temp fix for cmk rotation

Author: cyphronix

aws_sra_examples/terraform/common/s3/main.tf

@@ -8,7 +8,7 @@ resource "aws_s3_bucket" "sra_state_bucket" {
   #checkov:skip=CKV_AWS_18: Ensure the S3 bucket has access logging enabled
   #checkov:skip=CKV2_AWS_62: Ensure S3 buckets should have event notifications enabled
   #checkov:skip=CKV_AWS_144: Ensure that S3 bucket has cross-region replication enabled
-  
+
   bucket        = "${var.sra_state_bucket_prefix}-${data.aws_region.current.name}-${data.aws_caller_identity.current.account_id}"
   force_destroy = true
 
@@ -18,6 +18,7 @@ resource "aws_s3_bucket" "sra_state_bucket" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "sra_state_bucket_see" {
+  #checkov:skip=CKV2_AWS_67: Ensure AWS S3 bucket encrypted with Customer Managed Key (CMK) has regular rotation
   bucket = aws_s3_bucket.sra_state_bucket.id
 
   rule {
@@ -50,4 +51,4 @@ resource "aws_s3_bucket_public_access_block" "sra_state_bucket_public_access_blo
   block_public_policy     = true
   ignore_public_acls      = true
   restrict_public_buckets = true
-}
+}

aws_sra_examples/terraform/solutions/cloudtrail_org/s3/main.tf

@@ -18,6 +18,7 @@ resource "aws_s3_bucket" "org_trail_bucket" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  #checkov:skip=CKV2_AWS_67: Ensure AWS S3 bucket encrypted with Customer Managed Key (CMK) has regular rotation
   bucket = aws_s3_bucket.org_trail_bucket.id
 
   rule {
@@ -144,7 +145,7 @@ resource "aws_s3_bucket_policy" "org_trail_bucket_policy" {
 resource "aws_secretsmanager_secret" "org_trail_s3_bucket_secret" {
   #checkov:skip=CKV_AWS_149: Ensure that Secrets Manager secret is encrypted using KMS CMK
   #checkov:skip=CKV2_AWS_57: Ensure Secrets Manager secrets should have automatic rotation enabled
-  
+
   count = var.sra_secrets_key_alias_arn != "" ? 1 : 0
 
   name        = "sra/cloudtrail_org_s3_bucket"

aws_sra_examples/terraform/solutions/guard_duty/s3/main.tf

@@ -17,6 +17,7 @@ resource "aws_s3_bucket" "guardduty_delivery_bucket" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "guardduty_see" {
+  #checkov:skip=CKV2_AWS_67: Ensure AWS S3 bucket encrypted with Customer Managed Key (CMK) has regular rotation
   bucket = aws_s3_bucket.guardduty_delivery_bucket.id
 
   rule {
@@ -153,4 +154,4 @@ data "aws_iam_policy_document" "guardduty_delivery_bucket_policy" {
       identifiers = ["guardduty.amazonaws.com"]
     }
   }
-}
+}

aws_sra_examples/terraform/solutions/macie/delivery_s3_bucket/main.tf

@@ -18,6 +18,7 @@ resource "aws_s3_bucket" "macie_delivery_s3_bucket" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  #checkov:skip=CKV2_AWS_67: Ensure AWS S3 bucket encrypted with Customer Managed Key (CMK) has regular rotation
   bucket = aws_s3_bucket.macie_delivery_s3_bucket.id
 
   rule {