🔧 Move Lambda to VPC #5535

Gary-H9 · 2024-04-02T15:38:18Z

This pull request:

Moves Lambda functions into VPC
Creates and attaches security groups to Lambda functions
Allows access to S3 gateway
Adds a VPC interface for Secrets Manager

github-actions · 2024-04-02T15:40:28Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

github-actions · 2024-04-02T15:58:24Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

github-actions · 2024-04-02T15:59:12Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

github-actions · 2024-04-02T16:02:32Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

github-actions · 2024-04-02T16:31:56Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

github-actions · 2024-04-02T16:36:53Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

modernisation-platform-ci · 2024-04-02T16:55:41Z

@Gary-H9 Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

modernisation-platform-ci · 2024-04-02T16:55:52Z

@Gary-H9 Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

github-actions · 2024-04-02T16:56:47Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

terraform/environments/analytical-platform-ingestion/lambda-functions.tf

modernisation-platform-ci · 2024-04-03T07:26:56Z

@jacobwoffenden Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

modernisation-platform-ci · 2024-04-03T07:26:56Z

@jacobwoffenden Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

…nctions.tf Co-authored-by: Jacob Woffenden <[email protected]>

modernisation-platform-ci · 2024-04-03T07:28:34Z

@Gary-H9 Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

modernisation-platform-ci · 2024-04-03T07:28:37Z

@Gary-H9 Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

github-actions · 2024-04-03T07:29:37Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

Signed-off-by: Jacob Woffenden <[email protected]>

modernisation-platform-ci · 2024-04-03T10:45:05Z

@jacobwoffenden Terraform plan evalaution detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform

github-actions · 2024-04-03T10:45:58Z

`TFSEC Scan` Success

Show Output

```hcl

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

`Trivy Scan`

Show Output

* 🔧 Move Lambda to VPC * 🔧 Add security groups * 🎨 Update names and descriptions * 🔧 Update Lambdas to use specific security groups * WIP * Correct typo * 🔧 Add Secrets Manager VPC Endpoint * Update terraform/environments/analytical-platform-ingestion/lambda-functions.tf Co-authored-by: Jacob Woffenden <[email protected]> * Update all egress ranges Signed-off-by: Jacob Woffenden <[email protected]> --------- Signed-off-by: Jacob Woffenden <[email protected]> Co-authored-by: Jacob Woffenden <[email protected]>

🔧 Move Lambda to VPC

15b3ea8

github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Apr 2, 2024

Gary-H9 temporarily deployed to analytical-platform-ingestion-development April 2, 2024 15:41 — with GitHub Actions Inactive

Gary-H9 added 2 commits April 2, 2024 15:56

🔧 Add security groups

e2d1e53

🎨 Update names and descriptions

0f9af35

Gary-H9 had a problem deploying to analytical-platform-ingestion-development April 2, 2024 15:58 — with GitHub Actions Failure

🔧 Update Lambdas to use specific security groups

ccb345f

Gary-H9 temporarily deployed to analytical-platform-ingestion-development April 2, 2024 16:02 — with GitHub Actions Inactive

Gary-H9 had a problem deploying to analytical-platform-ingestion-development April 2, 2024 16:03 — with GitHub Actions Failure

WIP

81eb2ef

Correct typo

b613bcc

Gary-H9 temporarily deployed to analytical-platform-ingestion-development April 2, 2024 16:35 — with GitHub Actions Inactive

Gary-H9 marked this pull request as ready for review April 2, 2024 16:39

Gary-H9 requested review from a team as code owners April 2, 2024 16:39

🔧 Add Secrets Manager VPC Endpoint

3acaf90

jacobwoffenden reviewed Apr 3, 2024

View reviewed changes

terraform/environments/analytical-platform-ingestion/lambda-functions.tf Outdated Show resolved Hide resolved

Update terraform/environments/analytical-platform-ingestion/lambda-fu…

c924861

…nctions.tf Co-authored-by: Jacob Woffenden <[email protected]>

SteveLinden previously approved these changes Apr 3, 2024

View reviewed changes

Gary-H9 temporarily deployed to analytical-platform-ingestion-development April 3, 2024 07:57 — with GitHub Actions Inactive

Update all egress ranges

a84737f

Signed-off-by: Jacob Woffenden <[email protected]>

jacobwoffenden dismissed SteveLinden’s stale review via a84737f April 3, 2024 10:44

jacobwoffenden temporarily deployed to analytical-platform-ingestion-development April 3, 2024 10:45 — with GitHub Actions Inactive

jacobwoffenden approved these changes Apr 3, 2024

View reviewed changes

Gary-H9 merged commit 532a4f5 into main Apr 3, 2024
11 of 12 checks passed

Gary-H9 deleted the lambda-move branch April 3, 2024 12:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🔧 Move Lambda to VPC #5535

🔧 Move Lambda to VPC #5535

Gary-H9 commented Apr 2, 2024 •

edited by jacobwoffenden

Loading

github-actions bot commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

modernisation-platform-ci commented Apr 2, 2024

modernisation-platform-ci commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

modernisation-platform-ci commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

github-actions bot commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

github-actions bot commented Apr 3, 2024

🔧 Move Lambda to VPC #5535

🔧 Move Lambda to VPC #5535

Conversation

Gary-H9 commented Apr 2, 2024 • edited by jacobwoffenden Loading

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

modernisation-platform-ci commented Apr 2, 2024

modernisation-platform-ci commented Apr 2, 2024

github-actions bot commented Apr 2, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

modernisation-platform-ci commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

modernisation-platform-ci commented Apr 3, 2024

github-actions bot commented Apr 3, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

modernisation-platform-ci commented Apr 3, 2024

github-actions bot commented Apr 3, 2024

TFSEC Scan Success

CTFLint Scan Success

Trivy Scan

Gary-H9 commented Apr 2, 2024 •

edited by jacobwoffenden

Loading

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`

`TFSEC Scan` Success

`CTFLint Scan` Success

`Trivy Scan`