You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hannes-ucsc opened this issue
Jun 25, 2024
· 2 comments
Labels
-[priority] Mediumbug[type] A defect preventing use of the system as specifieddebt[type] A defect incurring continued engineering costinfra[subject] Project infrastructure like CI/CD, build and deployment scriptsorange[process] Done by the Azul team
We currently use a aws_inspector2_enabler resource to enable Inspector for EC2 and ECR but there is nothing in TF to change the re-scan duration. There is a feature request for it but that request is still open.
The API for updating the re-scan duration is https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateConfiguration.html so we could piggy-back an invocation of that API as a provisioner script for a null resource that depends on (and is triggered by) the aws_inspector2_enabler resource. IIRC, the aws_inspector2_enabler was unreliable and its effect could only be observed after a delay, but we can at least try. Care must be taken for the provisioner script to be robust, idempotent and to reliably report failure so that the delay issue can be dealt with by retrying the deployment with Terraform.
The TF resource for basic vs enhanced setting and the scan filters appears to be
and we should add that, again depending on (and triggered by) the aws_inspector2_enabler resource.
The aws_inspector2_enabler resource currently resides in the GitLab component so we need to move that first. There already is #5760 for that.
hannes-ucsc
added
bug
[type] A defect preventing use of the system as specified
infra
[subject] Project infrastructure like CI/CD, build and deployment scripts
labels
Jun 25, 2024
@hannes-ucsc: "Once we have clarity about the cause of #6354, assignee to manually modify the rescan duration in tempdev to be consistent with the other deployments. After that we can look into programmatically managing the resources as described above."
-[priority] Mediumbug[type] A defect preventing use of the system as specifieddebt[type] A defect incurring continued engineering costinfra[subject] Project infrastructure like CI/CD, build and deployment scriptsorange[process] Done by the Azul team
… by Terraform, and are inconsistent between accounts, for example
platform-temp-dev
platform-anvil-prod
Additionally, basic vs enhanced setting and the scan filters are not managed by TF either:
The text was updated successfully, but these errors were encountered: