False Positive check with json plan file CKV2_AWS_11

[NevoWeksler]

Describe the issue Check Id: CKV2_AWS_11 There is a false positive (the check is failing when in reality the VPC flow logs are enabled) the main.tf file refers to aws_vpc module. the code attached is of the json plan file. changed to txt to upload the file because json is not supported here.

Examples plan_file.txt

Version (please complete the following information):

• Checkov Version 2.2.30

Additional context also tested on my local machine using the command: checkov -f ./plan_file.json -c CKV2_AWS_11 --quiet the outcome:

[gruebel]

hey @NevoWeksler thanks for reaching out. This is well-known bug and happens, if you use the same module twice. The connection mapping gets messed up and all the similar connections are targeting just one resource, that's why you see one error, even deploying 2 VPCs with flow logs enabled.

[NevoWeksler]

H, @gruebel thanks for the quick reply, do you have a workaround by any chance? as i am blocking deployment of TF in my env because of those types of things.

[dzirg44]

Have the same issue , but what I noticed, that I have this error only when I specify log destination.

[stale[bot]]

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!

[stale[bot]]

Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!