Skip to content

Commit

Permalink
skip: update auto-test for rds, sns
Browse files Browse the repository at this point in the history
  • Loading branch information
anna-shcherbak committed May 31, 2024
1 parent 6a586d6 commit e69a1af
Show file tree
Hide file tree
Showing 10 changed files with 36 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/tf_testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ env:
CORE_TESTING_FOLDER: ${{ github.workspace }}
OUTPUT_DIR: ${{ github.workspace }}/auto_policy_testing/output
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}
resource_priority_list: 'sqs,sns'
resource_priority_list: 'rds'
RED: '\033[0;31m'

jobs:
Expand Down
1 change: 1 addition & 0 deletions auto_policy_testing/green/lambda/lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ resource "aws_lambda_function" "this" {
runtime = "python3.12"
reserved_concurrent_executions = 1
layers = ["arn:aws:lambda:${var.region}:580247275435:layer:LambdaInsightsExtension:52"]
replace_security_groups_on_destroy = true

vpc_config {
security_group_ids = [aws_security_group.this.id]
Expand Down
14 changes: 14 additions & 0 deletions auto_policy_testing/green/rds/rds_aurora-mysql.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,20 @@ resource "aws_rds_cluster" "aurora-mysql" {
backtrack_window = 600
copy_tags_to_snapshot = true
port = 6033
deletion_protection = true
}

resource "null_resource" "this2" {
triggers = {
rds = aws_rds_cluster.aurora-mysql.cluster_identifier
}

provisioner "local-exec" {
when = destroy
command = "aws rds modify-db-cluster --db-cluster-identifier ${self.triggers.rds} --no-deletion-protection"
}

depends_on = [aws_rds_cluster.aurora-mysql]
}

data "aws_rds_engine_version" "aurora-mysql" {
Expand Down
2 changes: 1 addition & 1 deletion auto_policy_testing/green/rds/rds_mariadb.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
resource "aws_db_instance" "mariadb" {
identifier = "${module.naming.resource_prefix.rds_instance}-mariadb"
engine = "mariadb"
engine_version = "10.6.10"
engine_version = "10.6.17"
instance_class = "db.t3.micro"
allocated_storage = 20
storage_type = "gp2"
Expand Down
14 changes: 14 additions & 0 deletions auto_policy_testing/green/rds/rds_mysql.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ resource "aws_db_instance" "mysql" {
parameter_group_name = aws_db_parameter_group.mysql.id
iam_database_authentication_enabled = true
auto_minor_version_upgrade = true
deletion_protection = true
}

resource "aws_db_parameter_group" "mysql" {
Expand Down Expand Up @@ -63,3 +64,16 @@ resource "aws_db_snapshot" "mysql" {
db_instance_identifier = aws_db_instance.mysql.identifier
db_snapshot_identifier = "${module.naming.resource_prefix.rds_instance}-mysql"
}

resource "null_resource" "this1" {
triggers = {
rds = aws_db_instance.mysql.identifier
}

provisioner "local-exec" {
when = destroy
command = "aws rds modify-db-instance --db-instance-identifier ${self.triggers.rds} --no-deletion-protection"
}

depends_on = [aws_db_instance.mysql]
}
1 change: 1 addition & 0 deletions auto_policy_testing/green/s3/lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ resource "aws_lambda_function" "this" {
handler = "func.lambda_handler"
runtime = "python3.12"
depends_on = [data.archive_file.this]
replace_security_groups_on_destroy = true
}

resource "aws_lambda_permission" "this" {
Expand Down
3 changes: 2 additions & 1 deletion auto_policy_testing/green/sns/sns.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ resource "null_resource" "this" {
"aws sns publish ",
"--topic-arn ${aws_sns_topic.this.arn}",
"--message 'Hello World!'",
"--region ${var.region}"
"--region ${var.region} ;",
"sleep 15m"
]
)
}
Expand Down
1 change: 1 addition & 0 deletions auto_policy_testing/red/lambda/lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ resource "aws_lambda_function" "this" {
role = aws_iam_role.this.arn
handler = "func.lambda_handler"
runtime = "python3.8"
replace_security_groups_on_destroy = true

vpc_config {
security_group_ids = [aws_security_group.this.id]
Expand Down
2 changes: 0 additions & 2 deletions auto_policy_testing/scripts/exception_rules.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@
"ecc-aws-015-ensure_mfa_is_enabled_for_the_root_account",
"ecc-aws-112-s3_bucket_versioning_mfa_delete_enabled", #manual
"ecc-aws-138-eliminate_use_root_user_for_administrative_and_daily_tasks",
"ecc-aws-200-rds_cluster_deletion_protection_enabled",
"ecc-aws-201-rds_instance_deletion_protection_enabled",
"ecc-aws-207-rds_aurora_logging_enabled",
"ecc-aws-286-workspaces_unused_instances",
"ecc-aws-331-workspaces_images_not_older_than_90_days",
Expand Down
2 changes: 1 addition & 1 deletion auto_policy_testing/shared_tf_modules/naming/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ output "resource_prefix" {
backup_plan = "${local.suffix}_${var.resource_type}_plan_${local.compliance_status}"
app_flow = "${local.suffix}-${var.resource_type}-appflow-${local.compliance_status}"
cfn = "${local.suffix}-${var.resource_type}-cfn-${local.compliance_status}"
sns = "${local.suffix}_${var.resource_type}_sns_${local.compliance_status}"
sns = "${local.suffix}-${var.resource_type}_sns_${local.compliance_status}"
sqs = "${local.suffix}-${var.resource_type}-sqs-${local.compliance_status}"
kms_key = "${local.suffix}_${var.resource_type}_key_${local.compliance_status}"
ami = "${local.suffix}_${var.resource_type}_ami_${local.compliance_status}"
Expand Down

0 comments on commit e69a1af

Please sign in to comment.