Merge pull request #479 from mdr-engineering/feature/jc_MSOCI-2182_tfsec_Ignore_aws-vpc-no-public-ingress-sgr

Baseline tfsec ignore:aws-vpc-no-public-ingress-sgr

base/nessus/instance_nessus_manager/securitygroup-server.tf

@@ -51,7 +51,7 @@ resource "aws_security_group_rule" "http-in-external-c2-users" {
   from_port         = 8834
   to_port           = 8834
   protocol          = "tcp"
-  cidr_blocks       = each.value.cidr_blocks
+  cidr_blocks       = each.value.cidr_blocks #tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally allow inbound
   security_group_id = aws_security_group.nessus_manager.id
 }
 

base/repo_server/lb.tf

@@ -70,7 +70,7 @@ resource "aws_security_group_rule" "alb-http-in-external-c2-users" {
   from_port         = 80
   to_port           = 80
   protocol          = "tcp"
-  cidr_blocks       = each.value.cidr_blocks
+  cidr_blocks       = each.value.cidr_blocks #tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally allow inbound
   security_group_id = module.elb.extra_security_group_ids[0]
 }
 
@@ -82,6 +82,6 @@ resource "aws_security_group_rule" "https-in-external-c2-users" {
   from_port         = 443
   to_port           = 443
   protocol          = "tcp"
-  cidr_blocks       = each.value.cidr_blocks
+  cidr_blocks       = each.value.cidr_blocks #tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally allow inbound
   security_group_id = module.elb.extra_security_group_ids[1]
 }

base/salt_master/main.tf

@@ -265,7 +265,7 @@ resource "aws_security_group_rule" "saltstack-external-ips" {
   from_port         = "4505"
   to_port           = "4506"
   protocol          = "tcp"
-  cidr_blocks       = each.value.cidr_blocks
+  cidr_blocks       = each.value.cidr_blocks #tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally allow inbound
   security_group_id = aws_security_group.salt_master_security_group.id
 }
 

base/sensu/elb.tf

@@ -65,6 +65,6 @@ resource "aws_security_group_rule" "sensu-external-ips" {
   from_port         = 443
   to_port           = 443
   protocol          = "tcp"
-  cidr_blocks       = each.value.cidr_blocks
+  cidr_blocks       = each.value.cidr_blocks #tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally allow inbound
   security_group_id = module.elb.security_group_id
 }