Do not disable CKV_AWS_28 completely (#304)

This check is generally useful as a reminder to setup backups. However the DynamoDB used by ALI is only a cache so does not need to be backed up in this case. This change re-enables the check however disables it for this specific instance. Signed-off-by: Thanh Ha <[email protected]>
pytorch · Nov 20, 2024 · 421236e · 421236e
1 parent b1d0641
commit 421236e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/.checkov.yml b/.checkov.yml
@@ -17,7 +17,6 @@ skip-check:
   - CKV_AWS_145
   - CKV_AWS_144
   - CKV2_AWS_16
-  - CKV_AWS_28
 
 # Configure Checkov's log level (useful for debugging)
 # log-level: DEBUG  # Available options: DEBUG, INFO, WARN, ERROR
diff --git a/modules/backend-state/dynamo.tf b/modules/backend-state/dynamo.tf
@@ -1,4 +1,5 @@
 resource "aws_dynamodb_table" "terraform_state_lock" {
+  #checkov:skip=CKV_AWS_28:ALI uses this as a cache and does not need backup
   count =  data.external.terraform_state_bucket_exists.result.exists == "true" ? 0 : 1
   name           = "${var.dynamo_table_name}-${var.project}-${var.environment}"
   read_capacity  = 1
@@ -9,4 +10,4 @@ resource "aws_dynamodb_table" "terraform_state_lock" {
     name = "LockID"
     type = "S"
   }
-}
+}