fix: bump Sentinel layer version

[patheard]

Summary

Update to the latest Sentinel layer version.

Remove the duplicated VPC flow logs.

[github-actions[bot]]

Staging: network

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 0 to add, 0 to change, 5 to destroy

Show summary

| CHANGE | NAME | |--------|--------------------------------------------------------------------------------------------------------| | delete | `module.url_shortener_vpc.aws_cloudwatch_log_group.flow_logs[0]` | | | `module.url_shortener_vpc.aws_flow_log.flow_logs[0]` | | | `module.url_shortener_vpc.aws_iam_policy.vpc_metrics_flow_logs_write_policy[0]` | | | `module.url_shortener_vpc.aws_iam_role.flow_logs[0]` | | | `module.url_shortener_vpc.aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write_policy_attach[0]` |

Show plan

```terraform Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # module.url_shortener_vpc.aws_cloudwatch_log_group.flow_logs[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_cloudwatch_log_group" "flow_logs" { - arn = "arn:aws:logs:ca-central-1:843973686572:log-group:url-shortener_flow_logs" -> null - id = "url-shortener_flow_logs" -> null - name = "url-shortener_flow_logs" -> null - retention_in_days = 30 -> null - skip_destroy = false -> null - tags = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null } # module.url_shortener_vpc.aws_flow_log.flow_logs[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_flow_log" "flow_logs" { - arn = "arn:aws:ec2:ca-central-1:843973686572:vpc-flow-log/fl-0242d5ead64031145" -> null - iam_role_arn = "arn:aws:iam::843973686572:role/url-shortener_flow_logs" -> null - id = "fl-0242d5ead64031145" -> null - log_destination = "arn:aws:logs:ca-central-1:843973686572:log-group:url-shortener_flow_logs" -> null - log_destination_type = "cloud-watch-logs" -> null - log_format = "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}" -> null - log_group_name = "url-shortener_flow_logs" -> null - max_aggregation_interval = 600 -> null - tags = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null - traffic_type = "ALL" -> null - vpc_id = "vpc-0801eefa3b72cc1da" -> null } # module.url_shortener_vpc.aws_iam_policy.vpc_metrics_flow_logs_write_policy[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_iam_policy" "vpc_metrics_flow_logs_write_policy" { - arn = "arn:aws:iam::843973686572:policy/VpcMetricsFlowLogsWrite" -> null - description = "IAM policy for writing flow logs in CloudWatch" -> null - id = "arn:aws:iam::843973686572:policy/VpcMetricsFlowLogsWrite" -> null - name = "VpcMetricsFlowLogsWrite" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream", ] - Effect = "Allow" - Resource = [ - "arn:aws:logs:ca-central-1:843973686572:log-group:url-shortener_flow_logs:log-stream:*", - "arn:aws:logs:ca-central-1:843973686572:log-group:url-shortener_flow_logs", ] - Sid = "" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPA4JAGAOUWPZYE4MJRM" -> null - tags = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null } # module.url_shortener_vpc.aws_iam_role.flow_logs[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_iam_role" "flow_logs" { - arn = "arn:aws:iam::843973686572:role/url-shortener_flow_logs" -> null - assume_role_policy = jsonencode( { - Statement = [ - { - Action = "sts:AssumeRole" - Effect = "Allow" - Principal = { - Service = "vpc-flow-logs.amazonaws.com" } - Sid = "" }, ] - Version = "2012-10-17" } ) -> null - create_date = "2023-02-10T17:20:52Z" -> null - force_detach_policies = false -> null - id = "url-shortener_flow_logs" -> null - managed_policy_arns = [ - "arn:aws:iam::843973686572:policy/VpcMetricsFlowLogsWrite", ] -> null - max_session_duration = 3600 -> null - name = "url-shortener_flow_logs" -> null - path = "/" -> null - tags = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-staging" - "Terraform" = "true" } -> null - unique_id = "AROA4JAGAOUWOL3KWKMYE" -> null } # module.url_shortener_vpc.aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write_policy_attach[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_iam_role_policy_attachment" "vpc_metrics_flow_logs_write_policy_attach" { - id = "url-shortener_flow_logs-20230210172053566700000001" -> null - policy_arn = "arn:aws:iam::843973686572:policy/VpcMetricsFlowLogsWrite" -> null - role = "url-shortener_flow_logs" -> null } Plan: 0 to add, 0 to change, 5 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_security_group.api"] WARN - plan.json - main - Missing Common Tags: ["aws_vpc_endpoint.dynamodb"] WARN - plan.json - main - Missing Common Tags: ["aws_vpc_endpoint.logs"] WARN - plan.json - main - Missing Common Tags: ["aws_vpc_endpoint.s3"] 21 tests, 17 passed, 4 warnings, 0 failures, 0 exceptions ```

[github-actions[bot]]

Staging: api

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|--------------------------------------------------------------------| | update | `module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder will be updated in-place ~ resource "aws_lambda_function" "sentinel_forwarder" { id = "sentinel-cloudwatch-forwarder" ~ layers = [ - "arn:aws:lambda:ca-central-1:283582579564:layer:aws-sentinel-connector-layer:54", + "arn:aws:lambda:ca-central-1:283582579564:layer:aws-sentinel-connector-layer:58", ] tags = { "CostCentre" = "url-shortener-staging" } # (26 unchanged attributes hidden) # (3 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_cloudwatch_log_group.sentinel_forwarder_lambda"] WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_iam_policy.sentinel_forwarder_lambda"] WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_iam_role.sentinel_forwarder_lambda"] WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder"] 21 tests, 17 passed, 4 warnings, 0 failures, 0 exceptions ```