CCM-10048: do not deploy GuardDuty

Author: bhansell1

infrastructure/terraform/components/sandbox/outputs.tf

@@ -14,10 +14,6 @@ output "download_bucket_name" {
   value = module.backend_api.download_bucket_name
 }
 
-output "guardduty_quarantine_arn" {
-  value = module.backend_api.guardduty_quarantine_arn
-}
-
 output "internal_bucket_name" {
   value = module.backend_api.internal_bucket_name
 }

infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_guardduty_quarantine_scan_failed_for_proof.tf

@@ -3,9 +3,9 @@ resource "aws_cloudwatch_event_rule" "guardduty_quarantine_scan_failed_for_proof
   description = "Matches quarantine 'GuardDuty Malware Protection Object Scan Result' events where the scan result is not NO_THREATS_FOUND"
 
   event_pattern = jsonencode({
-    source      = compact(["aws.guardduty", var.test_environment_mock_guardduty_event_source])
+    source      = [local.guardduty_source]
     detail-type = ["GuardDuty Malware Protection Object Scan Result"]
-    resources   = [aws_guardduty_malware_protection_plan.quarantine.arn]
+    resources   = [local.guardduty_resource]
     detail = {
       s3ObjectDetails = {
         bucketName = [module.s3bucket_quarantine.id]

infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_guardduty_quarantine_scan_failed_for_upload.tf

@@ -3,9 +3,9 @@ resource "aws_cloudwatch_event_rule" "guardduty_quarantine_scan_failed_for_uploa
   description = "Matches quarantine 'GuardDuty Malware Protection Object Scan Result' events where the scan result is not NO_THREATS_FOUND"
 
   event_pattern = jsonencode({
-    source      = compact(["aws.guardduty", var.test_environment_mock_guardduty_event_source])
+    source      = [local.guardduty_source]
     detail-type = ["GuardDuty Malware Protection Object Scan Result"]
-    resources   = [aws_guardduty_malware_protection_plan.quarantine.arn]
+    resources   = [local.guardduty_resource]
     detail = {
       s3ObjectDetails = {
         bucketName = [module.s3bucket_quarantine.id]

infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_guardduty_quarantine_scan_passed_for_proof.tf

@@ -3,9 +3,9 @@ resource "aws_cloudwatch_event_rule" "guardduty_quarantine_scan_passed_for_proof
   description = "Matches quarantine 'GuardDuty Malware Protection Object Scan Result' events where the scan result is NO_THREATS_FOUND"
 
   event_pattern = jsonencode({
-    source      = compact(["aws.guardduty", var.test_environment_mock_guardduty_event_source])
+    source      = [local.guardduty_source]
     detail-type = ["GuardDuty Malware Protection Object Scan Result"]
-    resources   = [aws_guardduty_malware_protection_plan.quarantine.arn]
+    resources   = [local.guardduty_resource]
     detail = {
       s3ObjectDetails = {
         bucketName = [module.s3bucket_quarantine.id]

infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_guardduty_quarantine_scan_passed_for_upload.tf

@@ -3,9 +3,9 @@ resource "aws_cloudwatch_event_rule" "guardduty_quarantine_scan_passed_for_uploa
   description = "Matches quarantine 'GuardDuty Malware Protection Object Scan Result' events where the scan result is NO_THREATS_FOUND"
 
   event_pattern = jsonencode({
-    source      = compact(["aws.guardduty", var.test_environment_mock_guardduty_event_source])
+    source      = [local.guardduty_source]
     detail-type = ["GuardDuty Malware Protection Object Scan Result"]
-    resources   = [aws_guardduty_malware_protection_plan.quarantine.arn]
+    resources   = [local.guardduty_resource]
     detail = {
       s3ObjectDetails = {
         bucketName = [module.s3bucket_quarantine.id]

infrastructure/terraform/modules/backend-api/guardduty_malware_protection_plan_quarantine.tf

@@ -1,4 +1,6 @@
 resource "aws_guardduty_malware_protection_plan" "quarantine" {
+  count = var.enable_guardduty ? 1 : 0
+
   role = aws_iam_role.guardduty_quarantine.arn
 
   protected_resource {

infrastructure/terraform/modules/backend-api/locals.tf

@@ -61,4 +61,8 @@ locals {
   ][0], "")
 
   sftp_environment = "${var.group}-${var.environment}-${var.component}"
+
+  guardduty_source = var.enable_guardduty ? "aws.guardduty" : "test.guardduty"
+
+  guardduty_resource = var.enable_guardduty ? aws_guardduty_malware_protection_plan.quarantine[0].arn : "test:guardduty"
 }

infrastructure/terraform/modules/backend-api/outputs.tf

@@ -10,10 +10,6 @@ output "download_bucket_regional_domain_name" {
   value = module.s3bucket_download.bucket_regional_domain_name
 }
 
-output "guardduty_quarantine_arn" {
-  value = aws_guardduty_malware_protection_plan.quarantine.arn
-}
-
 output "internal_bucket_name" {
   value = module.s3bucket_internal.id
 }

infrastructure/terraform/modules/backend-api/variables.tf

@@ -71,6 +71,12 @@ variable "enable_backup" {
   default     = true
 }
 
+variable "enable_guardduty" {
+  type        = bool
+  description = "Enable GuardDuty"
+  default     = false
+}
+
 variable "enable_proofing" {
   type        = bool
   description = "Enable proofing feature flag"

run-e2e.sh

@@ -21,7 +21,7 @@ print_error() {
     echo -e "${RED}[ERROR]${NC} $1"
 }
 
-RANDOM_DIGITS=0056
+RANDOM_DIGITS=0082
 ENVIRONMENT_NAME="${RANDOM_DIGITS}flaky"
 TOTAL_RUNS=1
 export CI=1
@@ -64,14 +64,31 @@ for i in $(seq 1 $TOTAL_RUNS); do
       cp -r tests/test-team/playwright-report/* "$RUN_DIR/" 2>/dev/null || true
   fi
 
-  #  Destory environment
-  print_status "Destorying $ENVIRONMENT_NAME env... "
-  if ./scripts/destroy_backend_sandbox.sh "$ENVIRONMENT_NAME"; then
-      print_status "Environment destroyed successfully"
-  else
-      print_warning "Could not automagically destroy environment. You may need to clean up manually."
-      print_warning "Environment name: $ENVIRONMENT_NAME"
-  fi
+  echo
+  while true; do
+      read -p "Do you want to destroy the environment '$ENVIRONMENT_NAME'? [Y/n]: " choice
+
+      case $choice in
+          [Yy]* | "" )  # Default to Yes if user just presses Enter
+              print_status "Destorying environment '$ENVIRONMENT_NAME'..."
+              if ./scripts/destroy_backend_sandbox.sh "$ENVIRONMENT_NAME"; then
+                  print_status "Environment destroyed successfully"
+              else
+                  print_warning "Could not automaically destroy environment. You may need to clean up manually."
+                  print_warning "Environment name: $ENVIRONMENT_NAME"
+              fi
+              break
+              ;;
+          [Nn]* )
+              print_warning "Environment '$ENVIRONMENT_NAME' left running"
+              print_status "Remember to clean it up later to avoid unnecessary costs"
+              break
+              ;;
+          * )
+              echo "Please answer Y (yes) or n (no)"
+              ;;
+      esac
+  done
 done
 
 print_status "Script completed"