Bump cloudtrail::terraform-aws-cloudtrail from 0.14.0 to 1.4.0

[dependabot]

Bumps cloudtrail::terraform-aws-cloudtrail from 0.14.0 to 1.4.0.

Release notes

Sourced from cloudtrail::terraform-aws-cloudtrail's releases.

1.4.0

✨ New Features

• fbdd962 - add changelog.yml file and use shared-workflows (commit by @​theprashantyadav)
• c3bc36c - added dependabot.yml (commit by @​theprashantyadav)
• 74a9932 - auto changelog action added (commit by @​theprashantyadav)
• 31ec785 - add deepsource & added assignees,reviewer in dependabot (commit by @​Tanveer143s)
• 4da6474 - dynamic values and fixed main file (commit by @​anmolnagpal)

🐛 Bug Fixes

• a2a5a9b - update s3 for label and data for name (commit by @​nileshgadgi)
• dd0c134 - update local variables (commit by @​nileshgadgi)
• 3730c0f - pass direct value in name and env of bucket in examlpe (commit by @​nileshgadgi)

new terraform latest version

No release notes provided.

Update module

Update License Add tfsec.yml file in .ghuthub/workflows Update terraform.yml Update terraform latest version and Licance in Readme.yaml Add version.tf in example

Upgrade the module with 0.15.0

New Features

• Upgrade module to terraform 0.15.0
• Upgrade pre-commit
• Update the labels

Changelog

Sourced from cloudtrail::terraform-aws-cloudtrail's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.4.0] - 2023-07-19

✨ New Features

• fbdd962 - add changelog.yml file and use shared-workflows (commit by @​theprashantyadav)
• c3bc36c - added dependabot.yml (commit by @​theprashantyadav)
• 74a9932 - auto changelog action added (commit by @​theprashantyadav)
• 31ec785 - add deepsource & added assignees,reviewer in dependabot (commit by @​Tanveer143s)
• 4da6474 - dynamic values and fixed main file (commit by @​anmolnagpal)

🐛 Bug Fixes

• a2a5a9b - update s3 for label and data for name (commit by @​nileshgadgi)
• dd0c134 - update local variables (commit by @​nileshgadgi)
• 3730c0f - pass direct value in name and env of bucket in examlpe (commit by @​nileshgadgi)

[1.3.0] - 2022-02-22

🐛 Bug Fixes

• 66ed839 - update README.md .

[1.0.1] - 2022-05-13

🐛 Bug Fixes

• 7ac1ceb - use terraform letast version

[0.15.0] - 2021-10-16

🐛 Bug Fixes

• 1c2adf6 - github-action Update,update-license

[0.14.0] - 2021-05-15

✨ New Features

• 2be3a30 - enabled multi region deployment
• c63350d - added Support for 0.15
• d970727 - add logs group

[0.13.0] - 2020-10-26

✨ New Features

• 0057601 - add event_selector as a varible
• a3fcfb2 - add group arn
• f2f6133 - is_multi_region_trail var default for true
• 2be3a30 - enabled multi region deployment
• c63350d - added Support for 0.15

[0.12.5] - 2020-10-05

... (truncated)

Commits

• fd26732 Merge pull request #23 from clouddrove/feat/dynamic
• 3730c0f fix: pass direct value in name and env of bucket in examlpe
• dd0c134 fix: update local variables
• a2a5a9b fix: update s3 for label and data for name
• 4da6474 feat: dynamic values and fixed main file
• af27a10 Merge pull request #22 from clouddrove/issue-435
• 31ec785 feat: add deepsource & added assignees,reviewer in dependabot
• a0da2a7 Merge pull request #21 from clouddrove/issue-385
• 74a9932 feat: auto changelog action added
• c3bc36c feat: added dependabot.yml
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot tried to add @approvers as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/clouddrove/terraform-aws-cloudtrail-baseline/pulls/23/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the clouddrove/terraform-aws-cloudtrail-baseline repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request

[anmolnagpal]

Terraform Security Scan Failed

Show Output

Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:82-87
────────────────────────────────────────────────────────────────────────────────
   82    resource "aws_cloudwatch_log_group" "cloudtrail_events" {
   83      count             = var.enabled ? 1 : 0
   84      name              = var.cloudwatch_logs_group_name
   85      retention_in_days = var.cloudwatch_logs_retention_in_days
   86      tags              = module.labels.tags
   87    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             144.999µs
  parsing              6.892668ms
  adaptation           195.499µs
  checks               11.903944ms
  total                19.13711ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     67
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.