Skip to content

Commit

Permalink
lint
Browse files Browse the repository at this point in the history
  • Loading branch information
lucasmacedot committed Oct 30, 2023
1 parent ebcbfed commit ae37d6b
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 16 deletions.
2 changes: 1 addition & 1 deletion event_bridge.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
resource "aws_cloudwatch_event_rule" "alarm_notification" {
name = "cloudtrail_alarm_custom_notifications"
description = "Will be notified with a custom message when any alarm is performed"
is_enabled = true
is_enabled = true

event_pattern = <<PATTERN
{
Expand Down
5 changes: 2 additions & 3 deletions iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ data "aws_iam_policy_document" "lambda_assume_role" {
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
tags = var.tags
tags = var.tags
}

resource "aws_iam_policy" "lambda_cw" {

Check failure on line 17 in iam.tf

View workflow job for this annotation

GitHub Actions / scan

CKV_AWS_355: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"

Check failure on line 17 in iam.tf

View workflow job for this annotation

GitHub Actions / scan

CKV_AWS_290: "Ensure IAM policies does not allow write access without constraints"
Expand All @@ -32,7 +32,7 @@ resource "aws_iam_policy" "lambda_cw" {
"logs:DescribeMetricFilters",
"logs:FilterLogEvents"
],
Resource : [aws_lambda_function.lambda.arn,"arn:aws:logs:*:*:*","arn:aws:cloudwatch:*:*:*"]
Resource : [aws_lambda_function.lambda.arn, "arn:aws:logs:*:*:*", "arn:aws:cloudwatch:*:*:*"]
Effect : "Allow"
},
{
Expand All @@ -58,4 +58,3 @@ resource "aws_iam_role_policy_attachment" "lambda_cw" {
policy_arn = aws_iam_policy.lambda_cw.arn
}


24 changes: 12 additions & 12 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
resource "aws_lambda_function" "lambda" {

Check failure on line 1 in main.tf

View workflow job for this annotation

GitHub Actions / scan

CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"

Check failure on line 1 in main.tf

View workflow job for this annotation

GitHub Actions / scan

CKV_AWS_173: "Check encryption settings for Lambda environmental variable"

Check failure on line 1 in main.tf

View workflow job for this annotation

GitHub Actions / scan

CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit"

Check failure on line 1 in main.tf

View workflow job for this annotation

GitHub Actions / scan

CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
filename = "${path.module}/lambda.zip"
function_name = var.lambda_name
role = aws_iam_role.iam_for_lambda.arn
handler = "index.handler"
timeout = var.lambda_timeout
filename = "${path.module}/lambda.zip"
function_name = var.lambda_name
role = aws_iam_role.iam_for_lambda.arn
handler = "index.handler"
timeout = var.lambda_timeout
source_code_hash = filebase64sha256("${path.module}/lambda.zip")
runtime = "nodejs12.x"
tags = var.tags
runtime = "nodejs12.x"
tags = var.tags
environment {
variables = {
LOG_GROUP = var.cloudtrail_log_group_name,
TOPIC_ARN= aws_sns_topic.alarms[0].arn,
OFFSET=180
TOPIC_ARN = aws_sns_topic.alarms[0].arn,
OFFSET = 180
}
}
}
Expand All @@ -25,7 +25,7 @@ resource "aws_lambda_permission" "default" {
}

resource "aws_cloudwatch_log_group" "alarm_lambda" {
name = "/aws/lambda/${var.lambda_name}"
name = "/aws/lambda/${var.lambda_name}"
retention_in_days = 14
tags = var.tags
}
tags = var.tags
}

0 comments on commit ae37d6b

Please sign in to comment.