0

So I have a terraform module for Azure Key Vault and within that tf code, I also create a Private Endpoint...

resource "azurerm_key_vault" "kv" {
   ...
   ...
}

module "pep" {
   source = "git::https://blah.com/pep"
}

I want to create my own custom checkov yaml plan to ensure that the kv resource is creating the module, where should I be doing this? I have it in the private endpoint module but I would like to have one in the kv module. If possible, how do I create my checkov test?

Currently in my PEP module, my checkov plan is as follows:

---
metadata:
  name: "Ensure that the private endpoint is created"
  id: "CKV2_AZPEP_1"
  category: "GENERAL_SECURITY"
definition:
  and:
    - cond_type: "attribute"
      resource_types:
      - "azurerm_private_endpoint"
      attribute: "name"
      operator: regex_match
      value: "^[a-z]+\\d$"
    - cond_type: "attribute"
      resource_types:
      - "azurerm_private_endpoint"
      attribute: "name"
      operator: starting_with
      value: "pep"
Nerd in Training
  • 2,098
  • 1
  • 22
  • 44

0 Answers0