checkov findings

Author: cyphronix

aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-bucket.yaml

@@ -218,7 +218,6 @@ Resources:
 
   rOrganizationCloudTrailS3BucketSecret:
     Type: AWS::SecretsManager::Secret
-    # checkov:skip=CKV_SECRET_6 Base64:High Entropy String
     Condition: cCreateSecret
     Metadata:
       checkov:
@@ -228,7 +227,7 @@ Resources:
     Properties:
       Name: sra/cloudtrail_org_s3_bucket
       Description: Organization CloudTrail S3 Bucket
-      SecretString: !Sub '{"OrganizationCloudTrailS3Bucket":"${rOrgTrailBucket}"}'
+      SecretString: !Sub '{"OrganizationCloudTrailS3Bucket":"${rOrgTrailBucket}"}'  # checkov:skip=CKV_SECRET_6 Base64
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution

aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org-kms.yaml

@@ -151,7 +151,6 @@ Resources:
 
   rOrganizationCloudTrailKeySecret:
     Type: AWS::SecretsManager::Secret
-    # checkov:skip=CKV_SECRET_6:Base64 High Entropy String
     Condition: cCreateSecret
     Metadata:
       checkov:
@@ -161,7 +160,7 @@ Resources:
     Properties:
       Name: sra/cloudtrail_org_key_arn
       Description: Organization CloudTrail KMS Key ARN
-      SecretString: !Sub '{"OrganizationCloudTrailKeyArn":"${rOrganizationCloudTrailKey.Arn}"}'
+      SecretString: !Sub '{"OrganizationCloudTrailKeyArn":"${rOrganizationCloudTrailKey.Arn}"}'  # checkov:skip=CKV_SECRET_6 Base64
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution

aws_sra_examples/solutions/config/config_org/templates/sra-config-org-delivery-kms-key.yaml

@@ -133,7 +133,6 @@ Resources:
 
   rConfigDeliveryKeySecret:
     Type: AWS::SecretsManager::Secret
-    # checkov:skip=CKV_SECRET_6:Base64 High Entropy String
     Condition: cCreateSecret
     Metadata:
       checkov:
@@ -143,7 +142,7 @@ Resources:
     Properties:
       Name: sra/config_org_delivery_key_arn
       Description: Config Delivery KMS Key ARN
-      SecretString: !Sub '{"ConfigDeliveryKeyArn":"${rConfigDeliveryKey.Arn}"}'
+      SecretString: !Sub '{"ConfigDeliveryKeyArn":"${rConfigDeliveryKey.Arn}"}'  # checkov:skip=CKV_SECRET_6 Base64
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution

aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml

@@ -133,7 +133,6 @@ Resources:
 
   rGuardDutyDeliveryKeySecret:
     Type: AWS::SecretsManager::Secret
-    # checkov:skip=CKV_SECRET_6 Base64:High Entropy String
     Condition: cCreateSecret
     Metadata:
       checkov:
@@ -143,7 +142,7 @@ Resources:
     Properties:
       Name: sra/guardduty_org_delivery_key_arn
       Description: GuardDuty Delivery KMS Key ARN
-      SecretString: !Sub '{"GuardDutyDeliveryKeyArn":"${rGuardDutyDeliveryKey.Arn}"}'
+      SecretString: !Sub '{"GuardDutyDeliveryKeyArn":"${rGuardDutyDeliveryKey.Arn}"}'  # checkov:skip=CKV_SECRET_6 Base64
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution

aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-delivery-kms-key.yaml

@@ -139,7 +139,6 @@ Resources:
 
   rMacieOrgDeliveryKeySecret:
     Type: AWS::SecretsManager::Secret
-    # checkov:skip=CKV_SECRET_6 Base64:High Entropy String
     Condition: cCreateSecret
     Metadata:
       checkov:
@@ -149,7 +148,7 @@ Resources:
     Properties:
       Name: sra/macie_org_delivery_key_arn
       Description: Macie Delivery KMS Key ARN
-      SecretString: !Sub '{"MacieOrgDeliveryKeyArn":"${rMacieOrgDeliveryKey.Arn}"}'
+      SecretString: !Sub '{"MacieOrgDeliveryKeyArn":"${rMacieOrgDeliveryKey.Arn}"}'  # checkov:skip=CKV_SECRET_6 Base64
       KmsKeyId: !Ref pSRASecretsKeyAliasArn
       Tags:
         - Key: sra-solution