terraform-aws-terraform-enterprise icon indicating copy to clipboard operation
terraform-aws-terraform-enterprise copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Update security baseline components and add encrypted/custom AMI support

Open justicel opened this issue 3 years ago • 10 comments

Background

The current release of the module neither passes checkov security scans, nor does it pass Disney security baseline requirements. This merge request fixes both of those at the same time.

Additionally it also adds the ability to specify a custom AMI (search) as well as encrypted AMIs if an AMI KMS key is specified.

How Has This Been Tested

The testing was done by spinning up a TFE environment with the previous release of the module from the main branch and applying. Then the diff set here for the merge was applied to the environment to make sure no resources were munged or destroyed. Finally the existing EC2 instances for the active-active pair were terminated and new spun up in their place and they automatically stood up a working cluster.

Test Configuration

  • Terraform Version: 0.15.1
  • Any additional relevant variables: No

This PR makes me feel

Secure!

justicel avatar Oct 28 '21 23:10 justicel

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Justice London seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you already have a GitHub account, please add the email address used for this commit to your account.

Have you signed the CLA already but the status is still pending? Recheck it.

hashicorp-cla avatar Oct 28 '21 23:10 hashicorp-cla

/test all destroy=false

:x: Terraform Public Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :x: Terraform Apply

  • :x: Run k6 Smoke Test

:white_check_mark: Terraform Private Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :white_check_mark: Run k6 Smoke Test

:x: Terraform Private TCP Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :x: Run k6 Smoke Test

aaron-lane avatar Nov 02 '21 14:11 aaron-lane

/destroy private-active-active

:white_check_mark: Terraform Private Active/Active Destruction Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Destroy

aaron-lane avatar Nov 02 '21 15:11 aaron-lane

/test private-tcp-active-active destroy=false

:white_check_mark: Terraform Private TCP Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :white_check_mark: Run k6 Smoke Test

aaron-lane avatar Nov 02 '21 15:11 aaron-lane

/destroy private-tcp-active-active

:white_check_mark: Terraform Private TCP Active/Active Destruction Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Destroy

aaron-lane avatar Nov 02 '21 16:11 aaron-lane

/test all

:white_check_mark: Terraform Public Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :white_check_mark: Run k6 Smoke Test

  • :white_check_mark: Terraform Destroy

:white_check_mark: Terraform Private TCP Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :white_check_mark: Run k6 Smoke Test

  • :white_check_mark: Terraform Destroy

:x: Terraform Private Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :x: Run k6 Smoke Test

  • :white_check_mark: Terraform Destroy

aaron-lane avatar Nov 03 '21 14:11 aaron-lane

/test private-active-active destroy=false

:white_check_mark: Terraform Private Active/Active Test Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Validate

  • :white_check_mark: Terraform Apply

  • :white_check_mark: Run k6 Smoke Test

aaron-lane avatar Nov 04 '21 13:11 aaron-lane

/destroy private-active-active

:white_check_mark: Terraform Private Active/Active Destruction Report

:link: Action Summary Page

  • :white_check_mark: Terraform Init

  • :white_check_mark: Terraform Destroy

aaron-lane avatar Nov 04 '21 14:11 aaron-lane

Sounds good. Thanks for reviewing. I just have to get it through our legal/OSS process which should happen in a couple days.

justicel avatar Nov 04 '21 17:11 justicel

@justicel have you had an opportunity to review the CLA?

aaron-lane avatar Jan 20 '22 16:01 aaron-lane

@justicel Thank you for your contribution! As there has been no activity for a while on this PR, I shall close it. If you find your original concern and motivation to still be relevant, please consider creating an issue on which we can discuss the next steps.

nikolasrieble avatar Mar 05 '24 09:03 nikolasrieble