dataall icon indicating copy to clipboard operation
dataall copied to clipboard

Published 20 hours ago verified publisher icon data-dot-all

Enable encryption for environment variables in lambdas - cont

Open mourya-33 opened this issue 8 months ago • 1 comments

Describe the bug

The lambda environment variables are not encrypted. This is flagged by checkov as failures

Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource: AWS::Lambda::Function.TriggerFunctiondbmigrationshandlerhandler8A64572A File: /assembly-dataall-main-cicd-stack-dataall-sandbox-backend-stage/dataallmaincicdstackdataallsandboxbackendstagebackendstackDbMigrations80B1C3E5.nested.template.json:378-452 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource: AWS::Lambda::Function.CognitoParamsSyncHandlersandbox22A17F25 File: /assembly-dataall-main-cicd-stack-dataall-sandbox-backend-stage/dataallmaincicdstackdataallsandboxbackendstagebackendstackCognito0421C128.nested.template.json:589-648 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource: AWS::Lambda::Function.CognitoProvidersandboxframeworkonEventE89AB8F9 File: /assembly-dataall-main-cicd-stack-dataall-sandbox-backend-stage/dataallmaincicdstackdataallsandboxbackendstagebackendstackCognito0421C128.nested.template.json:734-778 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource: AWS::Lambda::Function.TriggerFunctionsavepermshandlerhandlerDA90B406 File: /assembly-dataall-main-cicd-stack-dataall-sandbox-backend-stage/dataallmaincicdstackdataallsandboxbackendstagebackendstackSavePermsBAF6E160.nested.template.json:378-452 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5

How to Reproduce

run checkov scan on the the cdk.out directory after cdk synth

Expected behavior

Once the env variables are encrypted, the checkov scans for the above exceptions should succeed.

Your project

No response

Screenshots

No response

OS

Mac

Python version

3.10

AWS data.all version

2.5

Additional context

Ref ticket where this issue was previously addressed for other lambdas: https://github.com/data-dot-all/dataall/issues/1201

mourya-33 avatar Jun 07 '24 04:06 mourya-33