-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtfsec.yaml
13 lines (13 loc) · 987 Bytes
/
tfsec.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
exclude:
- aws-iam-no-policy-wildcards # Wildcards required in addon IAM policies
- aws-vpc-no-excessive-port-access # VPC settings left up to user implementation for recommended practices
- aws-vpc-no-public-ingress-acl # VPC settings left up to user implementation for recommended practices
- aws-eks-no-public-cluster-access-to-cidr # Public access enabled for better example usability, users are recommended to disable if possible
- aws-eks-no-public-cluster-access # Public access enabled for better example usability, users are recommended to disable if possible
- aws-eks-encrypt-secrets # Module defaults to encrypting secrets with CMK, but this is not hardcoded and therefore a spurious error
- aws-vpc-no-public-egress-sgr # Added in v1.22
- aws-ec2-no-public-egress-sgr
- aws-ec2-no-public-ingress-sgr
- aws-ec2-enforce-http-token-imds
- aws-ec2-no-public-ip-subnet # VPN IP
- aws-ec2-require-vpc-flow-logs-for-all-vpcs # disabled flow logs by default