Value: 5cd7690e-7697-4c41-924d-5cd224b80ef9 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PrivateRouteTable01: Type: AWS::EC2::RouteTable Properties: @@ -94,6 +119,12 @@ Resources: Value: Private Subnet AZ1 - Key: Network Value: Private01 + - Key: git_org + Value: try-panwiac + - Key: yor_trace + Value: 37cda50e-16ca-4c74-a93f-d17249a24f98 + - Key: git_repo + Value: supplygoat PrivateRouteTable02: Type: AWS::EC2::RouteTable Properties: @@ -103,6 +134,12 @@ Resources: Value: Private Subnet AZ2 - Key: Network Value: Private02 + - Key: yor_trace + Value: c177c78c-5d7b-47bb-bdaf-9589fe830a67 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PublicRoute: DependsOn: - VPCGatewayAttachment @@ -141,6 +178,12 @@ Resources: Tags: - Key: Name Value: !Sub '${AWS::StackName}-NatGatewayAZ1' + - Key: yor_trace + Value: 7e821585-4886-4fd5-9da5-84a748331338 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac NatGateway02: DependsOn: - NatGatewayEIP2 @@ -153,18 +196,38 @@ Resources: Tags: - Key: Name Value: !Sub '${AWS::StackName}-NatGatewayAZ2' + - Key: yor_trace + Value: f648a9ec-01e3-4c2b-9052-7737b22852f3 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac NatGatewayEIP1: DependsOn: - VPCGatewayAttachment Type: 'AWS::EC2::EIP' Properties: Domain: vpc + Tags: + - Key: yor_trace + Value: 60ad62ca-c2c6-4a65-8446-141b03643d6d + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac NatGatewayEIP2: DependsOn: - VPCGatewayAttachment Type: 'AWS::EC2::EIP' Properties: Domain: vpc + Tags: + - Key: yor_trace + Value: 87ed9523-c08d-4f9f-9f2a-47724cac401c + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PublicSubnet01: Type: AWS::EC2::Subnet Metadata: @@ -182,6 +245,12 @@ Resources: Tags: - Key: Name Value: !Sub "${AWS::StackName}-PublicSubnet01" + - Key: yor_trace + Value: e62931c8-c6fb-4a9c-a7b2-feccd896f4c9 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PublicSubnet02: Type: AWS::EC2::Subnet Metadata: @@ -199,6 +268,12 @@ Resources: Tags: - Key: Name Value: !Sub "${AWS::StackName}-PublicSubnet02" + - Key: yor_trace + Value: a9ecd37e-3f85-4700-9a59-7c3f42a93d3a + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PrivateSubnet01: Type: AWS::EC2::Subnet Metadata: @@ -218,6 +293,12 @@ Resources: Value: !Sub "${AWS::StackName}-PrivateSubnet01" - Key: "kubernetes.io/role/internal-elb" Value: "1" + - Key: yor_trace + Value: cc1c990f-a592-4263-bcc5-8c7cefcb81a6 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PrivateSubnet02: Type: AWS::EC2::Subnet Metadata: @@ -237,6 +318,12 @@ Resources: Value: !Sub "${AWS::StackName}-PrivateSubnet02" - Key: "kubernetes.io/role/internal-elb" Value: "1" + - Key: yor_trace + Value: 4d2ee18f-fb6e-4f0c-ad31-93098bf00939 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac PublicSubnet01RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: @@ -262,6 +349,13 @@ Resources: Properties: GroupDescription: Cluster communication with worker nodes VpcId: !Ref VPC + Tags: + - Key: yor_trace + Value: 7b1cc8c1-0742-403b-aaec-cd9f98bc36b2 + - Key: git_repo + Value: supplygoat + - Key: git_org + Value: try-panwiac EKSCluster: Type: AWS::EKS::Cluster Properties: diff --git a/example/main.tf b/example/main.tf index 7dcc3925..1b6a1247 100644 --- a/example/main.tf +++ b/example/main.tf @@ -8,5 +8,10 @@ resource "aws_security_group" "example" { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } + tags = { + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "94073565-feca-42e0-a832-cb9a20fde69f" + } } diff --git a/image_example/ecs2.tf b/image_example/ecs2.tf index 6a8ac9cb..b6444e16 100644 --- a/image_example/ecs2.tf +++ b/image_example/ecs2.tf @@ -15,4 +15,9 @@ resource "aws_ecs_task_definition" "service" { ] } ]) + tags = { + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "18e106a7-cfb1-42eb-900e-489fbffafb54" + } } diff --git a/image_example/ecs_openssl.tf b/image_example/ecs_openssl.tf index 5c7926fd..3e7f9ea9 100644 --- a/image_example/ecs_openssl.tf +++ b/image_example/ecs_openssl.tf @@ -15,4 +15,9 @@ resource "aws_ecs_task_definition" "service" { ] } ]) + tags = { + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "e00ec269-0fa7-4e3e-a1a3-5e4acd3c887d" + } } diff --git a/main.tf b/main.tf index e1e89cc3..5543b05b 100644 --- a/main.tf +++ b/main.tf @@ -3,24 +3,30 @@ resource "aws_s3_bucket" "data" { # bucket is not encrypted # bucket does not have access logs # bucket does not have versioning - bucket = "${local.resource_prefix.value}-data" - region = "us-west-2" - acl = "public-read" + bucket = "${local.resource_prefix.value}-data" + region = "us-west-2" + acl = "public-read" #force_destroy = true tags = { Name = "${local.resource_prefix.value}-data" Environment = local.resource_prefix.value + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "fe98c0dd-b25c-4719-a501-f647611ba2a4" } } resource "aws_s3_bucket_object" "data_object" { bucket = aws_s3_bucket.data.id - region = "us-west-2" + region = "us-west-2" key = "customer-master.xlsx" source = "resources/customer-master.xlsx" tags = { Name = "${local.resource_prefix.value}-customer-master" Environment = local.resource_prefix.value + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "52b43efa-c7c6-461d-a5fa-baf0fbaa37aa" } } @@ -35,6 +41,9 @@ resource "aws_s3_bucket" "financials" { tags = { Name = "${local.resource_prefix.value}-financials" Environment = local.resource_prefix.value + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "c7b7d77a-8f7c-4da0-b4b0-5ae4fe1db74a" } } @@ -43,7 +52,7 @@ resource "aws_s3_bucket" "operations" { # bucket is not encrypted # bucket does not have access logs bucket = "${local.resource_prefix.value}-operations" - region = "us-west-2" + region = "us-west-2" acl = "private" versioning { enabled = true @@ -52,6 +61,9 @@ resource "aws_s3_bucket" "operations" { tags = { Name = "${local.resource_prefix.value}-operations" Environment = local.resource_prefix.value + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "d72d39a8-75e1-4fdb-a452-e64fdb530cd6" } } @@ -59,7 +71,7 @@ resource "aws_s3_bucket" "operations" { resource "aws_s3_bucket" "data_science" { # bucket is not encrypted bucket = "${local.resource_prefix.value}-data-science" - region = "us-west-2" + region = "us-west-2" acl = "private" versioning { enabled = true @@ -69,6 +81,11 @@ resource "aws_s3_bucket" "data_science" { target_prefix = "log/" } force_destroy = true + tags = { + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "ed3d82a0-0291-4b29-9946-0b1348f8b22a" + } } resource "aws_s3_bucket" "logs" { @@ -90,5 +107,8 @@ resource "aws_s3_bucket" "logs" { tags = { Name = "${local.resource_prefix.value}-logs" Environment = local.resource_prefix.value + git_org = "try-panwiac" + git_repo = "supplygoat" + yor_trace = "78e5de4a-d7ae-41bf-91ca-092ecd2b2aa2" } }