Gomboc Fix for #20 - tf-test by gomboc-ai-community[bot] · Pull Request #21 · pepegc/rattleback

gomboc-ai-community · 2025-06-30T21:13:11Z

This fix was produced in response to #20 on the following target:

Repository	Branch	Directory
pepegc/rattleback	pepegc-patch-15	tf-test


Rules with observations	10
Affected resources	4
Resource types	4
Code fixes	7
Files modified	1

Recommendation	Resources	Observations
API Key Authentication	1	1
Client Authentication via IAM SigV4	1	1
Encryption At-Rest with Provider Managed Key	2	2
Encryption At-Rest with Bespoke Service Implementation	1	1
Encryption At-Rest with Customer Managed Key (CMK)	1	1
Deletion Protection	1	1
Request Tracing	2	2
On-Demand Capacity	1	1
Provisioned Capacity	1	1
Resource Tags	1	1

These recommendations come from the following benchmarks

Benchmark
Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)
CIS Critical Security Controls v8.1

…-31f353310206-14128

gomboc-ai-community · 2025-06-30T21:13:14Z


 resource "aws_dynamodb_table" "test_table_a" {

+  deletion_protection_enabled = true


l.9 Recommended applying Deletion Protection:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

CIS Critical Security Controls v8.1

_{Leave feedback (ref: d464e376604756a617e8baccc5cc483f0de93c9d80f2d39c7ee5e0a0d2572966)}

gomboc-ai-community

I scanned the tf-test directory in search of Terraform misconfigurations. No issues found!

gomboc-ai-community · 2025-06-30T21:13:17Z

 resource "aws_dynamodb_table" "test_table_a" {

+  deletion_protection_enabled = true
+  billing_mode                = "PAY_PER_REQUEST"


l.10 Recommended applying On-Demand Capacity:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

_{Leave feedback (ref: 2611ff7b5b3eae44bcc9796c834cd2d2c7935c9e97dd43e531cea620e981feb1)}

gomboc-ai-community · 2025-06-30T21:13:20Z


+  deletion_protection_enabled = true
+  billing_mode                = "PAY_PER_REQUEST"
+  tags                        = "null"


l.11 Recommended applying Resource Tags:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

CIS Critical Security Controls v8.1

_{Leave feedback (ref: 411f3e36ed53e52f7e3cbaf9072767d6262fc37d250785221664e8503f0fb156)}

gomboc-ai-community · 2025-06-30T21:13:22Z

+  billing_mode                = "PAY_PER_REQUEST"
+  tags                        = "null"
+  server_side_encryption {
+    enabled = false


l.13 Recommended applying Encryption At-Rest with Bespoke Service Implementation:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

_{Leave feedback (ref: b0f7e9f4458edaed4cd2552dd0d3c1f1f2afaf3a233e43f01c1c0ba789462c97)}

gomboc-ai-community · 2025-06-30T21:13:26Z


 resource "aws_lambda_function" "myfunction" {
+  tracing_config {
+    mode = "Active"


l.19 Recommended applying Request Tracing:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

CIS Critical Security Controls v8.1

_{Leave feedback (ref: 62765aecbde07930d8afdc5696a332e40096397147c55134f82a87707ef492b7)}

gomboc-ai-community · 2025-06-30T21:13:28Z


 resource "aws_appsync_graphql_api" "test_api" {
  authentication_type = "API_KEY"
+  xray_enabled        = true


l.25 Recommended applying Request Tracing:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

CIS Critical Security Controls v8.1

_{Leave feedback (ref: af879331249c525901eab405f59e69d22c6054f0f9210c45442068029cac615e)}

gomboc-ai-community · 2025-06-30T21:13:31Z

 resource "aws_keyspaces_table" "mykeyspacestable" {
-}
+  encryption_specification {
+    type = "AWS_OWNED_KMS_KEY"


l.30 Recommended applying Encryption At-Rest with Provider Managed Key:

Gomboc Best Practices CIS Critical Security Controls v8.1 (AWS)

_{Leave feedback (ref: 836e766e32572c9b826b7b6eb5f08575aaa011e2acd90073135728da07e46486)}

gomboc-ai-community Bot added 2 commits June 30, 2025 21:13

Remediation gomboc-a7d346c0-2abb-4f1d-8e49-31f353310206

48f3095

Merge 48f3095 into pepegc-patch-15-remediated-a7d346c0-2abb-4f1d-8e49…

f755d6b

…-31f353310206-14128

gomboc-ai-community Bot commented Jun 30, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gomboc Fix for #20 - tf-test#21

Gomboc Fix for #20 - tf-test#21
gomboc-ai-community[bot] wants to merge 2 commits into
pepegc-patch-15from
pepegc-patch-15-remediated-a7d346c0-2abb-4f1d-8e49-31f353310206-14128

gomboc-ai-community Bot commented Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

gomboc-ai-community Bot left a comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants


		resource "aws_dynamodb_table" "test_table_a" {

		deletion_protection_enabled = true

Conversation

gomboc-ai-community Bot commented Jun 30, 2025

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot left a comment

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

gomboc-ai-community Bot Jun 30, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants