Ignoring LOW tfsec vulnerability for web_acl cloudwatch log group

Aditya Bhatia · Aditya Bhatia · commit c3065919dac0 · 2025-06-24T15:01:42.000+05:30
diff --git a/modules/wafv2/main.tf b/modules/wafv2/main.tf
@@ -216,6 +216,7 @@ data "aws_iam_policy_document" "web_acl_policy_document" {
 }
 
 # CloudWatch Log Group for WAFv2 Logging
+#tfsec:ignore:aws-cloudwatch-log-group-customer-key
 resource "aws_cloudwatch_log_group" "web_acl_log" {
   name  = "aws-waf-logs-${var.stage}_${var.region}_${var.service_name}"
   count = var.enabled

Original file line number	Diff line number	Diff line change
`@@ -216,6 +216,7 @@ data "aws_iam_policy_document" "web_acl_policy_document" {`
`216`	`216`	`}`
`217`	`217`
`218`	`218`	`# CloudWatch Log Group for WAFv2 Logging`
	`219`	`+#tfsec:ignore:aws-cloudwatch-log-group-customer-key`
`219`	`220`	`resource "aws_cloudwatch_log_group" "web_acl_log" {`
`220`	`221`	`name = "aws-waf-logs-${var.stage}_${var.region}_${var.service_name}"`
`221`	`222`	`count = var.enabled`