|
@@ -79,45 +79,45 @@ EOF
|
|
|
}
|
|
|
|
|
|
# uncomment the following to enable static code analysis
|
|
|
-#terraform {
|
|
|
-# before_hook "tflintinit" {
|
|
|
-# commands = ["plan", "apply"]
|
|
|
-# execute = [
|
|
|
-# "tflint",
|
|
|
-# "--config=tflint.hcl",
|
|
|
-# "--init"
|
|
|
-# ]
|
|
|
-# }
|
|
|
-#
|
|
|
-# before_hook "tflint" {
|
|
|
-# commands = ["plan", "apply"]
|
|
|
-# execute = [
|
|
|
-# "tflint",
|
|
|
-# "--config=tflint.hcl",
|
|
|
-# ".",
|
|
|
-# ]
|
|
|
-# }
|
|
|
-#
|
|
|
-# before_hook "tfsec" {
|
|
|
+terraform {
|
|
|
+ before_hook "tflintinit" {
|
|
|
+ commands = ["plan", "apply"]
|
|
|
+ execute = [
|
|
|
+ "tflint",
|
|
|
+ "--config=tflint.hcl",
|
|
|
+ "--init"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+
|
|
|
+ before_hook "tflint" {
|
|
|
+ commands = ["plan", "apply"]
|
|
|
+ execute = [
|
|
|
+ "tflint",
|
|
|
+ "--config=tflint.hcl",
|
|
|
+ ".",
|
|
|
+ ]
|
|
|
+ }
|
|
|
+
|
|
|
+ before_hook "tfsec" {
|
|
|
+ commands = ["plan", "apply"]
|
|
|
+ execute = [
|
|
|
+ "tfsec",
|
|
|
+ "--concise-output",
|
|
|
+ "--exclude", join(",", local.ignored_tfsec),
|
|
|
+ ]
|
|
|
+ }
|
|
|
+
|
|
|
+# before_hook "checkov" {
|
|
|
# commands = ["plan", "apply"]
|
|
|
# execute = [
|
|
|
-# "tfsec",
|
|
|
-# "--concise-output",
|
|
|
-# "--exclude", join(",", local.ignored_tfsec),
|
|
|
+# "checkov",
|
|
|
+# "-d", ".",
|
|
|
+# "--quiet",
|
|
|
+# "--framework", "terraform",
|
|
|
+# "--skip-check", "CKV_AWS_150", # We do not enable deletion protection for LBs
|
|
|
# ]
|
|
|
# }
|
|
|
-#
|
|
|
-## before_hook "checkov" {
|
|
|
-## commands = ["plan", "apply"]
|
|
|
-## execute = [
|
|
|
-## "checkov",
|
|
|
-## "-d", ".",
|
|
|
-## "--quiet",
|
|
|
-## "--framework", "terraform",
|
|
|
-## "--skip-check", "CKV_AWS_150", # We do not enable deletion protection for LBs
|
|
|
-## ]
|
|
|
-## }
|
|
|
-#}
|
|
|
+}
|
|
|
|
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
|
# Generate a required providers block
|
|
@@ -131,7 +131,7 @@ terraform {
|
|
|
required_providers {
|
|
|
aws = {
|
|
|
source = "hashicorp/aws"
|
|
|
- version = "4.4.0" # 2022-03-08: upgrade from 3.63.0; 2021-09-21: upgrade from 3.37.0
|
|
|
+ version = "4.22.0" # 2022-07-21: Upgrade from 4.4.0; 2022-03-08: upgrade from 3.63.0
|
|
|
}
|
|
|
vault = {
|
|
|
source = "hashicorp/vault"
|