Skip to content

Commit 12b874a

Browse files
oniiceoniice
committed
chore(docs): uncommented failing examples
Signed-off-by: Fred Myerscough <oniice@gmail.com>
1 parent 1cd60b2 commit 12b874a

File tree

1 file changed

+68
-68
lines changed

1 file changed

+68
-68
lines changed

examples/failing/main.tf

Lines changed: 68 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -9,74 +9,74 @@ terraform {
99
}
1010
}
1111
}
12-
#
13-
# # Hardcoded region in provider (will trigger aws_provider_hardcoded_region rule)
14-
# provider "aws" {
15-
# region = "us-east-1"
16-
# }
17-
#
18-
# # Provider with hardcoded region in assume_role
19-
# provider "aws" {
20-
# alias = "assume_role_hardcoded"
21-
# assume_role {
22-
# role_arn = "arn:aws:iam:us-west-2:123456789012:role/terraform-role"
23-
# }
24-
# }
25-
#
26-
# # IAM role policy with hardcoded region (will trigger aws_iam_role_policy_hardcoded_region rule)
27-
# resource "aws_iam_role_policy" "example_region" {
28-
# name = "example-policy-region"
29-
# role = "example-role"
30-
#
31-
# policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"s3:GetObject\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws:s3:::my-bucket/us-east-1/*\"}]}"
32-
# }
33-
#
34-
# # IAM role policy with hardcoded partition (will trigger aws_iam_role_policy_hardcoded_partition rule)
35-
# resource "aws_iam_role_policy" "example_partition" {
36-
# name = "example-policy-partition"
37-
# role = "example-role"
38-
#
39-
# policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"lambda:InvokeFunction\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws:lambda:us-west-2:123456789012:function:my-function\"}]}"
40-
# }
41-
#
42-
# # IAM policy with hardcoded region (will trigger aws_iam_policy_hardcoded_region rule)
43-
# resource "aws_iam_policy" "example_region" {
44-
# name = "example-policy-region"
45-
#
46-
# policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"dynamodb:GetItem\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws:dynamodb:eu-west-1:123456789012:table/my-table\"}]}"
47-
# }
48-
#
49-
# # IAM policy with hardcoded partition (will trigger aws_iam_policy_hardcoded_partition rule)
50-
# resource "aws_iam_policy" "example_partition" {
51-
# name = "example-policy-partition"
52-
#
53-
# policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"sqs:SendMessage\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws-us-gov:sqs:us-gov-west-1:123456789012:my-queue\"}]}"
54-
# }
55-
#
56-
# # Multiple violations in one policy
57-
# resource "aws_iam_role_policy" "multiple_violations" {
58-
# name = "multiple-violations"
59-
# role = "example-role"
60-
#
61-
# policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"s3:GetObject\"], \"Effect\": \"Allow\", \"Resource\": [\"arn:aws:s3:::bucket1/ap-southeast-1/*\", \"arn:aws-cn:s3:::bucket2/cn-north-1/*\"]}]}"
62-
# }
63-
#
64-
#
65-
# # Lambda permission with hardcoded ARN (will trigger aws_arn_hardcoded rule)
66-
# resource "aws_lambda_permission" "example" {
67-
# statement_id = "AllowS3Invoke"
68-
# action = "lambda:InvokeFunction"
69-
# function_name = "my-function"
70-
# principal = "s3.amazonaws.com"
71-
# source_arn = "arn:aws:s3:us-east-1:123456789012:bucket/my-bucket"
72-
# }
73-
#
74-
# # SNS subscription with hardcoded ARN (will trigger aws_arn_hardcoded rule)
75-
# resource "aws_sns_topic_subscription" "example" {
76-
# topic_arn = "arn:aws:sns:eu-west-1:123456789012:my-topic"
77-
# protocol = "email"
78-
# endpoint = "example@example.com"
79-
# }
12+
13+
# Hardcoded region in provider (will trigger aws_provider_hardcoded_region rule)
14+
provider "aws" {
15+
region = "us-east-1"
16+
}
17+
18+
# Provider with hardcoded region in assume_role
19+
provider "aws" {
20+
alias = "assume_role_hardcoded"
21+
assume_role {
22+
role_arn = "arn:aws:iam:us-west-2:123456789012:role/terraform-role"
23+
}
24+
}
25+
26+
# IAM role policy with hardcoded region (will trigger aws_iam_role_policy_hardcoded_region rule)
27+
resource "aws_iam_role_policy" "example_region" {
28+
name = "example-policy-region"
29+
role = "example-role"
30+
31+
policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"s3:GetObject\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws:s3:::my-bucket/us-east-1/*\"}]}"
32+
}
33+
34+
# IAM role policy with hardcoded partition (will trigger aws_iam_role_policy_hardcoded_partition rule)
35+
resource "aws_iam_role_policy" "example_partition" {
36+
name = "example-policy-partition"
37+
role = "example-role"
38+
39+
policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"lambda:InvokeFunction\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws:lambda:us-west-2:123456789012:function:my-function\"}]}"
40+
}
41+
42+
# IAM policy with hardcoded region (will trigger aws_iam_policy_hardcoded_region rule)
43+
resource "aws_iam_policy" "example_region" {
44+
name = "example-policy-region"
45+
46+
policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"dynamodb:GetItem\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws:dynamodb:eu-west-1:123456789012:table/my-table\"}]}"
47+
}
48+
49+
# IAM policy with hardcoded partition (will trigger aws_iam_policy_hardcoded_partition rule)
50+
resource "aws_iam_policy" "example_partition" {
51+
name = "example-policy-partition"
52+
53+
policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"sqs:SendMessage\"], \"Effect\": \"Allow\", \"Resource\": \"arn:aws-us-gov:sqs:us-gov-west-1:123456789012:my-queue\"}]}"
54+
}
55+
56+
# Multiple violations in one policy
57+
resource "aws_iam_role_policy" "multiple_violations" {
58+
name = "multiple-violations"
59+
role = "example-role"
60+
61+
policy = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Action\": [\"s3:GetObject\"], \"Effect\": \"Allow\", \"Resource\": [\"arn:aws:s3:::bucket1/ap-southeast-1/*\", \"arn:aws-cn:s3:::bucket2/cn-north-1/*\"]}]}"
62+
}
63+
64+
65+
# Lambda permission with hardcoded ARN (will trigger aws_arn_hardcoded rule)
66+
resource "aws_lambda_permission" "example" {
67+
statement_id = "AllowS3Invoke"
68+
action = "lambda:InvokeFunction"
69+
function_name = "my-function"
70+
principal = "s3.amazonaws.com"
71+
source_arn = "arn:aws:s3:us-east-1:123456789012:bucket/my-bucket"
72+
}
73+
74+
# SNS subscription with hardcoded ARN (will trigger aws_arn_hardcoded rule)
75+
resource "aws_sns_topic_subscription" "example" {
76+
topic_arn = "arn:aws:sns:eu-west-1:123456789012:my-topic"
77+
protocol = "email"
78+
endpoint = "example@example.com"
79+
}
8080

8181
# KMS grant with hardcoded ARN (will trigger aws_arn_hardcoded rule)
8282
resource "aws_kms_grant" "example" {

0 commit comments

Comments
 (0)