scanner fixes

Justin · Justin · commit 6cabdde19935 · 2024-02-07T18:38:21.000-05:00
diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-bucket.yaml b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-bucket.yaml
@@ -224,12 +224,10 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS CMK is used
-          - id: CKV_SECRET_6
-            comment: Value is not a secret
     Properties:
       Name: sra/cloudtrail_org_s3_bucket
       Description: Organization CloudTrail S3 Bucket
-      SecretString: !Sub '{"OrganizationCloudTrailS3Bucket":"${rOrgTrailBucket}"}'
+      SecretString: !Sub '{"OrganizationCloudTrailS3Bucket":"${rOrgTrailBucket}"}' # checkov:skip=CKV_SECRET_6
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution
diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-kms.yaml b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-kms.yaml
@@ -157,12 +157,10 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS CMK is used
-          - id: CKV_SECRET_6
-            comment: Value is not a secret
     Properties:
       Name: sra/cloudtrail_org_key_arn
       Description: Organization CloudTrail KMS Key ARN
-      SecretString: !Sub '{"OrganizationCloudTrailKeyArn":"${rOrganizationCloudTrailKey.Arn}"}'
+      SecretString: !Sub '{"OrganizationCloudTrailKeyArn":"${rOrganizationCloudTrailKey.Arn}"}' # checkov:skip=CKV_SECRET_6
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution
diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml
@@ -139,12 +139,10 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS Key is used
-          - id: CKV_SECRET_6
-            comment: Value is not a secret
     Properties:
       Name: sra/guardduty_org_delivery_key_arn
       Description: GuardDuty Delivery KMS Key ARN
-      SecretString: !Sub '{"GuardDutyDeliveryKeyArn":"${rGuardDutyDeliveryKey.Arn}"}'
+      SecretString: !Sub '{"GuardDutyDeliveryKeyArn":"${rGuardDutyDeliveryKey.Arn}"}' # checkov:skip=CKV_SECRET_6
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution
diff --git a/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-delivery-kms-key.yaml b/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-delivery-kms-key.yaml
@@ -145,12 +145,10 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS Key is used
-          - id: CKV_SECRET_6
-            comment: Value is not a secret
     Properties:
       Name: sra/macie_org_delivery_key_arn
       Description: Macie Delivery KMS Key ARN
-      SecretString: !Sub '{"MacieOrgDeliveryKeyArn":"${rMacieOrgDeliveryKey.Arn}"}'
+      SecretString: !Sub '{"MacieOrgDeliveryKeyArn":"${rMacieOrgDeliveryKey.Arn}"}' # checkov:skip=CKV_SECRET_6
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution
