feat: (IAC-1259) AWS - Security scan 2024.01 (#261)

sassoftware · Jan 12, 2024 · 79bd167 · 79bd167
1 parent 2957126
commit 79bd167
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 45 deletions.
diff --git a/README.md b/README.md
@@ -47,7 +47,7 @@ The following are also required:
 
 #### Terraform Requirements:
 
-- [Terraform](https://www.terraform.io/downloads.html) v1.6.3
+- [Terraform](https://www.terraform.io/downloads.html) v1.6.6
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.27.9
 - [jq](https://stedolan.github.io/jq/) v1.6
 - [AWS CLI](https://aws.amazon.com/cli) (optional; useful as an alternative to the AWS Web Console) v2.13.33

diff --git a/main.tf b/main.tf
@@ -91,7 +91,7 @@ module "vpc" {
 # EKS Setup - https://github.com/terraform-aws-modules/terraform-aws-eks
 module "eks" {
   source                               = "terraform-aws-modules/eks/aws"
-  version                              = "19.19.1"
+  version                              = "~> 19.0"
   cluster_name                         = local.cluster_name
   cluster_version                      = var.kubernetes_version
   cluster_enabled_log_types            = [] # disable cluster control plan logging
@@ -228,7 +228,7 @@ module "kubeconfig" {
 # Database Setup - https://registry.terraform.io/modules/terraform-aws-modules/rds/aws/6.2.0
 module "postgresql" {
   source  = "terraform-aws-modules/rds/aws"
-  version = "6.2.0"
+  version = "~> 6.0"
 
   for_each = local.postgres_servers != null ? length(local.postgres_servers) != 0 ? local.postgres_servers : {} : {}
 

diff --git a/modules/aws_autoscaling/main.tf b/modules/aws_autoscaling/main.tf
@@ -1,15 +1,6 @@
 # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-terraform {
-  required_version = ">= 1.4.5"
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "5.25.0"
-    }
-  }
-}
 
 # Permissions based off the IAM Policy recommended by kubernetes/autoscaler
 # https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.md
@@ -69,7 +60,7 @@ resource "aws_iam_policy" "worker_autoscaling" {
 
 module "iam_assumable_role_with_oidc" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
-  version = "5.30.2"
+  version = "~> 5.0"
 
   create_role                   = true
   role_name                     = "${var.prefix}-cluster-autoscaler"

diff --git a/modules/aws_ebs_csi/main.tf b/modules/aws_ebs_csi/main.tf
@@ -1,15 +1,6 @@
 # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-terraform {
-  required_version = ">= 1.4.5"
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "5.25.0"
-    }
-  }
-}
 
 resource "aws_iam_policy" "ebs_csi" {
   name_prefix = "${var.prefix}-ebs-csi-policy"
@@ -167,7 +158,7 @@ EOT
 
 module "iam_assumable_role_with_oidc" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
-  version = "5.30.2"
+  version = "~> 5.0"
 
   create_role                    = true
   role_name                      = "${var.prefix}-ebs-csi-role"

diff --git a/modules/kubeconfig/main.tf b/modules/kubeconfig/main.tf
@@ -1,19 +1,6 @@
 # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-terraform {
-  required_version = ">= 1.4.5"
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "2.23.0"
-    }
-    local = {
-      source  = "hashicorp/local"
-      version = "2.4.0"
-    }
-  }
-}
 
 locals {
   service_account_name        = "${var.prefix}-cluster-admin-sa"

diff --git a/versions.tf b/versions.tf
@@ -2,39 +2,39 @@
 # SPDX-License-Identifier: Apache-2.0
 
 terraform {
-  required_version = ">= 1.4.5"
+  required_version = ">= 1.6.6"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "5.25.0"
+      version = "~> 5.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = "3.5.1"
+      version = "~> 3.0"
     }
     local = {
       source  = "hashicorp/local"
-      version = "2.4.0"
+      version = "~> 2.0"
     }
     null = {
       source  = "hashicorp/null"
-      version = "3.2.1"
+      version = "~> 3.0"
     }
     external = {
       source  = "hashicorp/external"
-      version = "2.3.1"
+      version = "~> 2.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.23.0"
+      version = "~> 2.0"
     }
     tls = {
       source  = "hashicorp/tls"
-      version = "4.0.4"
+      version = "~> 4.0"
     }
     cloudinit = {
       source  = "hashicorp/cloudinit"
-      version = "2.3.2"
+      version = "~> 2.0"
     }
   }
 }