Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Planetfm/dsos 2408/change access logs implementation #330

Merged

Conversation

robertsweetman
Copy link
Contributor

@robertsweetman robertsweetman commented Jan 2, 2024

CHANGES

  • adds network loadbalancer support for access_logs
  • fixes issue where each environment could not have more than one loadbalancer
  • removes the need for the glue_crawler
    • removes cron requirement for glue crawler
    • removing this fixes an issue where IAMRole/Policy names each needed to be unique
  • uses aws_glue_catalog_table for both application and network loadbalancer log availability and parsing in Athena
    • tables are created automatically in athena and will parse application and network loadbalancer logs for you
  • fixed broken application lb test, has been broken for some time

README additions

  • permissions needed where an external bucket for logs is specified
  • note about needing to deploy the external bucket with the correct permissions BEFORE adding this variable
  • note regards needing to use depends_on when it comes to flipping access_logs from false to true after initial lb deployment
  • note about what Network loadbalancer access logs do and don't contain
  • reference to Athena tables
  • removed reference to running sql table create script manually as this is no longer needed

HOW HAS THIS BEEN TESTED?

  • deployed multiple lb's per environment
  • deployed existing S3 buckets of each type as well as relied on the module to create them automatically
  • log parsing for Application LB's checked already and these appear in the athena tables
  • followed existing docs for Network LB's log parsing setup
    • I can't 'really' test this without deploying a LOT more infra so will do this in the planetfm pre-production environment and make any fixes needed there
    • this was the motivation behind adding network load-balancer support to begin with

Copy link
Contributor

github-actions bot commented Jan 2, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             239.366µs
  parsing              792.956732ms
  adaptation           267.138µs
  checks               4.889589ms
  total                798.352825ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     96
  files read           9

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-02 15:54:02,192 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
1 issue(s) found:

Warning: local.load_balancer_s3_module_dependency is declared but not used (terraform_unused_declarations)

  on locals.tf line 2:
   2:     load_balancer_s3_module_dependency = var.existing_bucket_name != "" ? [] : [module.s3_bucket]

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_unused_declarations.md

tflint_exitcode=2

@robertsweetman robertsweetman force-pushed the planetfm/DSOS-2408/change-access-logs-implementation branch from 835dcde to 0d4f8e3 Compare January 2, 2024 15:58
Copy link
Contributor

github-actions bot commented Jan 2, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             243.72µs
  parsing              342.695429ms
  adaptation           272.355µs
  checks               9.438781ms
  total                352.650285ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-02 16:00:17,308 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             291.788µs
  parsing              522.042613ms
  adaptation           284.413µs
  checks               8.971551ms
  total                531.590365ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 11:40:44,839 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             221.794µs
  parsing              854.69587ms
  adaptation           261.538µs
  checks               3.864771ms
  total                859.043973ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 12:47:57,785 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             250.167µs
  parsing              371.835635ms
  adaptation           313.439µs
  checks               2.983374ms
  total                375.382615ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 13:14:20,999 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

@robertsweetman robertsweetman force-pushed the planetfm/DSOS-2408/change-access-logs-implementation branch from 12f9aec to 2fe90ed Compare January 3, 2024 13:26
Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             339.894µs
  parsing              492.717836ms
  adaptation           292.236µs
  checks               10.447509ms
  total                503.797475ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 13:29:00,250 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             314.408µs
  parsing              489.284129ms
  adaptation           287.13µs
  checks               10.538674ms
  total                500.424341ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 14:12:52,856 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

@robertsweetman robertsweetman marked this pull request as ready for review January 3, 2024 14:20
@robertsweetman robertsweetman requested a review from a team as a code owner January 3, 2024 14:20
Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             209.969µs
  parsing              383.544938ms
  adaptation           499.741µs
  checks               4.248163ms
  total                388.502811ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 14:27:42,855 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 60, Failed checks: 1, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.lb_access_logs_enabled.s3-bucket
	File: /main.tf:9-64
	Calling File: /test/unit-test/main.tf:60-79
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Copy link
Contributor

@SteveLinden SteveLinden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the section containing this we would have a reference similar to the first with a comment on the version name

source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1" # v7.0.0
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"

Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             209.562µs
  parsing              590.912977ms
  adaptation           344.646µs
  checks               12.466008ms
  total                603.933193ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 15:32:42,067 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 61, Failed checks: 0, Skipped checks: 2

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

@robertsweetman
Copy link
Contributor Author

On the section containing this we would have a reference similar to the first with a comment on the version name

source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1" # v7.0.0 source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"

@SteveLinden sorry, yep, forgot about that. Put the v7.1.0 in for expediency at the time 'cause I wasn't 100% on what the GUID actually was. Have changed it to the correct one now

Copy link
Contributor

github-actions bot commented Jan 3, 2024

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             393.653µs
  parsing              362.127513ms
  adaptation           269.061µs
  checks               3.585676ms
  total                366.375903ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     95
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2024-01-03 15:41:14,200 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 61, Failed checks: 0, Skipped checks: 2

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

Copy link
Contributor

@ewastempel ewastempel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@robertsweetman robertsweetman merged commit 4b518d4 into main Jan 3, 2024
5 checks passed
@robertsweetman robertsweetman deleted the planetfm/DSOS-2408/change-access-logs-implementation branch January 3, 2024 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants