Added terraform files #4

Agustin-Galarza · 2023-10-21T22:23:36Z

No description provided.

github-advanced-security

defsec found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

modules/api_gateway/main.tf

+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = var.stage
+}


modules/api_gateway/main.tf

modules/dynamo/main.tf

+resource "aws_dynamodb_table" "this" {
+  name           = var.name
+  billing_mode   = var.billing_mode.mode
+  read_capacity  = var.billing_mode.mode == "PROVISIONED" ? var.billing_mode.read_capacity : null
+  write_capacity = var.billing_mode.mode == "PROVISIONED" ? var.billing_mode.write_capacity : null
+  hash_key       = var.hash_key.name
+  range_key      = var.range_key.name
+
+  attribute {
+    name = var.hash_key.name
+    type = var.hash_key.type
+  }
+
+  attribute {
+    name = var.range_key.name
+    type = var.range_key.type
+  }
+
+  server_side_encryption {
+    enabled = true
+  }
+
+}


modules/frontend/main.tf

+resource "aws_s3_bucket" "www" {
+  bucket = local.www_frontend_bucket_name
+  #  object_lock_enabled = true
+  force_destroy = true
+
+  tags = {
+    type = "frontend"
+  }
+}


modules/frontend/main.tf

+resource "aws_s3_bucket" "frontend" {
+  bucket = var.frontend_name
+  #  object_lock_enabled = true
+  force_destroy = true
+
+
+  tags = {
+    type = "frontend"
+  }
+}


modules/frontend/main.tf

+resource "aws_s3_bucket_server_side_encryption_configuration" "frontend" {
+  bucket = aws_s3_bucket.frontend.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}


modules/dynamo/main.tf

+  server_side_encryption {
+    enabled = true
+  }


modules/frontend/main.tf

+resource "aws_s3_bucket_server_side_encryption_configuration" "www" {
+  bucket = aws_s3_bucket.www.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}


also applied recursive formatting.

Fpannunzio · 2023-10-22T20:08:16Z

main.tf

Por que dejar este archivo vacio

Fpannunzio · 2023-10-22T20:09:50Z

logging.tf

Esto comentado no tiene sentido.

Fpannunzio · 2023-10-22T20:11:02Z

provider.tf

+  }
+}
+
+# resource "aws_iam_role" "example_role" {


Mas alla de que esta comentado, no esta bien que pongan el iam role junto con el provider

Fpannunzio · 2023-10-22T20:11:40Z

locals.tf

@@ -0,0 +1,26 @@
+
+data "aws_availability_zones" "available" {


Tienen un datasource en locals, esto iria en el archivo datasources

Fpannunzio · 2023-10-22T20:12:25Z

locals.tf

+
+  security_groups_prefix = "${local.name}-security-group"
+
+  frontend_bucket_name = "dev.condor.com"


Esto debería ser una variable al igual que los campos que estan por debajo

Fpannunzio · 2023-10-22T20:40:51Z

api_gateway.tf

+  methods = [
+    {
+      path = "reports"
+      methods = [


Esto podría haber estado definido en locals.

Fpannunzio · 2023-10-22T20:43:51Z

modules/logging/main.tf

@@ -0,0 +1,39 @@
+resource "aws_s3_bucket" "this" {


Si bien no esta mal lo que hacen de tener dos modulos, uno para logging y uno para el front, idealmente tendrían que tener un modulo s3 lo suficientemente customizable para que puedan funcionar ambas necesidades con el mismo módulo.

Fpannunzio · 2023-10-22T20:47:29Z

modules/frontend/main.tf

@@ -0,0 +1,133 @@
+// condor.com bucket


Venían llamando a todos los resources this, que suele ser convención, y aca cambiaron a llamar todo a frontend.

Fpannunzio · 2023-10-22T20:48:12Z

modules/lambda/main.tf

@@ -0,0 +1,28 @@
+resource "aws_lambda_function" "index" {


Acá tambien, dejaron de usar la convención "this"

Fpannunzio · 2023-10-22T20:55:43Z

versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = "1.5.7"


Aca tienen que poner >= porque sino es esa versión específica

Added terraform files

7900000

github-advanced-security bot found potential problems Oct 21, 2023

View reviewed changes

Agustin-Galarza force-pushed the main branch from 3f8cae1 to 7900000 Compare October 21, 2023 22:33

Agustin-Galarza added 2 commits October 21, 2023 20:11

Added publick block and logging to buckets.

baf4b20

Added tracing to lambdas

1869650

github-advanced-security bot found potential problems Oct 21, 2023

View reviewed changes

added xray tracing to api gateway.

e104e94

also applied recursive formatting.

Fpannunzio approved these changes Oct 25, 2023

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added terraform files #4

Added terraform files #4

Agustin-Galarza commented Oct 21, 2023

github-advanced-security bot left a comment

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023

Fpannunzio Oct 22, 2023


		security_groups_prefix = "${local.name}-security-group"

		frontend_bucket_name = "dev.condor.com"

Added terraform files #4

Are you sure you want to change the base?

Added terraform files #4

Conversation

Agustin-Galarza commented Oct 21, 2023

github-advanced-security bot left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment