Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update name and use for_each function in code #40

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: update name and use for_each function in code #40

wants to merge 3 commits into from

Conversation

theprashantyadav
Copy link
Contributor

what

  • Fix naming convention and use format function
  • Use for_each function in aws_transfer_ssh_key resource
  • Update s3 and subnet version

why

  • Need to update naming convention
  • Need to update for_each function

@clouddrove-ci clouddrove-ci self-assigned this Jan 25, 2024
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = var.retention_in_days
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             88.024µs
  parsing              127.03286ms
  adaptation           130.263µs
  checks               3.571476ms
  total                130.822623ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     46
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

themaniskshah
themaniskshah previously approved these changes Jan 26, 2024
View reviewed changes
evgenyidf
evgenyidf suggested changes Feb 7, 2024
View reviewed changes
Copy link

@evgenyidf evgenyidf left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Running first time returns error while ssh key importing (second time ok):
aws_transfer_user.transfer_server_user["s3docs"]: Creation complete after 1s [id=s-ae723d54cf4247849/s3docs] ╷ │ Error: importing ssh public key: ResourceNotFoundException: Unknown user │ { │ RespMetadata: { │ StatusCode: 400, │ RequestID: "35e823db-e9c3-4f50-a587-ed4ec236410d" │ }, │ Message_: "Unknown user", │ Resource: "s3docs", │ ResourceType: "User"

can you please "additional_tags' variable and merge with

tags = merge(module.labels.tags, var.additional_tags)

main.tf Outdated
@@ -128,15 +128,15 @@ data "aws_iam_policy_document" "assume_role_policy" {
resource "aws_iam_role" "s3_access_for_sftp_users" {
for_each = var.enabled ? local.user_names_map : {}

name = module.labels.id
name = format("%s-sftp-users", module.labels.id)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think uou will get errors if more then one user will be defined for sftp

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@evgenyidf Hello
Yes, I have done it using for_each function. Now such error will not occur

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = var.retention_in_days
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             79.328µs
  parsing              43.84169ms
  adaptation           119.864µs
  checks               3.622923ms
  total                47.663805ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     46
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = var.retention_in_days
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             91.239µs
  parsing              38.039089ms
  adaptation           135.292µs
  checks               8.418578ms
  total                46.684198ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     46
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgenyidf evgenyidf evgenyidf requested changes

@nileshgadgi nileshgadgi nileshgadgi approved these changes

@themaniskshah themaniskshah themaniskshah approved these changes

@anmolnagpal anmolnagpal Awaiting requested review from anmolnagpal anmolnagpal is a code owner

@clouddrove-ci clouddrove-ci Awaiting requested review from clouddrove-ci clouddrove-ci is a code owner

@mamrajyadav mamrajyadav Awaiting requested review from mamrajyadav

@h1manshu98 h1manshu98 Awaiting requested review from h1manshu98

@d4kverma d4kverma Awaiting requested review from d4kverma

@vaibhav7797 vaibhav7797 Awaiting requested review from vaibhav7797

At least 2 approving reviews are required to merge this pull request.

Assignees

@theprashantyadav theprashantyadav

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@theprashantyadav @clouddrove-ci @evgenyidf @themaniskshah @nileshgadgi @anmolnagpal