AWS Codecommit branch changes has less than 2 approvals
Description
The best practice for merging new code into a code base is to have at least two reviewers. AWS CodeCommit can enforce this policy.
Code Example
text
resource "aws_codecommit_approval_rule_template" "example" {
...
content = <<EOF
{
"Version": "2018-11-08",
"DestinationReferences": ["refs/heads/master"],
"Statements": [{
"Type": "Approvers",
+ "NumberOfApprovalsNeeded": 2,
"ApprovalPoolMembers": ["arn:aws:sts::123456789012:assumed-role/CodeCommitReview/*"]
}]
}
EOF
...
}Remediation
. In the AWS console, go to CodeCommit.
. Select Approval Rule Templates and then Create Template.
. Under Number of approvals needed, add at least two approvals. === Fix - Buildtime
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0305 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_257 |