alexott / tfsec-databricks

Custom checks for tfsec for Databricks-related resources

tfsec custom checks for Databricks-related resources

This repository has a number of the tfsec checks (security, costs tracking & optimization, ...) for Databricks-related resources:

Azure Databricks resource in the azurerm provider.
Different resources of Databricks Terraform provider - clusters, SQL warehouses, jobs, ...

Usage

Install tfsec as described in the documentation.
Clone this repository.
Switch to the folder with your Terraform code & execute following command:

tfsec --custom-check-dir "<tfsec-databricks-directory>" .

You can always see tfsec-databricks in action by running it on the provided examples:

Switch into examples directory of the cloned repository.
Run following command:

tfsec --custom-check-dir $(pwd)/.. .

Future work

check that we have AWS VPC endpoints for s3, sts, kinesis-streams

resource "aws_vpc_endpoint" "s3" {
  vpc_id          = module.vpc.vpc_id
  route_table_ids = module.vpc.private_route_table_ids
  service_name    = "com.amazonaws.${var.region}.s3"
  depends_on      = [module.vpc]
}

About

Custom checks for tfsec for Databricks-related resources

MIT License