Bump terraform-aws-modules/iam/aws from 5.44.0 to 5.52.1 in /terraform/environments/observability-platform

[dependabot]

Bumps terraform-aws-modules/iam/aws from 5.44.0 to 5.52.1.

Release notes

Sourced from terraform-aws-modules/iam/aws's releases.

v5.52.1

5.52.1 (2025-01-02)

Bug Fixes

• Fix creation of inline polices (#544) (9ec4679)

v5.52.0

5.52.0 (2024-12-30)

Features

• Allow generic assume role conditions (#543) (c3e54f2)

v5.51.0

5.51.0 (2024-12-26)

Features

• Add BatchGet* to IAM read only policy (#540) (d886f11)

v5.50.0

5.50.0 (2024-12-26)

Features

• Add policies for AWS LBC v2.11.0 (#539) (ca9f355)

v5.49.0

5.49.0 (2024-12-26)

Features

• Update policie for External Secrets 0.12.1 (#542) (b609236)

v5.48.0

5.48.0 (2024-11-11)

Features

• Add ec2:GetSecurityGroupsForVpc for AWS LB Controller v2.10.0 (#536) (9cfab4a)

v5.47.1

5.47.1 (2024-10-22)

... (truncated)

Changelog

Sourced from terraform-aws-modules/iam/aws's changelog.

5.52.1 (2025-01-02)

Bug Fixes

• Fix creation of inline polices (#544) (9ec4679)

5.52.0 (2024-12-30)

Features

• Allow generic assume role conditions (#543) (c3e54f2)

5.51.0 (2024-12-26)

Features

• Add BatchGet* to IAM read only policy (#540) (d886f11)

5.50.0 (2024-12-26)

Features

• Add policies for AWS LBC v2.11.0 (#539) (ca9f355)

5.49.0 (2024-12-26)

Features

• Update policie for External Secrets 0.12.1 (#542) (b609236)

5.48.0 (2024-11-11)

Features

• Add ec2:GetSecurityGroupsForVpc for AWS LB Controller v2.10.0 (#536) (9cfab4a)

5.47.1 (2024-10-22)

Bug Fixes

• Use dynamic partition value (#532) (9986b50)

5.47.0 (2024-10-21)

... (truncated)

Commits

• da5e04a chore(release): version 5.52.1 [skip ci]
• 9ec4679 fix: Fix creation of inline polices (#544)
• b80e98a chore(release): version 5.52.0 [skip ci]
• c3e54f2 feat: Allow generic assume role conditions (#543)
• 5bc0223 chore(release): version 5.51.0 [skip ci]
• d886f11 feat: Add BatchGet* to IAM read only policy (#540)
• af07763 chore(release): version 5.50.0 [skip ci]
• ca9f355 feat: Add policies for AWS LBC v2.11.0 (#539)
• fea94c8 chore(release): version 5.49.0 [skip ci]
• b609236 feat: Update policie for External Secrets 0.12.1 (#542)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/prometheus/iam-role

---

Running Trivy in terraform/environments/observability-platform
2025-01-03T00:58:01Z INFO [vulndb] Need to update DB
2025-01-03T00:58:01Z INFO [vulndb] Downloading vulnerability DB...
2025-01-03T00:58:01Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-03T00:58:04Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-03T00:58:04Z INFO [vuln] Vulnerability scanning is enabled
2025-01-03T00:58:04Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-03T00:58:04Z INFO [misconfig] Need to update the built-in checks
2025-01-03T00:58:04Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-03T00:58:04Z INFO [secret] Secret scanning is enabled
2025-01-03T00:58:04Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-03T00:58:04Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-03T00:58:05Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-03T00:58:05Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-03T00:58:05Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2025-01-03T00:58:05Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2025-01-03T00:58:05Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2025-01-03T00:58:05Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2025-01-03T00:58:05Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:05Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2025-01-03T00:58:07Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2025-01-03T00:58:07Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2025-01-03T00:58:07Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2025-01-03T00:58:07Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2025-01-03T00:58:07Z INFO Number of language-specific files num=0
2025-01-03T00:58:07Z INFO Detected config files num=3
trivy_exitcode=0

---

Running Trivy in terraform/environments/observability-platform/modules/prometheus/iam-role
2025-01-03T00:58:07Z INFO [vuln] Vulnerability scanning is enabled
2025-01-03T00:58:07Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-03T00:58:07Z INFO [secret] Secret scanning is enabled
2025-01-03T00:58:07Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-03T00:58:07Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-03T00:58:08Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-03T00:58:08Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_id, name"
2025-01-03T00:58:08Z INFO Number of language-specific files num=0
2025-01-03T00:58:08Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/prometheus/iam-role

*****************************

Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-01-03 00:58:11,403 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.52.1 (for external modules, the --download-external-modules flag is required)
2025-01-03 00:58:11,403 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2025-01-03 00:58:11,403 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2025-01-03 00:58:11,403 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2025-01-03 00:58:11,403 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2025-01-03 00:58:11,403 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.52.1 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 31, Failed checks: 0, Skipped checks: 22


checkov_exitcode=0

*****************************

Running Checkov in terraform/environments/observability-platform/modules/prometheus/iam-role
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-01-03 00:58:15,427 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.52.1 (for external modules, the --download-external-modules flag is required)
2025-01-03 00:58:15,427 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.52.1 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 11, Failed checks: 0, Skipped checks: 4


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/prometheus/iam-role

*****************************

Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in terraform/environments/observability-platform/modules/prometheus/iam-role
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/prometheus/iam-role

*****************************

Running Trivy in terraform/environments/observability-platform
2025-01-03T00:58:01Z	INFO	[vulndb] Need to update DB
2025-01-03T00:58:01Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-03T00:58:01Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-03T00:58:04Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-03T00:58:04Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-03T00:58:04Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-03T00:58:04Z	INFO	[misconfig] Need to update the built-in checks
2025-01-03T00:58:04Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-03T00:58:04Z	INFO	[secret] Secret scanning is enabled
2025-01-03T00:58:04Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-03T00:58:04Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-03T00:58:05Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-03T00:58:05Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-03T00:58:05Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2025-01-03T00:58:05Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.contact_point_pagerduty" value="cty.NilVal"
2025-01-03T00:58:05Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.contact_point_slack" value="cty.NilVal"
2025-01-03T00:58:05Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.tenant_configuration" value="cty.NilVal"
2025-01-03T00:58:05Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:05Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-03T00:58:07Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2025-01-03T00:58:07Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2025-01-03T00:58:07Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2025-01-03T00:58:07Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2025-01-03T00:58:07Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2025-01-03T00:58:07Z	INFO	Number of language-specific files	num=0
2025-01-03T00:58:07Z	INFO	Detected config files	num=3
trivy_exitcode=0

*****************************

Running Trivy in terraform/environments/observability-platform/modules/prometheus/iam-role
2025-01-03T00:58:07Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-03T00:58:07Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-03T00:58:07Z	INFO	[secret] Secret scanning is enabled
2025-01-03T00:58:07Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-03T00:58:07Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-03T00:58:08Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-03T00:58:08Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="account_id, name"
2025-01-03T00:58:08Z	INFO	Number of language-specific files	num=0
2025-01-03T00:58:08Z	INFO	Detected config files	num=1
trivy_exitcode=0