-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update terraform cloudposse/service-control-policies/aws to v0.15.0 #3
base: main
Are you sure you want to change the base?
chore(deps): update terraform cloudposse/service-control-policies/aws to v0.15.0 #3
Conversation
/terratest |
Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳ |
Merge ProtectionsYour pull request matches the following merge protections and will not be merged until they are valid. 🟠 Require terratestWaiting checks:
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
This PR contains the following updates:
0.9.2
->0.15.0
Release Notes
cloudposse/terraform-aws-service-control-policies (cloudposse/service-control-policies/aws)
v0.15.0
Compare Source
feat: Add require ebs encryption scp @wavemoran (#60)
what
why
references
Run tests 1 policy at a time @goruha (#62)
what
why
🚀 Enhancements
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.5 in /test/src in the go_modules group @dependabot (#57)
Bumps the go_modules group in /test/src with 1 update: [github.com/hashicorp/go-getter](https://redirect.github.com/hashicorp/go-getter).Updates
github.com/hashicorp/go-getter
from 1.7.3 to 1.7.5Release notes
Sourced from github.com/hashicorp/go-getter's releases.
Commits
5a63fd9
Merge pull request #497 from hashicorp/fix-git-update5b7ec5f
fetch tags on update and fix tests9906874
recreate git config during update to prevent config alteration268c11c
escape user provide string to git (#483)975961f
Merge pull request #433 from adrian-bl/netrc-fix5ccb39a
Make addAuthFromNetrc ignore ENOTDIR errorsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.
🤖 Automatic Updates
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.5 in /test/src in the go_modules group @dependabot (#57)
Bumps the go_modules group in /test/src with 1 update: [github.com/hashicorp/go-getter](https://redirect.github.com/hashicorp/go-getter).Updates
github.com/hashicorp/go-getter
from 1.7.3 to 1.7.5Release notes
Sourced from github.com/hashicorp/go-getter's releases.
Commits
5a63fd9
Merge pull request #497 from hashicorp/fix-git-update5b7ec5f
fetch tags on update and fix tests9906874
recreate git config during update to prevent config alteration268c11c
escape user provide string to git (#483)975961f
Merge pull request #433 from adrian-bl/netrc-fix5ccb39a
Make addAuthFromNetrc ignore ENOTDIR errorsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.
Migrate new test account @osterman (#59)
what
.github/settings.yml
.github/chatops.yml
fileswhy
.github/settings.yml
from org level to getterratest
environmenttest
accountReferences
Update .github/settings.yml @osterman (#58)
what
.github/settings.yml
.github/auto-release.yml
fileswhy
.github/settings.yml
from org levelreferences
Update release workflow to allow pull-requests: write @osterman (#56)
what
.github/workflows/release.yaml
) to have permission to comment on PRwhy
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#54)
what
.github/workflows
) to use shared workflows from.github
repowhy
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#53)
what
.github/workflows
) to addissue: write
permission needed by ReviewDogtflint
actionwhy
Update GitHub workflows @osterman (#52)
what
.github/workflows/settings.yaml
)why
v0.14.2
Compare Source
🐛 Bug Fixes
Minor cleanups @Nuru (#50)
what
Minor fixes to several SCPs
DenyLambdaWithoutVpc
was previously invalid. It is now valid, but has not been thoroughly tested to ensure it does what it promises.DenyRDSUnencrypted
was fixed to denyrds:RestoreDBClusterFromSnapshot
when not encrypted. Previously this action was not denied, and instead the nonexistentRestoreDBClusterFromDBSnapshot
was deniedDenyS3BucketsPublicAccess
policy was cleaned up by eliminating the nonexistents3:DeletePublicAccessBlock
action. Note that it still is probably not something you want to use, because it denies enabling a public access block as well as removing one. We hope to have a better policy in the future.DenyRegions
andRestrictToSpecifiedRegions
were updated to exclude theaccount
,artifact
, andsupportplans
services from region restrictions, since they are global services. The obsoleteawsbillingconsole
service was removed.DenyS3InNonSelectedRegion
was fixed to allow users to allow S3 bucket creation inus-east-1
. Previouslyus-east-1
was always prohibited even when expressly allowed, due to quirks in S3.why
references
v0.14.1
: Fix encryption-in-transit requirementsCompare Source
🐛 Bug Fixes
Update/Fix EC2 Policies @Nuru (#49)
what
DenyEC2InstancesWithoutEncryptionInTransit
andDenyEC2NonNitroInstances
why
references
🤖 Automatic Updates
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#47)
what
why
cldouposse/.github
repositoryAdd GitHub Settings @osterman (#42)
what
.github/settings.yaml
)why
Update Scaffolding @osterman (#40)
what
make readme
to rebuildREADME.md
fromREADME.yaml
why
.github
repoUpdate Scaffolding @osterman (#39)
what
make readme
to rebuildREADME.md
fromREADME.yaml
why
.github
repoUpdate Scaffolding @osterman (#38)
what
make readme
to rebuildREADME.md
fromREADME.yaml
why
.github
repoUpdate Scaffolding @osterman (#37)
what
make readme
to rebuildREADME.md
fromREADME.yaml
why
.github
repoUpdate Scaffolding @osterman (#36)
what
make readme
to rebuildREADME.md
fromREADME.yaml
why
.github
repoUpdate Scaffolding @osterman (#35)
what
make readme
to rebuildREADME.md
fromREADME.yaml
why
.github
repov0.14.0
Compare Source
Ensure support of the AWS Provider V5 and latest terraform @max-lobur (#31)
what
Ensure support of the AWS Provider V5
Update terraform version
Update dependencies in tests
Linter fixes
why
Maintenance
references
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0
update AWS family policies for mid-2023 @jonathan-3play (#30)
what
why
references
Sync github @max-lobur (#25)
Rebuild github dir from the template
v0.13.0
Compare Source
v0.12.0
Compare Source
Update DenyEC2InstancesWithoutEncryptionInTransit @Nuru (#23)
what
DenyEC2InstancesWithoutEncryptionInTransit
policy with current list of instancesDenyS3InNonSelectedRegion
policyDenyRegionUsage
policy withDenyRegions
andRestrictToSpecifiedRegions
policieswhy
c6i
,c7g
, andg5
to name a fewcatalog/*.yaml
without needing to specify any parametersDenyS3InNonSelectedRegion
policy was completely broken, having no effectDenyRegionUsage
policy was confusing, because it took a parameter calledregions_lockdown
which was a list of regions to allow. The new policies let you choose to either whitelist or blacklist regions.references
git.io->cloudposse.tools update @dylanbannon (#20)
what and why
Change all references to
git.io/build-harness
intocloudposse.tools/build-harness
, sincegit.io
redirects will stop working on April 29th, 2022.References
v0.11.0
Compare Source
Adding policies @jamengual (#11)
what
why
references
v0.10.0
Compare Source
add deny disabling cloutrail scp @sgtoj (#19)
what
why
references
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.