search

cds-snc / cloud-based-sensor

Infrastructure configuration to manage CCCS's Cloud Based Sensor in AWS accounts
https://cyber.gc.ca/en/host-based-sensors
MIT License
0 stars 0 forks source link

Feat/setup roles cbs next #345

Closed gcharest closed 5 months ago

gcharest commented 5 months ago

Summary | Résumé

github-actions[bot] commented 5 months ago

Central account

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 1 to add, 0 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|-------------------------------------------------------| | add | `aws_s3_bucket_policy.log-archive-bucket-get-objects` |
Show plan ```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_s3_bucket_policy.log-archive-bucket-get-objects will be created + resource "aws_s3_bucket_policy" "log-archive-bucket-get-objects" { + bucket = "cbs-log-archive-871282759583" + id = (known after apply) + policy = jsonencode( { + Statement = [ + { + Action = "s3:GetObject" + Effect = "Allow" + Principal = { + AWS = "arn:aws:iam::346725238039:role/CBS-ReaderRole-prod-ca-central-1" } + Resource = [ + "arn:aws:s3:::cbs-log-archive-871282759583/*", + "arn:aws:s3:::cbs-log-archive-871282759583", ] }, ] + Version = "2012-10-17" } ) } Plan: 1 to add, 0 to change, 0 to destroy. Warning: Argument is deprecated with module.log_archive_access_bucket.aws_s3_bucket.this, on .terraform/modules/log_archive_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 7 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.log_archive_read"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.log_archive_read"] WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.log_archive_encrypt"] WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.log_archive"] 23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions ```