Variable Without Description

  • Query id: 2a153952-2544-4687-bcc9-cc8fea814a9b
  • Query name: Variable Without Description
  • Platform: Terraform
  • Severity: Info
  • Category: Best Practices
  • URL: Github

Description

All variables should contain a valid description.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}
Positive test num. 2 - tf file
variable "cluster_name" {
  default = "example"
  type    = string
  description = " "
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}
Positive test num. 3 - tf file
variable "cluster_name" {
  default = "example"
  type    = string
  description = ""
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
variable "cluster_name" {
  default = "example"
  description = "cluster name"
  type    = string
}

resource "aws_eks_cluster" "negative1" {
  depends_on = [aws_cloudwatch_log_group.example]

  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
  name                      = var.cluster_name
}