From 919ba068662c36b37c55c6dcf99aeffc67c334b5 Mon Sep 17 00:00:00 2001
From: Paul Yeoh <pyeoh@sph.com.sg>
Date: Thu, 5 Oct 2023 10:13:42 +0800
Subject: [PATCH] [PFMENG-1145] Release IAM module from version 4 aws provider
 (#16)

---
 .github/workflows/ci.yml | 1 +
 modules/cluster/data.tf  | 2 ++
 modules/cluster/main.tf  | 2 ++
 modules/iam/versions.tf  | 3 +--
 modules/service/main.tf  | 2 ++
 5 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7d0dc72..d27b856 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,3 +13,4 @@ jobs:
     uses: SPHTech-Platform/reusable-workflows/.github/workflows/terraform.yaml@main
     with:
       upload_sarif: false
+      checkov_skip_check: CKV_TF_1,CKV_AWS_338
diff --git a/modules/cluster/data.tf b/modules/cluster/data.tf
index f361fc6..a3df091 100644
--- a/modules/cluster/data.tf
+++ b/modules/cluster/data.tf
@@ -3,6 +3,8 @@ data "aws_region" "current" {}
 data "aws_caller_identity" "current" {}
 
 data "aws_iam_policy_document" "cloudwatch_logs_allow_kms" {
+  #checkov:skip=CKV_AWS_356: Accept risk of using wildcard resource
+
   statement {
     sid    = "Enable IAM User Permissions"
     effect = "Allow"
diff --git a/modules/cluster/main.tf b/modules/cluster/main.tf
index e5431e1..4c85bef 100644
--- a/modules/cluster/main.tf
+++ b/modules/cluster/main.tf
@@ -20,6 +20,8 @@ resource "aws_kms_key" "cloudwatch" {
 
 
 resource "aws_kms_key" "cluster" {
+  #checkov:skip=CKV2_AWS_64:Accept risk of no KMS key policy
+
   description             = "Key for data between the local client and the container"
   enable_key_rotation     = true
   deletion_window_in_days = 7
diff --git a/modules/iam/versions.tf b/modules/iam/versions.tf
index 8a0e1e5..9bcc73a 100644
--- a/modules/iam/versions.tf
+++ b/modules/iam/versions.tf
@@ -1,9 +1,8 @@
 terraform {
-  required_version = ">= 1.3"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0"
     }
   }
 }
diff --git a/modules/service/main.tf b/modules/service/main.tf
index 298e040..31a4c6d 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -72,6 +72,8 @@ data "aws_ecs_task_definition" "this" {
 }
 
 resource "aws_ecs_service" "this" {
+  #checkov:skip=CKV_AWS_332: Already defaulting to latest FARGATE platform version
+
   name    = var.name
   cluster = var.cluster_id