Skip to content

Commit f0d09b9

Browse files
MukeshMukesh
Mukesh
authored and
Mukesh
committed
update
1 parent f6fc385 commit f0d09b9

2 files changed

Lines changed: 31 additions & 12 deletions

File tree

.github/workflows/tflint.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,4 +25,4 @@ jobs:
2525
run: tflint --init
2626

2727
- name: Run TFLint on All Modules
28-
run: tflint --config tflint-config.hcl --chdir=modules/ --recursive
28+
run: tflint --config=tflint-config.hcl --chdir=modules/ --recursive

tflint-config.hcl

Lines changed: 30 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,54 @@
1+
# Enable the AWS plugin for TFLint
12
plugin "aws" {
23
enabled = true
34
source = "github.com/terraform-linters/tflint-ruleset-aws"
4-
version = "0.4.0"
5+
version = "0.24.1"
56
}
67

7-
# Enable built-in AWS rules
8+
# General TFLint settings
9+
config {
10+
recursive = true # Scan all Terraform files in subdirectories
11+
}
12+
13+
# Enable AWS rules to enforce best practices
814
rule "aws_instance_invalid_type" {
915
enabled = true
1016
}
1117

12-
rule "aws_security_group_ingress_cidr_blocks" {
18+
rule "aws_s3_bucket_public_access" {
1319
enabled = true
1420
}
1521

16-
# Custom rule: Ensure S3 Buckets are private
17-
rule "aws_s3_bucket_private" {
22+
rule "aws_security_group_open_ports" {
1823
enabled = true
1924
}
2025

21-
# Custom rule: Ensure tags are always defined
26+
rule "aws_iam_policy_no_wildcard" {
27+
enabled = true
28+
}
29+
30+
# Ensure that security groups do not allow unrestricted access
31+
rule "aws_security_group_ingress_cidr_blocks" {
32+
enabled = true
33+
}
34+
35+
# Enforce required tags for resources
2236
rule "terraform_module_tag_required" {
2337
enabled = true
2438
required_tags = ["Name", "Environment", "Owner"]
2539
}
2640

27-
# Custom rule: Prevent usage of sensitive IAM actions
28-
rule "aws_iam_policy_restricted_actions" {
41+
# Prevent IAM roles from using excessive permissions
42+
rule "aws_iam_role_restricted_permissions" {
2943
enabled = true
3044
restricted_actions = [
31-
"iam:*", # Prevent wildcard permissions
32-
"s3:*", # Prevent full S3 access
33-
"ec2:*" # Prevent full EC2 access
45+
"iam:*",
46+
"s3:*"
3447
]
3548
}
49+
50+
# Ensure EKS clusters use recommended instance types
51+
rule "aws_eks_node_group_instance_types" {
52+
enabled = true
53+
allowed_types = ["t3.medium", "m5.large", "m5.xlarge"]
54+
}

0 commit comments

Comments
 (0)