Merge pull request #7938 from ministryofjustice/chore/ap-patching

🧩 Analytical Platform Patching
ministryofjustice · Sep 26, 2024 · 469d37e · 469d37e
2 parents a615de2 + eaddab1
commit 469d37e
Show file tree

Hide file tree

Showing 17 changed files with 46 additions and 141 deletions.
diff --git a/terraform/environments/analytical-platform-compute/efs.tf b/terraform/environments/analytical-platform-compute/efs.tf
diff --git a/terraform/environments/analytical-platform-compute/environment-configuration.tf b/terraform/environments/analytical-platform-compute/environment-configuration.tf
@@ -17,7 +17,7 @@ locals {
   eks_cloudwatch_log_group_retention_in_days = 400
 
   /* Kube Prometheus Stack */
-  prometheus_operator_crd_version = "v0.76.0"
+  prometheus_operator_crd_version = "v0.76.1"
 
   /* Environment Configuration */
   environment_configuration = local.environment_configurations[local.environment]

diff --git a/terraform/environments/analytical-platform-compute/helm-charts-system.tf b/terraform/environments/analytical-platform-compute/helm-charts-system.tf
@@ -71,7 +71,7 @@ resource "helm_release" "amazon_prometheus_proxy" {
   name       = "amazon-prometheus-proxy"
   repository = "https://prometheus-community.github.io/helm-charts"
   chart      = "kube-prometheus-stack"
-  version    = "61.9.0"
+  version    = "62.7.0"
   namespace  = kubernetes_namespace.aws_observability.metadata[0].name
   values = [
     templatefile(
@@ -119,7 +119,7 @@ resource "helm_release" "karpenter_crd" {
   name       = "karpenter-crd"
   repository = "oci://public.ecr.aws/karpenter"
   chart      = "karpenter-crd"
-  version    = "1.0.2"
+  version    = "1.0.3"
   namespace  = kubernetes_namespace.karpenter.metadata[0].name
 
   values = [
@@ -141,7 +141,7 @@ resource "helm_release" "karpenter" {
   name       = "karpenter"
   repository = "oci://public.ecr.aws/karpenter"
   chart      = "karpenter"
-  version    = "1.0.2"
+  version    = "1.0.3"
   namespace  = kubernetes_namespace.karpenter.metadata[0].name
 
   values = [

diff --git a/terraform/environments/analytical-platform-compute/iam-roles.tf b/terraform/environments/analytical-platform-compute/iam-roles.tf
@@ -3,7 +3,7 @@ module "vpc_cni_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix      = "vpc-cni"
   attach_vpc_cni_policy = true
@@ -24,7 +24,7 @@ module "ebs_csi_driver_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix      = "ebs-csi-driver"
   attach_ebs_csi_policy = true
@@ -44,7 +44,7 @@ module "efs_csi_driver_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix      = "efs-csi-driver"
   attach_efs_csi_policy = true
@@ -64,7 +64,7 @@ module "aws_for_fluent_bit_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix = "aws-for-fluent-bit"
 
@@ -88,7 +88,7 @@ module "amazon_prometheus_proxy_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix = "amazon-prometheus-proxy"
 
@@ -111,7 +111,7 @@ module "cluster_autoscaler_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix = "cluster-autoscaler"
 
@@ -133,7 +133,7 @@ module "external_dns_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix              = "external-dns"
   attach_external_dns_policy    = true
@@ -154,7 +154,7 @@ module "cert_manager_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix              = "cert-manager"
   attach_cert_manager_policy    = true
@@ -175,7 +175,7 @@ module "external_secrets_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix               = "external-secrets"
   attach_external_secrets_policy = true
@@ -196,7 +196,7 @@ module "mlflow_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   role_name_prefix = "mlflow"
 
@@ -219,7 +219,7 @@ module "gha_mojas_airflow_iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-github-oidc-role"
-  version = "5.44.0"
+  version = "5.44.1"
 
   name = "github-actions-mojas-airflow"
 
@@ -237,7 +237,7 @@ module "lake_formation_share_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
-  version = "5.44.0"
+  version = "5.44.1"
 
   create_role       = true
   role_requires_mfa = false
@@ -265,7 +265,7 @@ module "analytical_platform_ui_service_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.44.0"
+  version = "5.44.1"
 
   create_role = true
 

diff --git a/terraform/environments/analytical-platform-compute/kubernetes-persistent-volume-claims.tf b/terraform/environments/analytical-platform-compute/kubernetes-persistent-volume-claims.tf
diff --git a/terraform/environments/analytical-platform-compute/kubernetes-persistent-volumes.tf b/terraform/environments/analytical-platform-compute/kubernetes-persistent-volumes.tf
diff --git a/terraform/environments/analytical-platform-ingestion/cloudwatch-log-groups.tf b/terraform/environments/analytical-platform-ingestion/cloudwatch-log-groups.tf
@@ -2,7 +2,7 @@ module "transfer_structured_logs" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/cloudwatch/aws//modules/log-group"
-  version = "5.3.1"
+  version = "5.6.0"
 
   name              = "/aws/transfer-structured-logs"
   kms_key_id        = module.transfer_logs_kms.key_arn

diff --git a/terraform/environments/analytical-platform-ingestion/iam-policies.tf b/terraform/environments/analytical-platform-ingestion/iam-policies.tf
@@ -17,7 +17,7 @@ module "transfer_server_iam_policy" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "5.42.0"
+  version = "5.44.1"
 
   name_prefix = "transfer-server"
 

diff --git a/terraform/environments/analytical-platform-ingestion/iam-roles.tf b/terraform/environments/analytical-platform-ingestion/iam-roles.tf
@@ -2,7 +2,7 @@ module "transfer_server_iam_role" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
-  version = "5.42.0"
+  version = "5.44.1"
 
   create_role = true
 

diff --git a/terraform/environments/analytical-platform-ingestion/kms-keys.tf b/terraform/environments/analytical-platform-ingestion/kms-keys.tf
@@ -2,7 +2,7 @@ module "transfer_logs_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["logs/transfer"]
   description           = "CloudWatch Logs for the Transfer Server"
@@ -42,7 +42,7 @@ module "s3_landing_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["s3/landing"]
   description           = "Family SFTP Server, Landing S3 KMS Key"
@@ -55,7 +55,7 @@ module "s3_processed_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["s3/processed"]
   description           = "Family SFTP Server, Processed S3 KMS Key"
@@ -68,7 +68,7 @@ module "s3_quarantine_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["s3/quarantine"]
   description           = "Family SFTP Server, Quarantine S3 KMS Key"
@@ -81,7 +81,7 @@ module "s3_definitions_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["s3/definitions"]
   description           = "Ingestion Scanning ClamAV S3 KMS Key"
@@ -94,7 +94,7 @@ module "s3_bold_egress_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["s3/bold-egress"]
   description           = "Used in the Bold Egress Solution"
@@ -123,7 +123,7 @@ module "quarantined_sns_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["sns/quarantined"]
   description           = "Key for quarantined notifications"
@@ -153,7 +153,7 @@ module "transferred_sns_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["sns/transferred"]
   description           = "Key for transferred notifications"
@@ -166,7 +166,7 @@ module "govuk_notify_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["secretsmanager/govuk-notify"]
   description           = "Key for GOV.UK Notify data"
@@ -179,7 +179,7 @@ module "supplier_data_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["secretsmanager/supplier-data"]
   description           = "Key for SFTP supplier data"
@@ -192,7 +192,7 @@ module "slack_token_kms" {
   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
 
   source  = "terraform-aws-modules/kms/aws"
-  version = "2.2.1"
+  version = "3.1.0"
 
   aliases               = ["secretsmanager/slack-token"]
   description           = "Slack token for notifications"