Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grant developer and instance-management role ASG instance refresh #7190

Merged
merged 1 commit into from
Jun 10, 2024
Merged

Grant developer and instance-management role ASG instance refresh #7190

merged 1 commit into from
Jun 10, 2024

Conversation

drobinson-moj
Copy link
Contributor

A reference to the issue / Description of it

Developer roles unable to trigger an ASG instance refresh manually. This is required in some circumstances, e.g. when an automated refresh fails.

How does this PR fix the problem?

Grants the required permission.

How has this been tested?

Please describe the tests that you ran and provide instructions to reproduce.

N/a - standard policy change

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

No

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@drobinson-moj drobinson-moj requested a review from a team as a code owner June 10, 2024 09:03
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-06-10T09:05:19Z INFO Need to update DB
2024-06-10T09:05:19Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-06-10T09:05:21Z INFO Vulnerability scanning is enabled
2024-06-10T09:05:21Z INFO Misconfiguration scanning is enabled
2024-06-10T09:05:21Z INFO Need to update the built-in policies
2024-06-10T09:05:21Z INFO Downloading the built-in policies...
53.79 KiB / 53.79 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-06-10T09:05:21Z INFO Secret scanning is enabled
2024-06-10T09:05:21Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-10T09:05:21Z INFO Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-10T09:05:21Z INFO Number of language-specific files num=0
2024-06-10T09:05:21Z INFO Detected config files num=1

policies.tf (terraform)

Tests: 606 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 606)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Checkov in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 96, Failed checks: 0, Skipped checks: 50


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running tflint in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-06-10T09:05:19Z	INFO	Need to update DB
2024-06-10T09:05:19Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-06-10T09:05:21Z	INFO	Vulnerability scanning is enabled
2024-06-10T09:05:21Z	INFO	Misconfiguration scanning is enabled
2024-06-10T09:05:21Z	INFO	Need to update the built-in policies
2024-06-10T09:05:21Z	INFO	Downloading the built-in policies...
53.79 KiB / 53.79 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-06-10T09:05:21Z	INFO	Secret scanning is enabled
2024-06-10T09:05:21Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-10T09:05:21Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-10T09:05:21Z	INFO	Number of language-specific files	num=0
2024-06-10T09:05:21Z	INFO	Detected config files	num=1

policies.tf (terraform)
=======================
Tests: 606 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 606)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

richgreen-moj
richgreen-moj approved these changes Jun 10, 2024
View reviewed changes
Copy link
Contributor

@richgreen-moj richgreen-moj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @drobinson-moj

@richgreen-moj richgreen-moj added this pull request to the merge queue Jun 10, 2024
Merged via the queue into main with commit 274c717 Jun 10, 2024
13 checks passed
@richgreen-moj richgreen-moj deleted the iam/grant-asg-instance-refresh-permissions branch June 10, 2024 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richgreen-moj richgreen-moj richgreen-moj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drobinson-moj @richgreen-moj