Do not disable CKV_AWS_274 completely

This is generally a good check but we do need to disable it for the IAM role used by Terraform as it does require Administrative permissions to manage AWS resources. Signed-off-by: Thanh Ha <[email protected]>
pytorch · Nov 20, 2024 · a5de365 · a5de365
1 parent de5f0b5
commit a5de365
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/.checkov.yml b/.checkov.yml
@@ -8,7 +8,6 @@ skip-path:
 # Skip INFO and other unresolvable checks
 skip-check:
   - CKV2_AWS_61
-  - CKV_AWS_274
   - CKV_AWS_355
   - CKV_AWS_290
   - CKV_AWS_119

diff --git a/ali/aws/391835788720/us-east-1/iam_policies.tf b/ali/aws/391835788720/us-east-1/iam_policies.tf
@@ -32,6 +32,7 @@ resource "aws_iam_role" "ossci_gha_terraform" {
 
 resource "aws_iam_role_policy_attachment" "ossci_gha_terraform_admin" {
   role       = aws_iam_role.ossci_gha_terraform.name
+  #checkov:skip=CKV_AWS_274:Terraform needs AdministratorAccess to run
   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
 }