Skip to content

Commit f04a548

Browse files
feat(api): FTRS-0000 Invoke mtls perf test from action
1 parent 9e4a19b commit f04a548

File tree

4 files changed

+7
-4
lines changed

4 files changed

+7
-4
lines changed

infrastructure/modules/ods-mock-api/main.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,9 @@ resource "aws_api_gateway_deployment" "ods_mock" {
137137
}
138138

139139
resource "aws_api_gateway_stage" "ods_mock" {
140+
# checkov:skip=CKV2_AWS_29: Mock API for dev testing, WAF protection not required
141+
# checkov:skip=CKV2_AWS_51: Using API key authentication instead of client certificates for mock API simplicity
142+
# checkov:skip=CKV2_AWS_4: False positive, we are configuring custom logging
140143
deployment_id = aws_api_gateway_deployment.ods_mock.id
141144
rest_api_id = aws_api_gateway_rest_api.ods_mock.id
142145
stage_name = "dev"
@@ -194,6 +197,8 @@ resource "aws_api_gateway_method_settings" "ods_mock" {
194197
}
195198

196199
resource "aws_cloudwatch_log_group" "api_gateway_log_group" {
200+
# checkov:skip=CKV_AWS_158: Justification: Using AWS default encryption.
201+
# checkov:skip=CKV_AWS_338: Justification: Non-production do not require long term log retention.
197202
name = "/aws/api-gateway/${var.api_gateway_name}"
198203
retention_in_days = var.api_gateway_log_group_retention_days
199204
log_group_class = var.api_gateway_log_group_class

infrastructure/modules/shield/sns.tf

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
11
# SNS Topic for Shield DDoS alerts
2-
#trivy:ignore:AVD-AWS-0136
3-
#trivy:ignore:AVD-AWS-0095
42
resource "aws_sns_topic" "shield_ddos_alerts" {
53
#checkov:skip=CKV_AWS_26: Revisit with the encryption work
64
name = "${var.resource_prefix}-${var.resource_name}-shield-ddos-alerts"

infrastructure/stacks/etl_ods/security_group.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ resource "aws_security_group" "etl_ods_lambda_security_group" {
1010
vpc_id = data.aws_vpc.vpc.id
1111
}
1212

13-
# trivy:ignore:aws-vpc-no-public-egress-sgr : TODO https://nhsd-jira.digital.nhs.uk/browse/FTRS-386
13+
1414
resource "aws_vpc_security_group_egress_rule" "etl_ods_allow_443" {
1515
count = local.is_primary_environment ? 1 : 0
1616

infrastructure/stacks/ui/dynamodb.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
#trivy:ignore:AVD-AWS-0024
1+
22
module "ui_session_store" {
33
count = local.stack_enabled
44
source = "../../modules/dynamodb"

0 commit comments

Comments
 (0)