eli-139 adding checkov skip for global read permissions in API Gateway log describe and get operations

eddalmond1 · ivma1-nhs · commit 69d51f740e80 · 2025-06-17T16:22:34.000+01:00
diff --git a/infrastructure/modules/api_gateway/iam.tf b/infrastructure/modules/api_gateway/iam.tf
@@ -15,6 +15,7 @@ resource "aws_iam_role" "api_gateway" {
 }
 
 data "aws_iam_policy_document" "api_gateway_logging" {
+  #checkov:skip=CKV_AWS_356: Wildcard permissions needed for global log event reads
   statement {
     sid    = "AllowCreateLogGroup"
     effect = "Allow"

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ resource "aws_iam_role" "api_gateway" {`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`data "aws_iam_policy_document" "api_gateway_logging" {`
	`18`	`+ #checkov:skip=CKV_AWS_356: Wildcard permissions needed for global log event reads`
`18`	`19`	`statement {`
`19`	`20`	`sid = "AllowCreateLogGroup"`
`20`	`21`	`effect = "Allow"`