search

cds-snc / gc-articles

This repo is for GC Articles web publishing product undertaken by CDS platform August 2021
GNU General Public License v2.0
7 stars 3 forks source link

feat: update load balancer SSL policy #1940

Closed patheard closed 5 days ago

patheard commented 1 week ago

Summary

Update to the latest recommend ALB SSL policy which is FIPS 140-3 compliant

Related

github-actions[bot] commented 1 week ago

Staging: load-balancer

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|-----------------------------| | update | `aws_lb_listener.wordpress` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_lb_listener.wordpress will be updated in-place ~ resource "aws_lb_listener" "wordpress" { id = "arn:aws:elasticloadbalancing:ca-central-1:729164266357:listener/app/wordpress/3c7f3e17b6363a06/c956721664f56e5d" ~ ssl_policy = "ELBSecurityPolicy-FS-1-2-Res-2019-08" -> "ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04" tags = {} # (6 unchanged attributes hidden) # (2 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with aws_s3_bucket.cloudfront_logs, on s3.tf line 4, in resource "aws_s3_bucket" "cloudfront_logs": 4: resource "aws_s3_bucket" "cloudfront_logs" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 5 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.wordpress"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.wordpress_cloudfront"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudfront_distribution.wordpress"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cache_buster"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.firehose_waf_logs"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.firehose_waf_logs"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.cache_buster"] WARN - plan.json - main - Missing Common Tags: ["aws_lb.wordpress"] WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.wordpress"] WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.wordpress"] WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.cloudfront_logs"] WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_web_acl.wordpress_waf"] WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_web_acl.wordpress_waf_alb"] 32 tests, 19 passed, 13 warnings, 0 failures, 0 exceptions ```