fix: tfsec violations

lacework · Mar 27, 2023 · a0021bf · a0021bf
1 parent acf7be4
commit a0021bf
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -57,9 +57,18 @@ resource "azurerm_storage_account" "lacework" {
   location                  = var.location
   resource_group_name       = azurerm_resource_group.lacework[0].name
   tags                      = azurerm_resource_group.lacework[0].tags
+  min_tls_version           = "TLS1_2"
   #enable_blob_encryption    = true
-
   allow_nested_items_to_be_public = false
+  queue_properties {
+    logging {
+      delete                = true
+      read                  = true
+      write                 = true
+      version               = "1.0"
+      retention_policy_days = 10
+    }
+  }
 }
 
 resource "azurerm_storage_queue" "lacework" {

diff --git a/scripts/ci_tests.sh b/scripts/ci_tests.sh
@@ -42,9 +42,15 @@ lint_tests() {
   terraform fmt -check
 }
 
+sec_tests() {
+  # TODO: replace with `lacework iac tf-scan tfsec -m MEDIUM`
+  tfsec -m MEDIUM
+}
+
 main() {
   lint_tests
   integration_tests
+  sec_tests
 }
 
 main || exit 99