chore: migrated to trivy for static security checks

Author: moritzzimmer

examples/complete/main.tf

@@ -18,7 +18,7 @@ module "lambda" {
   function_name          = random_pet.this.id
   handler                = "index.handler"
   memory_size            = 128
-  runtime                = "nodejs18.x"
+  runtime                = "nodejs20.x"
   publish                = false
   snap_start             = false
   source_code_hash       = module.source.output_base64sha256

examples/container-image/main.tf

@@ -5,7 +5,8 @@ locals {
 
 #trivy:ignore:AVD-AWS-0031
 resource "aws_ecr_repository" "this" {
-  name = local.function_name
+  force_delete = true
+  name         = local.function_name
 
   image_scanning_configuration {
     scan_on_push = true

examples/deployment/complete/main.tf

@@ -20,7 +20,7 @@ module "lambda" {
   handler                          = "index.handler"
   ignore_external_function_updates = true
   publish                          = true
-  runtime                          = "nodejs18.x"
+  runtime                          = "nodejs20.x"
   s3_bucket                        = aws_s3_bucket.source.bucket
   s3_key                           = local.s3_key
   s3_object_version                = aws_s3_object.initial.version_id

examples/deployment/s3/main.tf

@@ -18,7 +18,7 @@ module "lambda" {
   handler                          = "index.handler"
   ignore_external_function_updates = true
   publish                          = true
-  runtime                          = "nodejs18.x"
+  runtime                          = "nodejs20.x"
   s3_bucket                        = aws_s3_bucket.source.bucket
   s3_key                           = local.s3_key
   s3_object_version                = aws_s3_object.initial.version_id

examples/fixtures/context/Dockerfile

@@ -1,4 +1,5 @@
-FROM public.ecr.aws/lambda/nodejs:18
+FROM public.ecr.aws/lambda/nodejs:20
+USER func
 COPY index.js /var/task/
 
 CMD [ "index.handler" ]

examples/with-cloudwatch-event-rules/main.tf

@@ -14,7 +14,7 @@ module "lambda" {
   filename         = module.source.output_path
   function_name    = "example-with-cloudwatch-events"
   handler          = "index.handler"
-  runtime          = "nodejs18.x"
+  runtime          = "nodejs20.x"
   source_code_hash = module.source.output_base64sha256
 
   cloudwatch_event_rules = {

examples/with-cloudwatch-logs-subscription/main.tf

@@ -10,7 +10,7 @@ module "lambda" {
   filename                          = module.source.output_path
   function_name                     = "example-without-cloudwatch-logs-subscription"
   handler                           = "index.handler"
-  runtime                           = "nodejs18.x"
+  runtime                           = "nodejs20.x"
   source_code_hash                  = module.source.output_base64sha256
 
   cloudwatch_log_subscription_filters = {
@@ -32,7 +32,7 @@ module "destination_1" {
   filename                          = module.source.output_path
   function_name                     = "cloudwatch-logs-subscription-destination-1"
   handler                           = "index.handler"
-  runtime                           = "nodejs18.x"
+  runtime                           = "nodejs20.x"
   source_code_hash                  = module.source.output_base64sha256
 }
 
@@ -43,6 +43,6 @@ module "destination_2" {
   filename                          = module.source.output_path
   function_name                     = "cloudwatch-logs-subscription-destination-2"
   handler                           = "index.handler"
-  runtime                           = "nodejs18.x"
+  runtime                           = "nodejs20.x"
   source_code_hash                  = module.source.output_base64sha256
 }

examples/with-event-source-mappings/dynamodb-with-alias/main.tf

@@ -57,7 +57,7 @@ module "lambda" {
   filename         = data.archive_file.dynamodb_handler.output_path
   function_name    = "example-with-dynamodb-event-source-mapping"
   handler          = "index.handler"
-  runtime          = "nodejs18.x"
+  runtime          = "nodejs20.x"
   source_code_hash = data.archive_file.dynamodb_handler.output_base64sha256
 
   event_source_mappings = {

examples/with-event-source-mappings/kinesis/main.tf

@@ -29,7 +29,7 @@ module "lambda" {
   filename         = data.archive_file.kinesis_handler.output_path
   function_name    = "example-with-kinesis-event-source-mapping"
   handler          = "index.handler"
-  runtime          = "nodejs18.x"
+  runtime          = "nodejs20.x"
   source_code_hash = data.archive_file.kinesis_handler.output_base64sha256
 
   event_source_mappings = {

examples/with-event-source-mappings/sqs/main.tf

@@ -27,7 +27,7 @@ module "lambda" {
   filename         = data.archive_file.sqs_handler.output_path
   function_name    = "example-with-sqs-event-source-mapping"
   handler          = "index.handler"
-  runtime          = "nodejs18.x"
+  runtime          = "nodejs20.x"
   source_code_hash = data.archive_file.sqs_handler.output_base64sha256
 
   event_source_mappings = {