Bump terraform-aws-modules/iam/aws from 5.39.0 to 5.39.1 in /terraform/environments/observability-platform/modules/prometheus/iam-role

[dependabot]

Bumps terraform-aws-modules/iam/aws from 5.39.0 to 5.39.1.

Release notes

Sourced from terraform-aws-modules/iam/aws's releases.

v5.39.1

5.39.1 (2024-05-15)

Bug Fixes

• Fixed trust condition in modules/iam-github-oidc-role to be https (#490) (ecaed18)

Changelog

Sourced from terraform-aws-modules/iam/aws's changelog.

5.39.1 (2024-05-15)

Bug Fixes

• Fixed trust condition in modules/iam-github-oidc-role to be https (#490) (ecaed18)

Commits

• de95e21 chore(release): version 5.39.1 [skip ci]
• ecaed18 fix: Fixed trust condition in modules/iam-github-oidc-role to be https (#490)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/observability-platform/modules/prometheus/iam-role

---

Running Trivy in terraform/environments/observability-platform/modules/prometheus/iam-role
2024-05-16T01:08:54Z INFO Need to update DB
2024-05-16T01:08:54Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-16T01:08:56Z INFO Vulnerability scanning is enabled
2024-05-16T01:08:56Z INFO Misconfiguration scanning is enabled
2024-05-16T01:08:56Z INFO Need to update the built-in policies
2024-05-16T01:08:56Z INFO Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-16T01:08:57Z INFO Secret scanning is enabled
2024-05-16T01:08:57Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-16T01:08:57Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-16T01:08:59Z INFO Number of language-specific files num=0
2024-05-16T01:08:59Z INFO Detected config files num=2

main.tf (terraform)

Tests: 1 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/observability-platform/modules/prometheus/iam-role

*****************************

Running Checkov in terraform/environments/observability-platform/modules/prometheus/iam-role
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-05-16 01:09:02,303 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.39.1 (for external modules, the --download-external-modules flag is required)
2024-05-16 01:09:02,303 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.39.1 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 11, Failed checks: 2, Skipped checks: 2

Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: iam_policy
	File: /main.tf:19-28

		19 | module "iam_policy" {
		20 |   #checkov:skip=CKV_TF_1:Module is from Terraform registry
		21 | 
		22 |   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
		23 |   version = "5.39.1"
		24 | 
		25 |   name_prefix = "${var.name}-prometheus"
		26 | 
		27 |   policy = data.aws_iam_policy_document.aps.json
		28 | }

Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: iam_role
	File: /main.tf:30-41

		30 | module "iam_role" {
		31 |   #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions
		32 | 
		33 |   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
		34 |   version = "5.39.1"
		35 | 
		36 |   create_role             = true
		37 |   role_name               = "${var.name}-prometheus"
		38 |   trusted_role_arns       = ["arn:aws:iam::${var.account_id}:root"]
		39 |   custom_role_policy_arns = [module.iam_policy.arn]
		40 |   role_requires_mfa       = false
		41 | }


checkov_exitcode=1

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/observability-platform/modules/prometheus/iam-role

*****************************

Running tflint in terraform/environments/observability-platform/modules/prometheus/iam-role
Excluding the following checks: terraform_unused_declarations
2 issue(s) found:

Warning: terraform "required_version" attribute is required (terraform_required_version)

  on  line 0:
   (source code not available)

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_version.md

Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)

  on terraform/environments/observability-platform/modules/prometheus/iam-role/main.tf line 5:
   5: data "aws_iam_policy_document" "aps" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/observability-platform/modules/prometheus/iam-role

*****************************

Running Trivy in terraform/environments/observability-platform/modules/prometheus/iam-role
2024-05-16T01:08:54Z	INFO	Need to update DB
2024-05-16T01:08:54Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-16T01:08:56Z	INFO	Vulnerability scanning is enabled
2024-05-16T01:08:56Z	INFO	Misconfiguration scanning is enabled
2024-05-16T01:08:56Z	INFO	Need to update the built-in policies
2024-05-16T01:08:56Z	INFO	Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-16T01:08:57Z	INFO	Secret scanning is enabled
2024-05-16T01:08:57Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-16T01:08:57Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-16T01:08:59Z	INFO	Number of language-specific files	num=0
2024-05-16T01:08:59Z	INFO	Detected config files	num=2

main.tf (terraform)
===================
Tests: 1 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0