Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create policy for Managed AD administrator #5821

Merged
merged 3 commits into from
Dec 18, 2023
Merged

Create policy for Managed AD administrator #5821

merged 3 commits into from
Dec 18, 2023

Conversation

dms1981
Copy link
Contributor

@dms1981 dms1981 commented Dec 18, 2023

A reference to the issue / Description of it

#5810

How does this PR fix the problem?

Creates a permission set that can be used by an SSO role focused on managed AD administration

How has this been tested?

N/A

Deployment Plan / Instructions

This will be deployed through the Terraform: Scheduled baseline job

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

ministryofjustice/aws-root-account#843

@dms1981 dms1981 requested a review from a team as a code owner December 18, 2023 12:54
@github-actions GitHub Actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
terraform/environments/data-platform-apps-and-tools

*****************************

Running TFSEC in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: aws-ssm-secret-use-customer-key,github-repositories-private,aws-vpc-no-excessive-port-access,github-repositories-require-signed-commits

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             7.06321ms
  parsing              13.686579924s
  adaptation           15.416655ms
  checks               38.852371ms
  total                13.74791216s

  counts
  ──────────────────────────────────────────
  modules downloaded   29
  modules processed    50
  blocks processed     3427
  files read           249

  results
  ──────────────────────────────────────────
  passed               88
  ignored              21
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
terraform/environments/data-platform-apps-and-tools

*****************************

Running Checkov in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2023-12-18 12:57:01,548 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,548 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:~> 6.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,548 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,548 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-user:~> 5 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:~> 4.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:0.0.3 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:19.21.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,549 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,550 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:~> 2.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,550 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
2023-12-18 12:57:01,550 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/efs/aws:~> 1.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 100, Failed checks: 0, Skipped checks: 38


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/data-platform-apps-and-tools

*****************************

Running tflint in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
terraform/environments/data-platform-apps-and-tools

*****************************

Running TFSEC in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: aws-ssm-secret-use-customer-key,github-repositories-private,aws-vpc-no-excessive-port-access,github-repositories-require-signed-commits

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             10.861092ms
  parsing              11.650746979s
  adaptation           13.500846ms
  checks               51.997088ms
  total                11.727106005s

  counts
  ──────────────────────────────────────────
  modules downloaded   29
  modules processed    50
  blocks processed     3427
  files read           249

  results
  ──────────────────────────────────────────
  passed               88
  ignored              21
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output 
*****************************

Checkov will check the following folders:
terraform/environments/data-platform-apps-and-tools

*****************************

Running Checkov in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2023-12-18 13:02:56,012 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,012 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:~> 6.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,012 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,012 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,012 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,013 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-user:~> 5 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,013 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:~> 4.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,013 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:0.0.3 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,013 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:19.21.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,013 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,013 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:~> 5.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,014 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:~> 2.0 (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,014 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
2023-12-18 13:02:56,014 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/efs/aws:~> 1.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 100, Failed checks: 0, Skipped checks: 38


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/data-platform-apps-and-tools

*****************************

Running tflint in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

@dms1981 dms1981 merged commit df7c51a into main Dec 18, 2023
13 checks passed
@dms1981 dms1981 deleted the feature/mp-mmad-permission-set branch December 18, 2023 13:49
@dms1981 dms1981 mentioned this pull request Dec 18, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidkelliott davidkelliott davidkelliott approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dms1981 @davidkelliott