Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional S3 bucket paths for IAM role permissions in Airflow module #9074

Merged
merged 1 commit into from
Dec 13, 2024
Merged

Add additional S3 bucket paths for IAM role permissions in Airflow module #9074

merged 1 commit into from
Dec 13, 2024

Conversation

matt-heery
Copy link
Contributor

Include new S3 bucket paths for pipeline data in the IAM role permissions of the Airflow module.

@matt-heery matt-heery requested review from a team as code owners December 13, 2024 10:28
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Dec 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role

Running Trivy in terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role
2024-12-13T10:30:53Z INFO [vulndb] Need to update DB
2024-12-13T10:30:53Z INFO [vulndb] Downloading vulnerability DB...
2024-12-13T10:30:53Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-13T10:30:55Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-13T10:30:55Z INFO [vuln] Vulnerability scanning is enabled
2024-12-13T10:30:55Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-13T10:30:55Z INFO [misconfig] Need to update the built-in checks
2024-12-13T10:30:55Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-13T10:30:56Z INFO [secret] Secret scanning is enabled
2024-12-13T10:30:56Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-13T10:30:56Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-13T10:30:57Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-13T10:30:57Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="athena_dump_bucket, cadt_bucket, database_name, environment, name, oidc_arn, secret_code, source_data_bucket"
2024-12-13T10:30:57Z INFO Number of language-specific files num=0
2024-12-13T10:30:57Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 26, Failed checks: 0, Skipped checks: 2


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role

*****************************

Running tflint in terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data/modules/ap_airflow_load_data_iam_role
2024-12-13T10:30:53Z	INFO	[vulndb] Need to update DB
2024-12-13T10:30:53Z	INFO	[vulndb] Downloading vulnerability DB...
2024-12-13T10:30:53Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-13T10:30:55Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-13T10:30:55Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-13T10:30:55Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-13T10:30:55Z	INFO	[misconfig] Need to update the built-in checks
2024-12-13T10:30:55Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-13T10:30:56Z	INFO	[secret] Secret scanning is enabled
2024-12-13T10:30:56Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-13T10:30:56Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-13T10:30:57Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-13T10:30:57Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="athena_dump_bucket, cadt_bucket, database_name, environment, name, oidc_arn, secret_code, source_data_bucket"
2024-12-13T10:30:57Z	INFO	Number of language-specific files	num=0
2024-12-13T10:30:57Z	INFO	Detected config files	num=1
trivy_exitcode=0

@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-test December 13, 2024 10:35 — with GitHub Actions Inactive
@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-development December 13, 2024 10:35 — with GitHub Actions Inactive
Lee-250
Lee-250 approved these changes Dec 13, 2024
View reviewed changes
Copy link
Contributor

@Lee-250 Lee-250 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@matt-heery matt-heery merged commit f0bd598 into main Dec 13, 2024
16 checks passed
@matt-heery matt-heery deleted the update-airflow-perms branch December 13, 2024 10:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lee-250 Lee-250 Lee-250 approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matt-heery @Lee-250