#19 fix for CKV_AWS_116

kunduso · Sep 12, 2024 · cfe15d9 · cfe15d9
1 parent 8d8b106
commit cfe15d9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/lambda.tf b/lambda.tf
@@ -25,10 +25,14 @@ resource "aws_lambda_function" "lambda_run" {
       log_stream_name = aws_cloudwatch_log_stream.log_stream.name
     }
   }
+  #https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq
+  dead_letter_config {
+    target_arn = aws_sqs_queue.dlq.arn
+  }
+
   #checkov:skip=CKV_AWS_50: Not applicable in this use case: X-Ray tracing is enabled for Lambda
   #checkov:skip=CKV_AWS_115: Not applicable in this use case: Ensure that AWS Lambda function is configured for function-level concurrent execution limit
   #checkov:skip=CKV_AWS_117: This AWS Lambda function does not require access to anything inside a VPC
-  #checkov:skip=CKV_AWS_116: Not applicable in this use case
   #checkov:skip=CKV_AWS_173: Not applicable in this use case
   #checkov:skip=CKV_AWS_272: Not applicable in this use case: Ensure AWS Lambda function is configured to validate code-signing
 }

diff --git a/sqs.tf b/sqs.tf
@@ -0,0 +1,4 @@
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue
+resource "aws_sqs_queue" "dlq" {
+  name = "${var.name}-lambda-dlq"
+}