Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add instances but not lb #7117

Merged
merged 5 commits into from
Jul 17, 2024
Merged

add instances but not lb #7117

merged 5 commits into from
Jul 17, 2024

Conversation

robertsweetman
Copy link
Contributor

@robertsweetman robertsweetman commented Jul 16, 2024
edited
Loading

  • added 2 extra tomcat servers (5 in total i.e. 4 + admin)
  • added extra ETL server, 2 in total
  • added extra 3 processing servers, 4 in total
  • pd client
  • pd cms instances x 2
  • lb included but commented out, changed headers & includes web-admin instance < possibly not correct
  • added secrets
  • added Ec2PDReportingPolicy
  • add efs
  • add certificates management

@robertsweetman robertsweetman requested review from a team as code owners July 16, 2024 15:48
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Jul 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-16T15:51:01Z INFO Need to update DB
2024-07-16T15:51:01Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T15:51:04Z INFO Vulnerability scanning is enabled
2024-07-16T15:51:04Z INFO Misconfiguration scanning is enabled
2024-07-16T15:51:04Z INFO Need to update the built-in policies
2024-07-16T15:51:04Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T15:51:04Z INFO Secret scanning is enabled
2024-07-16T15:51:04Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T15:51:04Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T15:51:07Z INFO Number of language-specific files num=0
2024-07-16T15:51:07Z INFO Detected config files num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Checkov in terraform/environments/nomis-combined-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 120, Failed checks: 0, Skipped checks: 18


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running tflint in terraform/environments/nomis-combined-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-16T15:51:01Z	INFO	Need to update DB
2024-07-16T15:51:01Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T15:51:04Z	INFO	Vulnerability scanning is enabled
2024-07-16T15:51:04Z	INFO	Misconfiguration scanning is enabled
2024-07-16T15:51:04Z	INFO	Need to update the built-in policies
2024-07-16T15:51:04Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T15:51:04Z	INFO	Secret scanning is enabled
2024-07-16T15:51:04Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T15:51:04Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T15:51:07Z	INFO	Number of language-specific files	num=0
2024-07-16T15:51:07Z	INFO	Detected config files	num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@robertsweetman robertsweetman force-pushed the ncr/DSOS-2892/ncr-prod-env branch from 83eae75 to 118417c Compare July 17, 2024 09:45
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-17T09:47:35Z INFO Need to update DB
2024-07-17T09:47:35Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-17T09:47:37Z INFO Vulnerability scanning is enabled
2024-07-17T09:47:37Z INFO Misconfiguration scanning is enabled
2024-07-17T09:47:37Z INFO Need to update the built-in policies
2024-07-17T09:47:37Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-17T09:47:37Z INFO Secret scanning is enabled
2024-07-17T09:47:37Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-17T09:47:37Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-17T09:47:39Z INFO Number of language-specific files num=0
2024-07-17T09:47:39Z INFO Detected config files num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Checkov in terraform/environments/nomis-combined-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 120, Failed checks: 0, Skipped checks: 18


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running tflint in terraform/environments/nomis-combined-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-17T09:47:35Z	INFO	Need to update DB
2024-07-17T09:47:35Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-17T09:47:37Z	INFO	Vulnerability scanning is enabled
2024-07-17T09:47:37Z	INFO	Misconfiguration scanning is enabled
2024-07-17T09:47:37Z	INFO	Need to update the built-in policies
2024-07-17T09:47:37Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-17T09:47:37Z	INFO	Secret scanning is enabled
2024-07-17T09:47:37Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-17T09:47:37Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-17T09:47:39Z	INFO	Number of language-specific files	num=0
2024-07-17T09:47:39Z	INFO	Detected config files	num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-17T09:51:43Z INFO Need to update DB
2024-07-17T09:51:43Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-17T09:51:45Z INFO Vulnerability scanning is enabled
2024-07-17T09:51:45Z INFO Misconfiguration scanning is enabled
2024-07-17T09:51:45Z INFO Need to update the built-in policies
2024-07-17T09:51:45Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-17T09:51:45Z INFO Secret scanning is enabled
2024-07-17T09:51:45Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-17T09:51:45Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-17T09:51:48Z INFO Number of language-specific files num=0
2024-07-17T09:51:48Z INFO Detected config files num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Checkov in terraform/environments/nomis-combined-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 120, Failed checks: 0, Skipped checks: 18


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running tflint in terraform/environments/nomis-combined-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-17T09:51:43Z	INFO	Need to update DB
2024-07-17T09:51:43Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-17T09:51:45Z	INFO	Vulnerability scanning is enabled
2024-07-17T09:51:45Z	INFO	Misconfiguration scanning is enabled
2024-07-17T09:51:45Z	INFO	Need to update the built-in policies
2024-07-17T09:51:45Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-17T09:51:45Z	INFO	Secret scanning is enabled
2024-07-17T09:51:45Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-17T09:51:45Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-17T09:51:48Z	INFO	Number of language-specific files	num=0
2024-07-17T09:51:48Z	INFO	Detected config files	num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-17T09:52:27Z INFO Need to update DB
2024-07-17T09:52:27Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-17T09:52:29Z INFO Vulnerability scanning is enabled
2024-07-17T09:52:29Z INFO Misconfiguration scanning is enabled
2024-07-17T09:52:29Z INFO Need to update the built-in policies
2024-07-17T09:52:29Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-17T09:52:29Z INFO Secret scanning is enabled
2024-07-17T09:52:29Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-17T09:52:29Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-17T09:52:31Z INFO Number of language-specific files num=0
2024-07-17T09:52:31Z INFO Detected config files num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Checkov in terraform/environments/nomis-combined-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 120, Failed checks: 0, Skipped checks: 18


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running tflint in terraform/environments/nomis-combined-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/nomis-combined-reporting

*****************************

Running Trivy in terraform/environments/nomis-combined-reporting
2024-07-17T09:52:27Z	INFO	Need to update DB
2024-07-17T09:52:27Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-17T09:52:29Z	INFO	Vulnerability scanning is enabled
2024-07-17T09:52:29Z	INFO	Misconfiguration scanning is enabled
2024-07-17T09:52:29Z	INFO	Need to update the built-in policies
2024-07-17T09:52:29Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-17T09:52:29Z	INFO	Secret scanning is enabled
2024-07-17T09:52:29Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-17T09:52:29Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-17T09:52:31Z	INFO	Number of language-specific files	num=0
2024-07-17T09:52:31Z	INFO	Detected config files	num=6

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@robertsweetman robertsweetman merged commit f5a441f into main Jul 17, 2024
16 checks passed
@robertsweetman robertsweetman deleted the ncr/DSOS-2892/ncr-prod-env branch July 17, 2024 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drobinson-moj drobinson-moj drobinson-moj approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robertsweetman @drobinson-moj