terrascan
terrascan copied to clipboard
Published
20 hours ago •
tenable
tenable
Local variable not inferred causing failures
- terrascan version: v1.12.0
- Operating System: Mac and Linux
Description
When using a local variable instead of hardcoded value, I get an error. Minimal example
locals {
engine = "redis"
}
resource "aws_elasticache_cluster" "redis" {
engine = local.engine. # Cause error "ElastiCache for Memcached is not in use in AWS PCI DSS environments"
cluster_id = "aa"
}
The following code doesnt code any error:
resource "aws_elasticache_cluster" "redis" {
engine = "redis"
cluster_id = "aa"
}
What I Did
$ terrascan scan -f test.tf
Violation Details -
Description : ElastiCache for Memcached is not in use in AWS PCI DSS environments
File : test.tf
Module Name : root
Line : 6
Severity : HIGH
-----------------------------------------------------------------------
Scan Summary -
File/Folder : /Users/thibault.delor/workspace/graphql-gateway/terraform/environments/modules/redis/test.tf
IaC Type : terraform
Scanned At : 2021-12-21 01:07:28.168827 +0000 UTC
Policies Validated : 3
Violated Policies : 1
Low : 0
Medium : 0
High : 1
On my CI/CD, I use github super linter (which always lint file by file)
