scanner fixes

Justin · Justin · commit 7ce5abe54e60 · 2024-02-07T18:27:05.000-05:00
diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-bucket.yaml b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-bucket.yaml
@@ -224,6 +224,8 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS CMK is used
+          - id: CKV_SECRET_6
+            comment: Value is not a secret
     Properties:
       Name: sra/cloudtrail_org_s3_bucket
       Description: Organization CloudTrail S3 Bucket
@@ -242,7 +244,7 @@ Resources:
       ResourcePolicy:
         Version: 2012-10-17
         Statement:
-          - Action: secretsmanager:GetSecretValue  # checkov:skip=CKV_SECRET_6
+          - Action: secretsmanager:GetSecretValue # checkov:skip=CKV_SECRET_6
             Effect: Allow
             Principal:
               AWS:
diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-kms.yaml b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-kms.yaml
@@ -157,6 +157,8 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS CMK is used
+          - id: CKV_SECRET_6
+            comment: Value is not a secret
     Properties:
       Name: sra/cloudtrail_org_key_arn
       Description: Organization CloudTrail KMS Key ARN
@@ -175,7 +177,7 @@ Resources:
       ResourcePolicy:
         Version: 2012-10-17
         Statement:
-          - Action: secretsmanager:GetSecretValue  # checkov:skip=CKV_SECRET_6
+          - Action: secretsmanager:GetSecretValue # checkov:skip=CKV_SECRET_6
             Effect: Allow
             Principal:
               AWS:
diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml
@@ -139,6 +139,8 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS Key is used
+          - id: CKV_SECRET_6
+            comment: Value is not a secret
     Properties:
       Name: sra/guardduty_org_delivery_key_arn
       Description: GuardDuty Delivery KMS Key ARN
@@ -157,7 +159,7 @@ Resources:
       ResourcePolicy:
         Version: 2012-10-17
         Statement:
-          - Action: secretsmanager:GetSecretValue  # checkov:skip=CKV_SECRET_6
+          - Action: secretsmanager:GetSecretValue # checkov:skip=CKV_SECRET_6
             Effect: Allow
             Principal:
               AWS:
diff --git a/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-delivery-kms-key.yaml b/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-delivery-kms-key.yaml
@@ -145,6 +145,8 @@ Resources:
         skip:
           - id: CKV_AWS_149
             comment: A cross-account KMS Key is used
+          - id: CKV_SECRET_6
+            comment: Value is not a secret
     Properties:
       Name: sra/macie_org_delivery_key_arn
       Description: Macie Delivery KMS Key ARN
@@ -163,7 +165,7 @@ Resources:
       ResourcePolicy:
         Version: 2012-10-17
         Statement:
-          - Action: secretsmanager:GetSecretValue  # checkov:skip=CKV_SECRET_6
+          - Action: secretsmanager:GetSecretValue # checkov:skip=CKV_SECRET_6
             Effect: Allow
             Principal:
               AWS:
