Skip to content

chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4#566

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-patch
Open

chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4#566
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-patch

Conversation

@renovate

@renovate renovate Bot commented Mar 28, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
github.com/cds-snc/terraform-modules module patch v10.11.0v10.11.4

Review

  • Updates have been tested and work
  • If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

Release Notes

cds-snc/terraform-modules (github.com/cds-snc/terraform-modules)

v10.11.4

Compare Source

What's Changed

Full Changelog: cds-snc/terraform-modules@v10.11.3...v10.11.4

v10.11.3

Compare Source

What's Changed

Full Changelog: cds-snc/terraform-modules@v10.11.2...v10.11.3

v10.11.2

Compare Source

What's Changed

Full Changelog: cds-snc/terraform-modules@v10.11.1...v10.11.2

v10.11.1

Compare Source

What's Changed

Full Changelog: cds-snc/terraform-modules@v10.11.0...v10.11.1


Configuration

📅 Schedule: (in timezone America/Montreal)

  • Branch creation
    • "every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-patch branch 9 times, most recently from ef77350 to 7fe0cf4 Compare April 3, 2026 22:37
@renovate renovate Bot force-pushed the renovate/all-patch branch 6 times, most recently from b165116 to c6fe701 Compare April 10, 2026 22:37
@renovate renovate Bot force-pushed the renovate/all-patch branch 6 times, most recently from 7a9acb8 to 5916bc5 Compare April 20, 2026 21:34
@renovate renovate Bot force-pushed the renovate/all-patch branch 5 times, most recently from 0009cb3 to b62acb5 Compare April 29, 2026 03:03
@renovate renovate Bot force-pushed the renovate/all-patch branch 4 times, most recently from fc1a8d6 to 4f9e0e2 Compare May 4, 2026 23:36
@renovate renovate Bot force-pushed the renovate/all-patch branch from 4f9e0e2 to 9b0206c Compare May 6, 2026 23:00
@renovate renovate Bot force-pushed the renovate/all-patch branch from 9b0206c to 368b808 Compare May 17, 2026 18:08
@renovate renovate Bot changed the title chore(deps): update all patch dependencies chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4 May 17, 2026
@renovate renovate Bot changed the title chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4 chore(deps): update all patch dependencies to v10.11.4 Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/all-patch branch 2 times, most recently from 01a8cb8 to e1cedc8 Compare June 3, 2026 16:19
@renovate renovate Bot changed the title chore(deps): update all patch dependencies to v10.11.4 chore(deps): update all patch dependencies Jun 22, 2026
@renovate renovate Bot force-pushed the renovate/all-patch branch from e1cedc8 to 20eb13a Compare June 22, 2026 17:56
@renovate renovate Bot force-pushed the renovate/all-patch branch from 20eb13a to f3dd75f Compare June 24, 2026 22:59
@github-actions

Copy link
Copy Markdown

Production: api

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
❌   Terraform Plan: failed
❌   Conftest: failed

Show plan
Error: Error acquiring the state lock

Error message: ConditionalCheckFailedException: The conditional request
failed
Lock Info:
  ID:        6f47aed2-4184-7833-de38-4ca7897f2f0d
  Path:      github-secret-scanning-production-tf/production/api/terraform.tfstate
  Operation: OperationTypePlan
  Who:       runner@runnervm7b5n9
  Version:   1.3.8
  Created:   2026-06-24 22:59:59.702485831 +0000 UTC
  Info:      


Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the "-lock=false"
flag, but this is not recommended.
time=2026-06-24T23:00:05Z level=error msg=Terraform invocation failed in /home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/api/.terragrunt-cache/J_VWwHJ6UBJJi1GJKKhgsw9jgiY/lVFJLQKYtqHgkyEGSnm7gn4u0uA/api prefix=[/home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/api] 
time=2026-06-24T23:00:05Z level=error msg=1 error occurred:
	* exit status 1


@github-actions

Copy link
Copy Markdown

Production: cloudfront

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
❌   Terraform Plan: failed
❌   Conftest: failed

Show plan
Acquiring state lock. This may take a few moments...

Error: Error acquiring the state lock

Error message: ConditionalCheckFailedException: The conditional request
failed
Lock Info:
  ID:        e2785996-d182-ab12-059d-e2efbad6f334
  Path:      github-secret-scanning-production-tf/production/cloudfront/terraform.tfstate
  Operation: OperationTypePlan
  Who:       runner@runnervmmklqx
  Version:   1.3.8
  Created:   2026-06-24 23:01:08.207926161 +0000 UTC
  Info:      


Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the "-lock=false"
flag, but this is not recommended.
time=2026-06-24T23:01:16Z level=error msg=Terraform invocation failed in /home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/cloudfront/.terragrunt-cache/WNUxIlB0eWnWsL8k9PQBSgr3hpk/lVFJLQKYtqHgkyEGSnm7gn4u0uA/cloudfront prefix=[/home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/cloudfront] 
time=2026-06-24T23:01:16Z level=error msg=1 error occurred:
	* exit status 1


@github-actions

Copy link
Copy Markdown

Production: alarms

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 4 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_cloudwatch_metric_alarm.api_error
aws_cloudwatch_metric_alarm.api_secret_detected
aws_kms_key.sns_cloudwatch
aws_sns_topic.cloudwatch_alarm
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_cloudwatch_metric_alarm.api_error will be updated in-place
  ~ resource "aws_cloudwatch_metric_alarm" "api_error" {
        id                        = "GitHub secret scanning: error"
      ~ tags                      = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
      ~ tags_all                  = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
        # (18 unchanged attributes hidden)
    }

  # aws_cloudwatch_metric_alarm.api_secret_detected will be updated in-place
  ~ resource "aws_cloudwatch_metric_alarm" "api_secret_detected" {
        id                        = "GitHub secret scanning: secret detected"
      ~ tags                      = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
      ~ tags_all                  = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
        # (18 unchanged attributes hidden)
    }

  # aws_kms_key.sns_cloudwatch will be updated in-place
  ~ resource "aws_kms_key" "sns_cloudwatch" {
        id                                 = "17a3cee1-81fc-462c-99b7-e23b21612aa3"
      ~ tags                               = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all                           = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_sns_topic.cloudwatch_alarm will be updated in-place
  ~ resource "aws_sns_topic" "cloudwatch_alarm" {
        id                                       = "arn:aws:sns:ca-central-1:283582579564:github-secret-scanning-cloudwatch-alarm"
        name                                     = "github-secret-scanning-cloudwatch-alarm"
      ~ tags                                     = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all                                 = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (13 unchanged attributes hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
WARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.api_error"]

21 tests, 20 passed, 1 warning, 0 failures, 0 exceptions

@github-actions

Copy link
Copy Markdown

Production: alert_compromise

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 3 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_iam_role.group_broadcast_alert_role
aws_lambda_function.broadcast_alert
aws_ssm_parameter.notify_doc_api_key
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_role.group_broadcast_alert_role will be updated in-place
  ~ resource "aws_iam_role" "group_broadcast_alert_role" {
        id                    = "group_broadcast_alert_role"
        name                  = "group_broadcast_alert_role"
      ~ tags                  = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
      ~ tags_all              = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
        # (8 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

  # aws_lambda_function.broadcast_alert will be updated in-place
  ~ resource "aws_lambda_function" "broadcast_alert" {
        id                             = "broadcast_alert"
        tags                           = {}
      ~ tags_all                       = {
          + "ssc_cbrid" = "22DI"
        }
        # (31 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_ssm_parameter.notify_doc_api_key will be updated in-place
  ~ resource "aws_ssm_parameter" "notify_doc_api_key" {
        id              = "notify_doc_api_key"
        name            = "notify_doc_api_key"
      ~ tags            = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all        = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Warning: Argument is deprecated

  with aws_iam_role.group_broadcast_alert_role,
  on iam.tf line 4, in resource "aws_iam_role" "group_broadcast_alert_role":
   4:   managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]

managed_policy_arns is deprecated. Use the aws_iam_role_policy_attachment
resource instead. If Terraform should exclusively manage all managed policy
attachments (the current behavior of this argument), use the
aws_iam_role_policy_attachments_exclusive resource as well.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.broadcast_alert"]

21 tests, 20 passed, 1 warning, 0 failures, 0 exceptions

@renovate renovate Bot changed the title chore(deps): update all patch dependencies chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4 Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants