chore(infrastructure): bump hashicorp/aws from 6.36.0 to 6.53.0 #5129
Conversation
…dd Dependabot tracking - Bump AWS provider constraint from ~> 6.36.0 to ~> 6.53.0 across all infrastructure modules and regenerate .terraform.lock.hcl files with correct provider hashes - Fixes MalformedXML errors on S3 operations against LocalStack and other S3-compatible backends (fixed upstream in v6.43.0, hashicorp/terraform-provider-aws#47530) - Add terraform package-ecosystem to Dependabot covering all existing infrastructure module directories with 21-day cooldown and daily schedule, consistent with other ecosystems in the project - Update auto-generated terraform-docs READMEs to reflect new constraint ~> 6.53.0 Signed-off-by: Nachiket Roy <nachiket.roy.2@gmail.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughThe Terraform AWS provider is bumped from ChangesAWS Provider Version Bump
Estimated code review effort: 4 (Complex) | ~60 minutes Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/dependabot.yml:
- Around line 124-128: The new terraform Dependabot group is missing the same
dependency-level grouping used by the pre-commit block, so update the
version-updates group definition to include group-by: dependency-name alongside
applies-to and patterns. Keep the change within the terraform grouping section
in dependabot.yml and use the existing group blocks as the reference point for
consistency.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: be030504-d1b5-4846-a057-0d28f726f47b
📒 Files selected for processing (58)
.github/dependabot.ymlinfrastructure/bootstrap/.terraform.lock.hclinfrastructure/bootstrap/README.mdinfrastructure/bootstrap/main.tfinfrastructure/live/.terraform.lock.hclinfrastructure/live/README.mdinfrastructure/live/main.tfinfrastructure/modules/alb/.terraform.lock.hclinfrastructure/modules/alb/README.mdinfrastructure/modules/alb/main.tfinfrastructure/modules/cache/.terraform.lock.hclinfrastructure/modules/cache/README.mdinfrastructure/modules/cache/main.tfinfrastructure/modules/database/.terraform.lock.hclinfrastructure/modules/database/README.mdinfrastructure/modules/database/main.tfinfrastructure/modules/ecr-cache/.terraform.lock.hclinfrastructure/modules/ecr-cache/README.mdinfrastructure/modules/ecr-cache/main.tfinfrastructure/modules/kms/.terraform.lock.hclinfrastructure/modules/kms/README.mdinfrastructure/modules/kms/main.tfinfrastructure/modules/networking/.terraform.lock.hclinfrastructure/modules/networking/README.mdinfrastructure/modules/networking/main.tfinfrastructure/modules/networking/modules/nacl/.terraform.lock.hclinfrastructure/modules/networking/modules/nacl/README.mdinfrastructure/modules/networking/modules/nacl/main.tfinfrastructure/modules/networking/modules/vpc-endpoint/.terraform.lock.hclinfrastructure/modules/networking/modules/vpc-endpoint/README.mdinfrastructure/modules/networking/modules/vpc-endpoint/main.tfinfrastructure/modules/parameters/.terraform.lock.hclinfrastructure/modules/parameters/README.mdinfrastructure/modules/parameters/main.tfinfrastructure/modules/security/.terraform.lock.hclinfrastructure/modules/security/README.mdinfrastructure/modules/security/main.tfinfrastructure/modules/service/.terraform.lock.hclinfrastructure/modules/service/README.mdinfrastructure/modules/service/main.tfinfrastructure/modules/storage/.terraform.lock.hclinfrastructure/modules/storage/README.mdinfrastructure/modules/storage/main.tfinfrastructure/modules/storage/modules/s3-bucket/.terraform.lock.hclinfrastructure/modules/storage/modules/s3-bucket/README.mdinfrastructure/modules/storage/modules/s3-bucket/main.tfinfrastructure/modules/storage/modules/shared-data-bucket/.terraform.lock.hclinfrastructure/modules/storage/modules/shared-data-bucket/README.mdinfrastructure/modules/storage/modules/shared-data-bucket/main.tfinfrastructure/modules/tasks/.terraform.lock.hclinfrastructure/modules/tasks/README.mdinfrastructure/modules/tasks/main.tfinfrastructure/modules/tasks/modules/task/.terraform.lock.hclinfrastructure/modules/tasks/modules/task/README.mdinfrastructure/modules/tasks/modules/task/main.tfinfrastructure/state/.terraform.lock.hclinfrastructure/state/README.mdinfrastructure/state/main.tf
Consistent with npm and pip ecosystem groups in the same file. Signed-off-by: Nachiket Roy <nachiket.roy.2@gmail.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5129 +/- ##
=======================================
Coverage 98.73% 98.73%
=======================================
Files 536 536
Lines 16980 16980
Branches 2418 2418
=======================================
Hits 16765 16765
Misses 123 123
Partials 92 92
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
Signed-off-by: Rudransh Shrivastava <rudransh.shrivastava@owasp.org>
add darwin_arm64 and linux_arm64 hashes to the lockfiles. Signed-off-by: Rudransh Shrivastava <rudransh.shrivastava@owasp.org>
b6e6cbf
rudransh-shrivastava
left a comment
There was a problem hiding this comment.
Hi, there are some deprecation warnings:
https://github.com/OWASP/Nest/actions/runs/28710387263/job/85143014122?pr=5129#step:6:771
I think you already fixed them in your original PR? Can you please add them here as well? Thank you!
Signed-off-by: Rudransh Shrivastava <rudransh.shrivastava@owasp.org>
bce29d2
|
Hello @rudransh-shrivastava, |
|
@Nachiket-Roy Hello! I think it's fine to add them here. We can update the PR title/description to reflect the changes. The alternative is to keep those changes in the other PR -- which makes less sense. |
…on id Signed-off-by: Nachiket Roy <nachiket.roy.2@gmail.com>
cb34c8d
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@infrastructure/modules/kms/main.tf`:
- Around line 43-48: The KMS test for AllowCloudWatchLogs is too loose and can
miss regressions in the region-specific interpolation. Update the test that
covers the KMS policy rendering to explicitly assert the rendered
kms:EncryptionContext:aws:logs:arn value and the logs.<region>.amazonaws.com
service principal, using the same data sources or expected interpolation as in
the KMS policy module. Focus on the policy assertions around the
AllowCloudWatchLogs statement so the test verifies both the ARN and principal
values, not just the statement existence.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6507328a-534e-42f9-b859-870037552579
📒 Files selected for processing (1)
infrastructure/modules/kms/main.tf
…atch logs configuration Signed-off-by: Nachiket Roy <nachiket.roy.2@gmail.com>
2417e74
|
Contribution validation failed:
|
1 similar comment
|
Contribution validation failed:
|
|



Proposed change
Resolves #5128
Bumps the hashicorp/aws Terraform provider constraint from ~> 6.36.0 to ~> 6.53.0 across all infrastructure modules and updates all .terraform.lock.hcl lockfiles to match.
Checklist