#hcl

Rulesets (1)

Rules (357)

profile photo of semgrepsemgrep

There are missing tags for an AWS Auto Scaling group. Tags help track costs, allow for filtering for Auto Scaling groups, help with access control, and aid in organizing AWS resources. Add: `tag { key = "key" value = "value" propagate_at_launch = boolean }` See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group for more details.

profile photo of semgrepsemgrep

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

profile photo of semgrepsemgrep

The AWS Lambda permission has an AWS service principal but does not specify a source ARN. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function. Set the source_arn value to the ARN of the AWS resource that invokes the function, eg. an S3 bucket, CloudWatch Events Rule, API Gateway, or SNS topic.