checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

CKV_AWS_157 False Positive on Aurora

Open enzowritescode opened this issue 2 years ago • 3 comments

Describe the issue CKV_AWS_157 fails on Aurora instances even though the MultiAZ property is not applicable to Aurora

Examples

RDSinstance:
    Type: AWS::RDS::DBInstance
    Properties:
      DBClusterIdentifier: !Ref DBCluster
      DBInstanceClass: !Ref DbType
      DBInstanceIdentifier: !Sub ${AppName}-${EnvironmentName}
      DBParameterGroupName: !Ref DbParameterGroup
      DBSubnetGroupName: !Ref DBSubnetGroup
      Engine: aurora-mysql
      MonitoringInterval: "60"
      MonitoringRoleArn: !GetAtt RdsMonitoringRole.Arn
      PubliclyAccessible: 'false'

Version (please complete the following information):

  • Checkov Version 2.2.270

Additional context

  • AWS docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-multiaz
Screenshot 2023-01-19 at 1 25 49 PM

enzowritescode avatar Jan 19 '23 20:01 enzowritescode

hey @enzowritescode thanks for reaching out. Yeah, you are right. Are you interested in contributing the needed change?

gruebel avatar Jan 20 '23 11:01 gruebel

@gruebel I'm down.

enzowritescode avatar Jan 20 '23 15:01 enzowritescode

@gruebel i'm having a ton of issues building locally so I can run the tests. Aside from confirming the tests I think it's ready.

enzowritescode avatar Jan 23 '23 18:01 enzowritescode