Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GuardDuty S3 malware protection for specified S3 buckets #8783

Merged
merged 2 commits into from
Nov 26, 2024
Merged

Add GuardDuty S3 malware protection for specified S3 buckets #8783

merged 2 commits into from
Nov 26, 2024

Conversation

Khatraf
Copy link
Contributor

@Khatraf Khatraf commented Nov 25, 2024
edited
Loading

Part of ticket: #8050. This PR introduces GuardDuty S3 malware protection for specified S3 buckets to improve security and protect against threats. It includes a flexible configuration allowing users to specify the S3 buckets for which protection should be applied, along with necessary role associations and tagging.

@Khatraf Khatraf requested a review from a team as a code owner November 25, 2024 13:29
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Nov 25, 2024
@Khatraf Khatraf had a problem deploying to example-development November 25, 2024 13:31 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T13:31:50Z INFO [vulndb] Need to update DB
2024-11-25T13:31:50Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T13:31:50Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T13:31:53Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T13:31:53Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T13:31:53Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T13:31:53Z INFO [misconfig] Need to update the built-in checks
2024-11-25T13:31:53Z INFO [misconfig] Downloading the built-in checks...
2024-11-25T13:31:53Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 1.086592ms, allowed: 44000/minute\n\n"
2024-11-25T13:31:53Z INFO [secret] Secret scanning is enabled
2024-11-25T13:31:53Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T13:31:53Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T13:31:54Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T13:31:54Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T13:31:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T13:31:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T13:31:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T13:31:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T13:31:54Z INFO Number of language-specific files num=0
2024-11-25T13:31:54Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T13:31:50Z	INFO	[vulndb] Need to update DB
2024-11-25T13:31:50Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T13:31:50Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T13:31:53Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T13:31:53Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T13:31:53Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T13:31:53Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T13:31:53Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-25T13:31:53Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 1.086592ms, allowed: 44000/minute\n\n"
2024-11-25T13:31:53Z	INFO	[secret] Secret scanning is enabled
2024-11-25T13:31:53Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T13:31:53Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T13:31:54Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T13:31:54Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T13:31:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T13:31:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T13:31:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T13:31:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T13:31:54Z	INFO	Number of language-specific files	num=0
2024-11-25T13:31:54Z	INFO	Detected config files	num=1
trivy_exitcode=0

@Khatraf Khatraf temporarily deployed to example-development November 25, 2024 13:35 — with GitHub Actions Inactive
@Khatraf Khatraf had a problem deploying to example-development November 25, 2024 14:42 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T14:42:42Z INFO [vulndb] Need to update DB
2024-11-25T14:42:42Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T14:42:42Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:42:44Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:42:44Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T14:42:44Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T14:42:44Z INFO [misconfig] Need to update the built-in checks
2024-11-25T14:42:44Z INFO [misconfig] Downloading the built-in checks...
2024-11-25T14:42:44Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:16442a4593a0395452e678ef699a880eec94d9211dfc887d52574beb78b95030: TOOMANYREQUESTS: retry-after: 697.761µs, allowed: 44000/minute"
2024-11-25T14:42:44Z INFO [secret] Secret scanning is enabled
2024-11-25T14:42:44Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T14:42:44Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T14:42:45Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T14:42:45Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T14:42:45Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T14:42:45Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T14:42:45Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T14:42:45Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T14:42:45Z INFO Number of language-specific files num=0
2024-11-25T14:42:45Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T14:42:42Z	INFO	[vulndb] Need to update DB
2024-11-25T14:42:42Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T14:42:42Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:42:44Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:42:44Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T14:42:44Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T14:42:44Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T14:42:44Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-25T14:42:44Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:16442a4593a0395452e678ef699a880eec94d9211dfc887d52574beb78b95030: TOOMANYREQUESTS: retry-after: 697.761µs, allowed: 44000/minute"
2024-11-25T14:42:44Z	INFO	[secret] Secret scanning is enabled
2024-11-25T14:42:44Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T14:42:44Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T14:42:45Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T14:42:45Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T14:42:45Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T14:42:45Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T14:42:45Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T14:42:45Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T14:42:45Z	INFO	Number of language-specific files	num=0
2024-11-25T14:42:45Z	INFO	Detected config files	num=1
trivy_exitcode=0

@Khatraf Khatraf temporarily deployed to example-development November 25, 2024 14:49 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T14:50:57Z INFO [vulndb] Need to update DB
2024-11-25T14:50:57Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T14:50:57Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:51:00Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:51:00Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T14:51:00Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T14:51:00Z INFO [misconfig] Need to update the built-in checks
2024-11-25T14:51:00Z INFO [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-25T14:51:00Z INFO [secret] Secret scanning is enabled
2024-11-25T14:51:00Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T14:51:00Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T14:51:01Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T14:51:01Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T14:51:01Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T14:51:01Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T14:51:01Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T14:51:01Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T14:51:01Z INFO Number of language-specific files num=0
2024-11-25T14:51:01Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T14:50:57Z	INFO	[vulndb] Need to update DB
2024-11-25T14:50:57Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T14:50:57Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:51:00Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T14:51:00Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T14:51:00Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T14:51:00Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T14:51:00Z	INFO	[misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-25T14:51:00Z	INFO	[secret] Secret scanning is enabled
2024-11-25T14:51:00Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T14:51:00Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T14:51:01Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T14:51:01Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T14:51:01Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T14:51:01Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T14:51:01Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T14:51:01Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T14:51:01Z	INFO	Number of language-specific files	num=0
2024-11-25T14:51:01Z	INFO	Detected config files	num=1
trivy_exitcode=0

@Khatraf Khatraf force-pushed the feature/enable-guardduty-s3-malware-protection branch from 74335cd to 50edcd2 Compare November 25, 2024 16:23
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T16:23:45Z INFO [vulndb] Need to update DB
2024-11-25T16:23:45Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T16:23:45Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:23:48Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:23:48Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T16:23:48Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T16:23:48Z INFO [misconfig] Need to update the built-in checks
2024-11-25T16:23:48Z INFO [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-25T16:23:48Z INFO [secret] Secret scanning is enabled
2024-11-25T16:23:48Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T16:23:48Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T16:23:49Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T16:23:49Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T16:23:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T16:23:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T16:23:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T16:23:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T16:23:49Z INFO Number of language-specific files num=0
2024-11-25T16:23:49Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T16:23:45Z	INFO	[vulndb] Need to update DB
2024-11-25T16:23:45Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T16:23:45Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:23:48Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:23:48Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T16:23:48Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T16:23:48Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T16:23:48Z	INFO	[misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-25T16:23:48Z	INFO	[secret] Secret scanning is enabled
2024-11-25T16:23:48Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T16:23:48Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T16:23:49Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T16:23:49Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T16:23:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T16:23:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T16:23:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T16:23:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T16:23:49Z	INFO	Number of language-specific files	num=0
2024-11-25T16:23:49Z	INFO	Detected config files	num=1
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T16:25:19Z INFO [vulndb] Need to update DB
2024-11-25T16:25:19Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T16:25:19Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:25:22Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:25:22Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T16:25:22Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T16:25:22Z INFO [misconfig] Need to update the built-in checks
2024-11-25T16:25:22Z INFO [misconfig] Downloading the built-in checks...
2024-11-25T16:25:22Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 860.393µs, allowed: 44000/minute\n\n"
2024-11-25T16:25:22Z INFO [secret] Secret scanning is enabled
2024-11-25T16:25:22Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T16:25:22Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T16:25:22Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T16:25:22Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T16:25:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T16:25:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T16:25:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T16:25:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T16:25:23Z INFO Number of language-specific files num=0
2024-11-25T16:25:23Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T16:25:19Z	INFO	[vulndb] Need to update DB
2024-11-25T16:25:19Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T16:25:19Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:25:22Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T16:25:22Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T16:25:22Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T16:25:22Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T16:25:22Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-25T16:25:22Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 860.393µs, allowed: 44000/minute\n\n"
2024-11-25T16:25:22Z	INFO	[secret] Secret scanning is enabled
2024-11-25T16:25:22Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T16:25:22Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T16:25:22Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T16:25:22Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T16:25:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T16:25:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T16:25:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T16:25:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T16:25:23Z	INFO	Number of language-specific files	num=0
2024-11-25T16:25:23Z	INFO	Detected config files	num=1
trivy_exitcode=0

@Khatraf Khatraf deployed to example-development November 25, 2024 16:26 — with GitHub Actions Active
@Khatraf Khatraf mentioned this pull request Nov 25, 2024
Closed
3 tasks
@Khatraf Khatraf merged commit a7716a8 into main Nov 26, 2024
10 checks passed
@Khatraf Khatraf deleted the feature/enable-guardduty-s3-malware-protection branch November 26, 2024 08:47
richgreen-moj
richgreen-moj reviewed Nov 26, 2024
View reviewed changes
Copy link
Contributor

@richgreen-moj richgreen-moj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

matt-k1998 added a commit that referenced this pull request Nov 27, 2024
@matt-k1998
Squashed commit of the following:
71e3870 
commit 76aa336
Author: Mateusz Kolakowski <mateusz.kolakowski@justice.gov.uk>
Date:   Wed Nov 27 12:14:22 2024 +0000

    Tribunals: Update some more route53 records to point at the old nginx LB (#8829)

commit bf7ddd2
Author: Mateusz Kolakowski <mateusz.kolakowski@justice.gov.uk>
Date:   Wed Nov 27 12:03:03 2024 +0000

    Tribunals: fix syntax error in route53 record (#8826)

commit 9ad043b
Author: Mateusz Kolakowski <mateusz.kolakowski@justice.gov.uk>
Date:   Wed Nov 27 11:56:24 2024 +0000

    Tribunals: point back some route53 records at the old ngninx LB (#8825)

commit 66991bf
Author: tom-ogle-moj <142220790+tom-ogle-moj@users.noreply.github.com>
Date:   Wed Nov 27 11:52:49 2024 +0000

    DPR2-1435: Make postgres_settings configuration block conditional on the engine type being postgres. (#8822)

    This avoids the terraform plan being polluted with changes to postgres settings for oracle sources that need reapplying on every terraform run.

commit fc4bdf6
Merge: 01b4ac1 07927cc
Author: madhu-k-sr2 <123549389+madhu-k-sr2@users.noreply.github.com>
Date:   Wed Nov 27 11:40:40 2024 +0000

    Merge pull request #8752 from ministryofjustice/ELM-3031_generate_partitioned_rowhash_values

    Glue Job added - 2211 - 1

commit 01b4ac1
Merge: 86efa22 6e373c2
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Wed Nov 27 09:33:27 2024 +0000

    Merge pull request #8819 from ministryofjustice/Update_271124_3

    Update_271124_3

commit 86efa22
Author: tom-ogle-moj <142220790+tom-ogle-moj@users.noreply.github.com>
Date:   Wed Nov 27 09:13:29 2024 +0000

    DPR2-1435: Default Postgres DMS source heartbeat frequency to 5 minutes. (#8799)

    * DPR2-1435: Default Postgres DMS source heartbeat frequency to 5 minutes.
    This is because terraform seems to default it to 0 instead of 5, which should be the default.

    * DPR2-1435: Remove unused fake data ingestor which sends data to kinesis

    * DPR2-1435: checkov skip

    * DPR2-1435: tflint changes

commit 6e373c2
Author: Buckingham <XC01857@lumen.com>
Date:   Wed Nov 27 09:05:01 2024 +0000

    Update_271124_3

commit 6ed6ade
Merge: 6fd8bb9 52128a3
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Wed Nov 27 08:56:39 2024 +0000

    Merge pull request #8818 from ministryofjustice/Update_271124_2

    Update 271124 2

commit 52128a3
Author: Buckingham <XC01857@lumen.com>
Date:   Wed Nov 27 08:49:41 2024 +0000

    Update_271124_2

commit bf844b2
Author: Buckingham <XC01857@lumen.com>
Date:   Wed Nov 27 08:46:17 2024 +0000

    Update_271124_1

commit 6fd8bb9
Merge: 95b5f7d 5a2dcb0
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Tue Nov 26 15:08:32 2024 +0000

    Merge pull request #8815 from ministryofjustice/Update_261124_8

    Update_261124_8

commit 5a2dcb0
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 15:03:34 2024 +0000

    Update_261124_8

commit 07927cc
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Tue Nov 26 14:32:51 2024 +0000

    new GlueJob modified - 2611 - 3

commit 95b5f7d
Merge: dde030c 8dc073e
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Tue Nov 26 13:56:42 2024 +0000

    Merge pull request #8811 from ministryofjustice/Update_261124_7

    Update_261124_7

commit 8dc073e
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 13:50:58 2024 +0000

    Update_261124_7

commit dde030c
Merge: 10c76a2 9eba396
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Tue Nov 26 13:40:35 2024 +0000

    Merge pull request #8809 from ministryofjustice/Update_261124_6

    Update_261124_6

commit 9eba396
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 13:36:20 2024 +0000

    Update_261124_6

commit 10c76a2
Merge: 32a8024 8bc374a
Author: Jacob Woffenden <jacob@woffenden.io>
Date:   Tue Nov 26 13:35:21 2024 +0000

    Merge pull request #8803 from ministryofjustice/fix/op-amp-region

    🔀 Fix a hardcoded region in APS string

commit 32a8024
Author: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com>
Date:   Tue Nov 26 13:32:42 2024 +0000

    TM-739: ncr: Add T1 BI secrets (#8806)

commit 2790748
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Tue Nov 26 13:31:52 2024 +0000

    new GlueJob modified - 2611 - 2

commit 37865a8
Merge: 6d3de1d 690f3af
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Tue Nov 26 13:30:08 2024 +0000

    Merge branch 'main' of https://github.com/ministryofjustice/modernisation-platform-environments into ELM-3031_generate_partitioned_rowhash_values

commit 690f3af
Merge: 458da09 fdf8ea7
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Tue Nov 26 13:28:31 2024 +0000

    Merge pull request #8808 from ministryofjustice/Update_261124_5

    Update 261124 5

commit fdf8ea7
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 13:23:34 2024 +0000

    Update_261124_5

commit 8a86f3b
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 13:22:06 2024 +0000

    Update_261124_4

commit 261ace7
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 13:17:44 2024 +0000

    Update_261124_3

commit 458da09
Merge: 34c32fa 7b597f2
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Tue Nov 26 13:10:19 2024 +0000

    Merge pull request #8804 from ministryofjustice/Update_261124_2

    Update_261124_2

commit 7b597f2
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 13:04:32 2024 +0000

    Update_261124_2

commit 8bc374a
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Tue Nov 26 12:59:58 2024 +0000

    need to review this code, i dont to explicity set these

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit 34c32fa
Merge: 572828a 7f2e482
Author: Nick Buckingham <135870440+nbuckingham72@users.noreply.github.com>
Date:   Tue Nov 26 12:58:39 2024 +0000

    Merge pull request #8802 from ministryofjustice/Update_261124_1

    Update_261124_1

commit 9d057ed
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Tue Nov 26 12:53:47 2024 +0000

    I missed this hardcoded region

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit 7f2e482
Author: Buckingham <XC01857@lumen.com>
Date:   Tue Nov 26 12:53:26 2024 +0000

    Update_261124_1

commit 572828a
Merge: fc9c9aa 8af74ac
Author: Jacob Woffenden <jacob@woffenden.io>
Date:   Tue Nov 26 12:33:27 2024 +0000

    Merge pull request #8798 from ministryofjustice/chore/amp-region

    🌐 Allow tenants to set AMP region

commit 6d3de1d
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Tue Nov 26 12:00:45 2024 +0000

    new GlueJob modified - 2611 - 1

commit 9d988e4
Merge: 52a8b6d fc9c9aa
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Tue Nov 26 11:54:03 2024 +0000

    Merge branch 'main' of https://github.com/ministryofjustice/modernisation-platform-environments into ELM-3031_generate_partitioned_rowhash_values

commit fc9c9aa
Author: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com>
Date:   Tue Nov 26 10:40:25 2024 +0000

    TM-720: fix schedule alarms (#8800)

    * TM-720: fix for schedule-alarms

    * add output

    * fix

commit 8af74ac
Merge: f686e3d b1793de
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Tue Nov 26 10:01:31 2024 +0000

    Merge branch 'main' into chore/amp-region

commit f686e3d
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Tue Nov 26 09:53:18 2024 +0000

    Testing optional AMP region

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit b1793de
Merge: 48392a9 63f7be3
Author: Aaron Robinson <41325732+ASTRobinson@users.noreply.github.com>
Date:   Tue Nov 26 09:49:19 2024 +0000

    Merge pull request #8794 from ministryofjustice/dependabot/github_actions/bridgecrewio/checkov-action-12.2920.0

    Bump bridgecrewio/checkov-action from 12.2918.0 to 12.2920.0

commit 48392a9
Author: Matthew Price <matthew.price2@justice.gov.uk>
Date:   Tue Nov 26 09:36:48 2024 +0000

    Temporarily remove mdss prod account details while testing (#8796)

commit 9971663
Merge: d01b22d d655ce3
Author: Jacob Woffenden <jacob@woffenden.io>
Date:   Tue Nov 26 09:20:25 2024 +0000

    Merge pull request #8795 from ministryofjustice/feat/op-ap-de-onboarding

    🔭 Onboard Analytical Platform and Data Engineering accounts

commit d655ce3
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Tue Nov 26 09:05:51 2024 +0000

    Onboard AP and DE accounts

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit d01b22d
Merge: a7716a8 0d1851e
Author: Jacob Woffenden <jacob@woffenden.io>
Date:   Tue Nov 26 08:48:33 2024 +0000

    Merge pull request #8793 from ministryofjustice/chore/op-migrate

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit a7716a8
Merge: 4679202 50edcd2
Author: Khatraf <152973377+Khatraf@users.noreply.github.com>
Date:   Tue Nov 26 08:47:06 2024 +0000

    Merge pull request #8783 from ministryofjustice/feature/enable-guardduty-s3-malware-protection

    Add GuardDuty S3 malware protection for specified S3 buckets

commit 63f7be3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Nov 26 00:05:31 2024 +0000

    Bump bridgecrewio/checkov-action from 12.2918.0 to 12.2920.0

    Bumps [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) from 12.2918.0 to 12.2920.0.
    - [Release notes](https://github.com/bridgecrewio/checkov-action/releases)
    - [Commits](bridgecrewio/checkov-action@05decb4...5ae57a8)

    ---
    updated-dependencies:
    - dependency-name: bridgecrewio/checkov-action
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 0d1851e
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Mon Nov 25 21:14:52 2024 +0000

    Fix SCA in ingestion

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit b1dbfc6
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Mon Nov 25 21:05:27 2024 +0000

    Update analytical-platform-ingestion

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit 69c7ae3
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Mon Nov 25 21:04:30 2024 +0000

    Remove APC observability_platform local

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit 3813430
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Mon Nov 25 21:04:04 2024 +0000

    Update analytical-platform-compute

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit 52a8b6d
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Mon Nov 25 19:04:16 2024 +0000

    new GlueJob Added - 2511 - 1

commit 4679202
Author: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com>
Date:   Mon Nov 25 17:18:59 2024 +0000

    TM-720: endpoint monitoring improvements (#8792)

    * simplify code

    * use aws urls where possible

commit 315bef3
Merge: 21130b0 43261b0
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Mon Nov 25 16:52:19 2024 +0000

    Merge branch 'main' of https://github.com/ministryofjustice/modernisation-platform-environments into ELM-3031_generate_partitioned_rowhash_values

commit 43261b0
Merge: 038d8a1 fe8d815
Author: Jacob Woffenden <jacob@woffenden.io>
Date:   Mon Nov 25 16:35:00 2024 +0000

    Merge pull request #8789 from ministryofjustice/chore/op-migrate-tenant-config

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit 50edcd2
Author: khatraf <khatra.farah@digital.justice.gov.uk>
Date:   Mon Nov 25 14:40:26 2024 +0000

    trigger pipeline

commit 038d8a1
Author: Matthew Price <matthew.price2@justice.gov.uk>
Date:   Mon Nov 25 15:50:05 2024 +0000

    Add kms key generation for use with landing bucket (#8755)

    * Add kms key generation for use with landing bucket

    * Change kms permission to use lambda role not lambda

    * Add cross account encyption grant

    * Add lambda decrypt

    * alternate lambda policy

    * Final tidy

    * Remove context as lamdba would need to use context also.

commit 251e298
Merge: 89fb79a f714700
Author: Rich Green <149596574+richgreen-moj@users.noreply.github.com>
Date:   Mon Nov 25 15:00:37 2024 +0000

    Merge pull request #8787 from ministryofjustice/panda-cyber-defect-dojo

    Updated associate_public_ip_address to true

commit fe8d815
Author: Jacob Woffenden <jacob.woffenden@justice.gov.uk>
Date:   Mon Nov 25 14:53:45 2024 +0000

    Migrate tenants

    Signed-off-by: Jacob Woffenden <jacob.woffenden@justice.gov.uk>

commit f714700
Merge: 7513bca 89fb79a
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Mon Nov 25 14:48:37 2024 +0000

    Merge branch 'main' into panda-cyber-defect-dojo

commit 89fb79a
Author: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com>
Date:   Mon Nov 25 14:47:52 2024 +0000

    TM-720: enable scheduled ssm command monitoring (#8785)

    * align main.tf across accounts

    * enable ssm monitoring and widgets

    * fix

    * fix

    * remove alarm

commit 7513bca
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Mon Nov 25 14:44:51 2024 +0000

    Updated associate_public_ip_address to true

commit 01df13f
Merge: d6b534d 4a68669
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Mon Nov 25 14:42:26 2024 +0000

    Merge branch 'main' into panda-cyber-defect-dojo

commit d6b534d
Merge: 08f7720 cc41b2b
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Mon Nov 25 14:36:31 2024 +0000

    Merge branch 'main' into panda-cyber-defect-dojo

commit 4a68669
Merge: cc41b2b e49c960
Author: bill-buchan <55987520+bill-buchan@users.noreply.github.com>
Date:   Mon Nov 25 14:12:11 2024 +0000

    Merge pull request #8721 from ministryofjustice/DBA-740

    Add a transformation to remove the STAFF_ID column from USER_ data

commit 08f7720
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Mon Nov 25 13:59:56 2024 +0000

    Change assocaited_public_ip_address to true

commit ad08114
Author: khatraf <khatra.farah@digital.justice.gov.uk>
Date:   Mon Nov 25 13:20:50 2024 +0000

    Add GuardDuty S3 malware protection for specified S3 buckets

commit cc41b2b
Author: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com>
Date:   Mon Nov 25 12:38:18 2024 +0000

    Remote deleted roles from secrets manager sharing (#8782)

commit e49c960
Merge: c36f540 e0ae86f
Author: George Taylor <george.taylor@digital.justice.gov.uk>
Date:   Mon Nov 25 11:10:53 2024 +0000

    Merge branch 'DBA-740' of https://github.com/ministryofjustice/modernisation-platform-environments into DBA-740

commit e0ae86f
Merge: 3bdf59e 55fb451
Author: Bill Buchan <bill.buchan@digital.justice.gov.uk>
Date:   Mon Nov 25 09:02:24 2024 +0000

    Merge branch 'main' into DBA-740

commit 3bdf59e
Merge: aec7b9b b8119fc
Author: Bill Buchan <bill.buchan@digital.justice.gov.uk>
Date:   Fri Nov 22 17:01:55 2024 +0000

    Merge branch 'main' into DBA-740

commit aec7b9b
Author: Bill Buchan <bill.buchan@digital.justice.gov.uk>
Date:   Wed Nov 20 09:45:52 2024 +0000

    Add a transformation to remove the USER_ID column from USER_ data

commit 21130b0
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Fri Nov 22 15:04:38 2024 +0000

    Glue Job added - 2211 - 3

commit cdfc6e3
Merge: 3f432de e354690
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Fri Nov 22 15:03:25 2024 +0000

    Merge branch 'main' of https://github.com/ministryofjustice/modernisation-platform-environments into ELM-3031_generate_partitioned_rowhash_values

commit 3f432de
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Fri Nov 22 12:23:15 2024 +0000

    Glue Job added - 2211 - 2

commit a8249de
Author: Madhu Kadiri <madhu.kadiri2@justice.gov.uk>
Date:   Fri Nov 22 11:44:29 2024 +0000

    Glue Job added - 2211 - 1

commit c36f540
Merge: 3af4cef efaed94
Author: Bill Buchan <bill.buchan@digital.justice.gov.uk>
Date:   Wed Nov 20 09:58:05 2024 +0000

    Merge branch 'main' into DBA-740

commit 3af4cef
Author: Bill Buchan <bill.buchan@digital.justice.gov.uk>
Date:   Wed Nov 20 09:45:52 2024 +0000

    Add a transformation to remove the USER_ID column from USER_ data

commit baab6a0
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Fri Nov 8 16:07:54 2024 +0000

    Removed lifecycle code block

commit 42562bb
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Fri Nov 8 15:50:47 2024 +0000

    Set associate_public_ip_address to false and added lifecycle block

commit 0333241
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Fri Nov 8 15:00:54 2024 +0000

    Removed associate_public_ip_address

commit 65b7f24
Merge: 8817582 7aeab18
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Fri Nov 8 14:33:26 2024 +0000

    Rebased with main

commit 8817582
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Fri Nov 8 14:30:07 2024 +0000

    Removed installation of docker and cloning of defect dojo from user_data

commit ff85ff1
Author: jodiejones-moj <jodie.jones@digital.justice.gov.uk>
Date:   Thu Oct 31 11:44:24 2024 +0000

    Added EC2 instance to host Defect Dojo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richgreen-moj richgreen-moj richgreen-moj left review comments

@sukeshreddyg sukeshreddyg sukeshreddyg approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Khatraf @richgreen-moj @sukeshreddyg