From a5de36506732e4413d1289c838e697b4f50b808e Mon Sep 17 00:00:00 2001
From: Thanh Ha <thanh.ha@linuxfoundation.org>
Date: Wed, 20 Nov 2024 15:02:29 -0500
Subject: [PATCH] Do not disable CKV_AWS_274 completely

This is generally a good check but we do need to disable it for the
IAM role used by Terraform as it does require Administrative
permissions to manage AWS resources.

Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
---
 .checkov.yml                                   | 1 -
 ali/aws/391835788720/us-east-1/iam_policies.tf | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/.checkov.yml b/.checkov.yml
index 50612dd..c770ad7 100644
--- a/.checkov.yml
+++ b/.checkov.yml
@@ -8,7 +8,6 @@ skip-path:
 # Skip INFO and other unresolvable checks
 skip-check:
   - CKV2_AWS_61
-  - CKV_AWS_274
   - CKV_AWS_355
   - CKV_AWS_290
   - CKV_AWS_119
diff --git a/ali/aws/391835788720/us-east-1/iam_policies.tf b/ali/aws/391835788720/us-east-1/iam_policies.tf
index 1862426..e8943d4 100644
--- a/ali/aws/391835788720/us-east-1/iam_policies.tf
+++ b/ali/aws/391835788720/us-east-1/iam_policies.tf
@@ -32,6 +32,7 @@ resource "aws_iam_role" "ossci_gha_terraform" {
 
 resource "aws_iam_role_policy_attachment" "ossci_gha_terraform_admin" {
   role       = aws_iam_role.ossci_gha_terraform.name
+  #checkov:skip=CKV_AWS_274:Terraform needs AdministratorAccess to run
   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
 }