CCM-8572: tfsec ignore

harrim91 · harrim91 · commit b12c7c5e2ad7 · 2025-03-25T17:39:26.000Z
diff --git a/infrastructure/terraform/modules/backend-api/iam_role_guardduty.tf b/infrastructure/terraform/modules/backend-api/iam_role_guardduty.tf
@@ -34,6 +34,7 @@ data "aws_iam_policy_document" "guardduty_assumerole" {
   }
 }
 
+#tfsec:ignore:aws-iam-no-policy-wildcards
 data "aws_iam_policy_document" "guardduty" {
   statement {
     sid    = "AllowManagedRuleToSendS3EventsToGuardDuty"
@@ -79,7 +80,6 @@ data "aws_iam_policy_document" "guardduty" {
     ]
 
     resources = [
-      #tfsec:ignore:aws-iam-no-policy-wildcards
       "${module.s3bucket_quarantine.arn}/*"
     ]
   }
@@ -126,7 +126,6 @@ data "aws_iam_policy_document" "guardduty" {
     ]
 
     resources = [
-      #tfsec:ignore:aws-iam-no-policy-wildcards
       "${module.s3bucket_quarantine.arn}/*"
     ]
   }

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ data "aws_iam_policy_document" "guardduty_assumerole" {`
`34`	`34`	`}`
`35`	`35`	`}`
`36`	`36`
	`37`	`+#tfsec:ignore:aws-iam-no-policy-wildcards`
`37`	`38`	`data "aws_iam_policy_document" "guardduty" {`
`38`	`39`	`statement {`
`39`	`40`	`sid = "AllowManagedRuleToSendS3EventsToGuardDuty"`
`@@ -79,7 +80,6 @@ data "aws_iam_policy_document" "guardduty" {`
`79`	`80`	`]`
`80`	`81`
`81`	`82`	`resources = [`
`82`		`- #tfsec:ignore:aws-iam-no-policy-wildcards`
`83`	`83`	`"${module.s3bucket_quarantine.arn}/*"`
`84`	`84`	`]`
`85`	`85`	`}`
`@@ -126,7 +126,6 @@ data "aws_iam_policy_document" "guardduty" {`
`126`	`126`	`]`
`127`	`127`
`128`	`128`	`resources = [`
`129`		`- #tfsec:ignore:aws-iam-no-policy-wildcards`
`130`	`129`	`"${module.s3bucket_quarantine.arn}/*"`
`131`	`130`	`]`
`132`	`131`	`}`