Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: 🚀 Pull from master branch and create new release. #9

Merged
merged 17 commits into from
Jan 25, 2024
Merged

Feat: 🚀 Pull from master branch and create new release. #9

merged 17 commits into from
Jan 25, 2024

Conversation

nileshgadgi
Copy link
Member

What

  • Pulled from master and removed security group static creation from main.tf root file.
  • Updated example terraform file to with security group creation for DocumentDB Cluster.

Why

  • The best practice is not to create a security group in the root module. create it from an example and pass it as an argument.
  • To give an option for security of documentDB, created example for security group creation.

anmolnagpal and others added 12 commits July 28, 2023 16:52
@anmolnagpal
[fix/docdb_structure]Fix: Removed the default secuirty group created …
300c21f 
…with document module and restructure the module.
@anmolnagpal
[fix/docdb_structure]Fix: Removed the default secuirty group created …
cac72f8 
…with document module and restructure the module.
@anmolnagpal
[fix/docdb_structure]Fix: Removed the default secuirty group created …
0409b46 
…with document module and restructure the module.
@anmolnagpal
[fix/docdb_structure]Fix: Removed the default secuirty group created …
3a1b361 
…with document module and restructure the module.
@anmolnagpal
[fix/docdb_structure]Fix: Removed the default secuirty group created …
9571406 
…with document module and restructure the module.
@anmolnagpal
[fix/docdb_structure]Fix: Ignored the tfsec warning for kms key
677ecea
@anmolnagpal
[fix/docdb_structure]Fix: Ignored the tfsec warning for kms key
867e35f
@anmolnagpal
[fix/docdb_structure]Fix: Ignored the tfsec warning for kms key
ca074ab
@anmolnagpal
[fix/docdb_structure]Feat:ignored the tfsec warning for kms key and u…
a596330 
…pdate the security group with description
@anmolnagpal
[fix/docdb_structure]Fix: Restructure and fix the documentDB terrafor…
617fb10 
…m module.
@anmolnagpal
feat: introduce certeficiate authority for cluster instance
8bf9b95
@anmolnagpal
fix: pulled from master
a8be9ad
@nileshgadgi nileshgadgi added the enhancement New feature or request label Jan 23, 2024
@nileshgadgi nileshgadgi self-assigned this Jan 23, 2024
vaibhav7797
vaibhav7797 previously approved these changes Jan 23, 2024
View reviewed changes
Copy link
Member

@vaibhav7797 vaibhav7797 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Instance encryption does not use a customer-managed KMS key. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:56-65
────────────────────────────────────────────────────────────────────────────────
   56    resource "aws_docdb_cluster_instance" "this" {
   57      count              = var.enable ? var.cluster_size : 0
   58      identifier         = "${var.database_name}-${count.index + 1}"
   59      cluster_identifier = aws_docdb_cluster.this[0].id
   60      apply_immediately  = var.apply_immediately
   61      instance_class     = var.instance_class
   62      tags               = module.labels.tags
   63      engine             = var.engine
   64      ca_cert_identifier = var.ca_cert_identifier
   65    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-documentdb-encryption-customer-key
      Impact Using AWS managed keys does not allow for fine grained control
  Resolution Enable encryption using customer managed keys

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/documentdb/encryption-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             68.076µs
  parsing              94.806578ms
  adaptation           125.592µs
  checks               3.281839ms
  total                98.282085ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     40
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              1
  critical             0
  high                 0
  medium               0
  low                  1

  2 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Instance encryption does not use a customer-managed KMS key. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:56-65
────────────────────────────────────────────────────────────────────────────────
   56    resource "aws_docdb_cluster_instance" "this" {
   57      count              = var.enable ? var.cluster_size : 0
   58      identifier         = "${var.database_name}-${count.index + 1}"
   59      cluster_identifier = aws_docdb_cluster.this[0].id
   60      apply_immediately  = var.apply_immediately
   61      instance_class     = var.instance_class
   62      tags               = module.labels.tags
   63      engine             = var.engine
   64      ca_cert_identifier = var.ca_cert_identifier
   65    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-documentdb-encryption-customer-key
      Impact Using AWS managed keys does not allow for fine grained control
  Resolution Enable encryption using customer managed keys

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/documentdb/encryption-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             66.665µs
  parsing              37.098773ms
  adaptation           104.517µs
  checks               8.40007ms
  total                45.670025ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     40
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              1
  critical             0
  high                 0
  medium               0
  low                  1

  2 passed, 1 ignored, 1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Instance encryption does not use a customer-managed KMS key. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:56-65
────────────────────────────────────────────────────────────────────────────────
   56    resource "aws_docdb_cluster_instance" "this" {
   57      count              = var.enable ? var.cluster_size : 0
   58      identifier         = "${var.database_name}-${count.index + 1}"
   59      cluster_identifier = aws_docdb_cluster.this[0].id
   60      apply_immediately  = var.apply_immediately
   61      instance_class     = var.instance_class
   62      tags               = module.labels.tags
   63      engine             = var.engine
   64      ca_cert_identifier = var.ca_cert_identifier
   65    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-documentdb-encryption-customer-key
      Impact Using AWS managed keys does not allow for fine grained control
  Resolution Enable encryption using customer managed keys

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/documentdb/encryption-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             65.893µs
  parsing              64.891433ms
  adaptation           105.166µs
  checks               3.894673ms
  total                68.957165ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     40
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              1
  critical             0
  high                 0
  medium               0
  low                  1

  2 passed, 1 ignored, 1 potential problem(s) detected.

vaibhav7797
vaibhav7797 approved these changes Jan 23, 2024
View reviewed changes
Copy link
Member

@vaibhav7797 vaibhav7797 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🤟

@clouddrove-ci clouddrove-ci merged commit 8d2c8c1 into master Jan 25, 2024
14 checks passed
@clouddrove-ci clouddrove-ci deleted the feat/release branch January 25, 2024 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anmolnagpal anmolnagpal anmolnagpal approved these changes

@themaniskshah themaniskshah themaniskshah approved these changes

@clouddrove-ci clouddrove-ci clouddrove-ci approved these changes

@13archit 13archit 13archit approved these changes

@vaibhav7797 vaibhav7797 vaibhav7797 approved these changes

Assignees

@nileshgadgi nileshgadgi

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@nileshgadgi @clouddrove-ci @anmolnagpal @themaniskshah @13archit @vaibhav7797