Laws 3476 ecs scaling 2

[vc13837]

No description provided.

[github-actions]

TFSEC Scan Success

Show Output

*****************************

TFSEC will check the following folders:
terraform/modules/baseline

*****************************

Running TFSEC in terraform/modules/baseline
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             602.913µs
  parsing              39.129302ms
  adaptation           93.303µs
  checks               8.032405ms
  total                47.857923ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     109
  files read           23

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output

*****************************

Checkov will check the following folders:
terraform/modules/baseline

*****************************

Running Checkov in terraform/modules/baseline
2023-09-19 12:03:22,700 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/ministryofjustice/modernisation-platform-terraform-loadbalancer.git?ref=v3.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:03:22,700 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=v2.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:03:22,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-autoscaling-group?ref=v2.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:03:22,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=v4.0.0:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:03:22,701 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 83, Failed checks: 5, Skipped checks: 15

Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: aws_cloudwatch_log_group.route53
	File: /route53.tf:156-167

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
	FAILED for resource: aws_cloudwatch_log_group.route53
	File: /route53.tf:156-167
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
	FAILED for resource: module.db_instance.aws_db_instance.this
	File: /../rds_instance/main.tf:5-58
	Calling File: /rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
	FAILED for resource: module.db_instance.aws_db_instance.this
	File: /../rds_instance/main.tf:5-58
	Calling File: /rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
	FAILED for resource: module.lb_listener.aws_lb_listener.this
	File: /../lb_listener/main.tf:1-61
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

checkov_exitcode=1

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/modules/baseline

*****************************

Running tflint in terraform/modules/baseline
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: `environment` variable has no type (terraform_typed_variables)

  on terraform/modules/baseline/variables.tf line 476:
 476: variable "environment" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

tflint_exitcode=2

[github-actions]

TFSEC Scan Success

Show Output

*****************************

TFSEC will check the following folders:
terraform/modules/baseline

*****************************

Running TFSEC in terraform/modules/baseline
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             573.5µs
  parsing              33.715045ms
  adaptation           80.2µs
  checks               14.79212ms
  total                49.160865ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     109
  files read           23

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output

*****************************

Checkov will check the following folders:
terraform/modules/baseline

*****************************

Running Checkov in terraform/modules/baseline
2023-09-19 12:04:42,724 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/ministryofjustice/modernisation-platform-terraform-loadbalancer.git?ref=v3.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:04:42,724 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=v2.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:04:42,724 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-autoscaling-group?ref=v2.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:04:42,725 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=v4.0.0:None (for external modules, the --download-external-modules flag is required)
2023-09-19 12:04:42,725 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 83, Failed checks: 5, Skipped checks: 15

Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: aws_cloudwatch_log_group.route53
	File: /route53.tf:156-167

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
	FAILED for resource: aws_cloudwatch_log_group.route53
	File: /route53.tf:156-167
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
	FAILED for resource: module.db_instance.aws_db_instance.this
	File: /../rds_instance/main.tf:5-58
	Calling File: /rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
	FAILED for resource: module.db_instance.aws_db_instance.this
	File: /../rds_instance/main.tf:5-58
	Calling File: /rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
	FAILED for resource: module.lb_listener.aws_lb_listener.this
	File: /../lb_listener/main.tf:1-61
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

checkov_exitcode=1

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/modules/baseline

*****************************

Running tflint in terraform/modules/baseline
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: `environment` variable has no type (terraform_typed_variables)

  on terraform/modules/baseline/variables.tf line 476:
 476: variable "environment" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

tflint_exitcode=2

The merge-base changed after approval.

[github-actions]

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions]

This PR was closed because it has been stalled for 40 days with no activity.