From 4e465b292d0137467be196c4239ba46be2fedf45 Mon Sep 17 00:00:00 2001 From: M Bezemer Date: Tue, 10 Sep 2024 11:04:18 +0200 Subject: [PATCH] update dependencies for security findings --- config.tf | 4 +++- datadog.tf | 12 +++++++++--- ses_accounts_mail_alias.tf | 8 ++++++-- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/config.tf b/config.tf index 8ad0cc8..17f8171 100644 --- a/config.tf +++ b/config.tf @@ -170,7 +170,9 @@ module "aws_config_s3" { #checkov:skip=CKV_AWS_145: False positive, KMS key is used by default https://github.com/bridgecrewio/checkov/issues/3847 providers = { aws = aws.logging } - source = "github.com/schubergphilis/terraform-aws-mcaf-s3?ref=v0.8.0" + source = "schubergphilis/mcaf-s3/aws" + version = "~> 0.14.1" + name = local.aws_config_s3_name kms_key_arn = module.kms_key_logging.arn policy = data.aws_iam_policy_document.aws_config_s3.json diff --git a/datadog.tf b/datadog.tf index 5c9cddb..78006e5 100644 --- a/datadog.tf +++ b/datadog.tf @@ -3,7 +3,9 @@ module "datadog_audit" { count = try(var.datadog.enable_integration, false) == true ? 1 : 0 providers = { aws = aws.audit } - source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.7.0" + source = "schubergphilis/mcaf-datadog/aws" + version = "~> 0.8.2" + api_key = try(var.datadog.api_key, null) cspm_resource_collection_enabled = var.datadog.cspm_resource_collection_enabled excluded_regions = var.datadog_excluded_regions @@ -21,7 +23,9 @@ module "datadog_master" { #checkov:skip=CKV_AWS_124: since this is managed by terraform, we reason that this already provides feedback and a seperate SNS topic is therefore not required count = try(var.datadog.enable_integration, false) == true ? 1 : 0 - source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.7.0" + source = "schubergphilis/mcaf-datadog/aws" + version = "~> 0.8.2" + api_key = try(var.datadog.api_key, null) cspm_resource_collection_enabled = var.datadog.cspm_resource_collection_enabled excluded_regions = var.datadog_excluded_regions @@ -40,7 +44,9 @@ module "datadog_logging" { count = try(var.datadog.enable_integration, false) == true ? 1 : 0 providers = { aws = aws.logging } - source = "github.com/schubergphilis/terraform-aws-mcaf-datadog?ref=v0.7.0" + source = "schubergphilis/mcaf-datadog/aws" + version = "~> 0.8.2" + api_key = try(var.datadog.api_key, null) cspm_resource_collection_enabled = var.datadog.cspm_resource_collection_enabled excluded_regions = var.datadog_excluded_regions diff --git a/ses_accounts_mail_alias.tf b/ses_accounts_mail_alias.tf index bcce972..0cc76fc 100644 --- a/ses_accounts_mail_alias.tf +++ b/ses_accounts_mail_alias.tf @@ -3,7 +3,9 @@ module "ses-root-accounts-mail-alias" { count = var.ses_root_accounts_mail_forward != null ? 1 : 0 providers = { aws = aws, aws.route53 = aws } - source = "github.com/schubergphilis/terraform-aws-mcaf-ses?ref=v0.1.3" + source = "schubergphilis/mcaf-ses/aws" + version = "~> 0.1.4" + dmarc = var.ses_root_accounts_mail_forward.dmarc domain = var.ses_root_accounts_mail_forward.domain kms_key_id = module.kms_key.id @@ -17,7 +19,9 @@ module "ses-root-accounts-mail-forward" { count = var.ses_root_accounts_mail_forward != null ? 1 : 0 providers = { aws = aws, aws.lambda = aws } - source = "github.com/schubergphilis/terraform-aws-mcaf-ses-forwarder?ref=v0.2.5" + source = "schubergphilis/mcaf-ses-forwarder/aws" + version = "~> 0.3.0" + bucket_name = "ses-forwarder-${replace(var.ses_root_accounts_mail_forward.domain, ".", "-")}" from_email = var.ses_root_accounts_mail_forward.from_email kms_key_arn = module.kms_key.arn