This repository was archived by the owner on Mar 30, 2026. It is now read-only.
feat: Add platform-cx-s3-to-sqs module #132
cq-botterraform.yml
on: pull_request
Discover Modules and Examples
5s
Matrix: Validate Examples
Matrix: Validate Modules
Annotations
24 warnings
|
[LOW] IAM Access Analyzer Not Enabled:
platform-cx-s3-to-sqs/modules/iam-role-for-serviceaccount/main.tf#L8
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/modules/iam-role-for-serviceaccount/main.tf#L170
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/modules/iam-role-for-serviceaccount/main.tf#L143
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/modules/iam-role-for-serviceaccount/main.tf#L21
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[LOW] IAM Access Analyzer Not Enabled:
platform-cx-s3-to-sqs/examples/cloudquery-integration/main.tf#L8
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
|
[LOW] IAM Access Analyzer Not Enabled:
platform-cx-s3-to-sqs/examples/dual-inegration/main.tf#L5
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
|
[LOW] IAM Access Analyzer Not Enabled:
platform-cx-s3-to-sqs/modules/iam-role-for-serviceaccount/main.tf#L8
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
|
[LOW] IAM Access Analyzer Not Enabled:
platform-cx-s3-to-sqs/main.tf#L22
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/main.tf#L313
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/main.tf#L171
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/main.tf#L37
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/modules/iam-role-for-serviceaccount/main.tf#L143
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/main.tf#L268
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[INFO] Resource Not Using Tags:
platform-cx-s3-to-sqs/main.tf#L58
AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'
|
|
[MEDIUM] CloudWatch Logging Disabled:
clickhouse/dns.tf#L1
Check if CloudWatch logging is disabled for Route53 hosted zones
|
|
[MEDIUM] EBS Volume Encryption Disabled:
clickhouse/ebs.tf#L18
EBS volumes should be encrypted
|
|
[MEDIUM] EBS Volume Encryption Disabled:
clickhouse/ebs.tf#L1
EBS volumes should be encrypted
|
|
[MEDIUM] S3 Bucket Logging Disabled:
clickhouse/s3.tf#L205
Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
|
|
[MEDIUM] Secretsmanager Secret Without KMS:
clickhouse/certificates.tf#L117
AWS Secretmanager should use AWS KMS customer master key (CMK) to encrypt the secret values in the versions stored in the secret
|
|
[MEDIUM] Secretsmanager Secret Without KMS:
clickhouse/users.tf#L14
AWS Secretmanager should use AWS KMS customer master key (CMK) to encrypt the secret values in the versions stored in the secret
|
|
[MEDIUM] Secretsmanager Secret Without KMS:
clickhouse/certificates.tf#L29
AWS Secretmanager should use AWS KMS customer master key (CMK) to encrypt the secret values in the versions stored in the secret
|
|
[MEDIUM] VPC Subnet Assigns Public IP:
clickhouse/main.tf#L1
VPC Subnet should not assign public IP
|
|
[LOW] ALB Deletion Protection Disabled:
clickhouse/nlb.tf#L9
Application Load Balancer should have deletion protection enabled
|
|
[LOW] IAM Access Analyzer Not Enabled:
clickhouse/dns.tf#L1
IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
|