Skip to content

Update hashicorp/aws requirement from ~> 5.0 to ~> 6.0 in /terraform/modules/vpc-hub #10455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update hashicorp/aws requirement from ~> 5.0 to ~> 6.0 in /terraform/modules/vpc-hub #10455

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 19, 2025
edited
Loading

Updates the requirements on hashicorp/aws to permit the latest version.

Release notes

Sourced from hashicorp/aws's releases.

v6.0.0

BREAKING CHANGES:

  • data-source/aws_ami: The severity of the diagnostic returned when most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#42114)
  • data-source/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_ecs_task_execution: Remove inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_elbv2_listener_rule: The action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#42283)
  • data-source/aws_identitystore_user: filter has been removed (#42325)
  • data-source/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_launch_template: elastic_gpu_specifications has been removed (#42312)
  • data-source/aws_opensearch_domain: kibana_endpoint has been removed (#42268)
  • data-source/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#42270)
  • data-source/aws_service_discovery_service: Remove tags_all attribute (#42136)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_application resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_custom_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ecs_cluster_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ganglia_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_haproxy_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_instance resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_java_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_memcached_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_mysql_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_nodejs_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_permission resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_php_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rails_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rds_db_instance resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_stack resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_static_web_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_user_profile resource has been removed (#41948)
  • provider: As the AWS SDK for Go v2 does not support Amazon SimpleDB the aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#41775)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_fleet resource has been removed (#42059)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_website_certificate_authority_association resource has been removed (#42059)
  • provider: The aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#41941)
  • provider: The endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#42703)
  • provider: The endpoints.opsworks configuration argument has been removed (#41948)
  • provider: The endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#41775)
  • provider: The endpoints.worklink configuration argument has been removed (#42059)
  • resource/aws_accessanalyzer_archive_rule: filter.exists now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_alb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_api_gateway_account: The reset_on_delete argument has been removed (#42226)
  • resource/aws_api_gateway_deployment: Remove canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#42249)
  • resource/aws_batch_compute_environment: Rename compute_environment_name to name resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#38050)
  • resource/aws_batch_compute_environment_data_source: Rename compute_environment_name to name (#38050)
  • resource/aws_batch_job_queue: Remove deprecated parameter compute_environments in place of compute_environment_order (#40751)
  • resource/aws_bedrock_model_invocation_logging_configuration: logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#42307)
  • resource/aws_cloudfront_key_value_store: Attribute id is now set to remote object's Id instead of name (#42230)
  • resource/aws_cloudfront_response_headers_policy: The etag argument is now computed only (#38448)
  • resource/aws_cloudtrail_event_data_store: suspend now only accepts one of "" (empty string), true, or false (#42434)

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

6.0.0 (June 18, 2025)

BREAKING CHANGES:

  • data-source/aws_ami: The severity of the diagnostic returned when most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#42114)
  • data-source/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_ecs_task_execution: Remove inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_elbv2_listener_rule: The action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#42283)
  • data-source/aws_identitystore_user: filter has been removed (#42325)
  • data-source/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_launch_template: elastic_gpu_specifications has been removed (#42312)
  • data-source/aws_opensearch_domain: kibana_endpoint has been removed (#42268)
  • data-source/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#42270)
  • data-source/aws_service_discovery_service: Remove tags_all attribute (#42136)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_application resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_custom_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ecs_cluster_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ganglia_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_haproxy_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_instance resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_java_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_memcached_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_mysql_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_nodejs_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_permission resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_php_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rails_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rds_db_instance resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_stack resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_static_web_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_user_profile resource has been removed (#41948)
  • provider: As the AWS SDK for Go v2 does not support Amazon SimpleDB the aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#41775)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_fleet resource has been removed (#42059)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_website_certificate_authority_association resource has been removed (#42059)
  • provider: The aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#41941)
  • provider: The endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#42703)
  • provider: The endpoints.opsworks configuration argument has been removed (#41948)
  • provider: The endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#41775)
  • provider: The endpoints.worklink configuration argument has been removed (#42059)
  • resource/aws_accessanalyzer_archive_rule: filter.exists now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_alb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_api_gateway_account: The reset_on_delete argument has been removed (#42226)
  • resource/aws_api_gateway_deployment: Remove canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#42249)
  • resource/aws_batch_compute_environment: Rename compute_environment_name to name resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#38050)
  • resource/aws_batch_compute_environment_data_source: Rename compute_environment_name to name (#38050)
  • resource/aws_batch_job_queue: Remove deprecated parameter compute_environments in place of compute_environment_order (#40751)
  • resource/aws_bedrock_model_invocation_logging_configuration: logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#42307)
  • resource/aws_cloudfront_key_value_store: Attribute id is now set to remote object's Id instead of name (#42230)
  • resource/aws_cloudfront_response_headers_policy: The etag argument is now computed only (#38448)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code labels Jun 19, 2025
@dependabot dependabot bot requested a review from a team as a code owner June 19, 2025 10:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code labels Jun 19, 2025
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/modules/vpc-hub

Running Trivy in terraform/modules/vpc-hub
2025-06-19T10:14:58Z WARN [vulndb] Trivy DB may be corrupted and will be re-downloaded. If you manually downloaded DB - use the --skip-db-update flag to skip updating DB.
2025-06-19T10:14:58Z INFO [vulndb] Need to update DB
2025-06-19T10:14:58Z INFO [vulndb] Downloading vulnerability DB...
2025-06-19T10:14:58Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-19T10:15:00Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-19T10:15:00Z INFO [vuln] Vulnerability scanning is enabled
2025-06-19T10:15:00Z INFO [misconfig] Misconfiguration scanning is enabled
2025-06-19T10:15:00Z INFO [misconfig] Need to update the checks bundle
2025-06-19T10:15:00Z INFO [misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-06-19T10:15:02Z INFO [secret] Secret scanning is enabled
2025-06-19T10:15:02Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-06-19T10:15:02Z INFO [secret] Please see also https://trivy.dev/v0.63/docs/scanner/secret#recommendation for faster secret detection
2025-06-19T10:15:02Z INFO [terraform scanner] Scanning root module file_path="."
2025-06-19T10:15:02Z WARN [terraform parser] Variable values were not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="tags_common, tags_prefix, vpc_cidr, vpc_flow_log_iam_role"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:238"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:338"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:412"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:489"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-19T10:15:02Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="main.tf:136-141"
2025-06-19T10:15:02Z INFO Number of language-specific files num=0
2025-06-19T10:15:02Z INFO Detected config files num=2

Report Summary

┌─────────┬───────────┬─────────────────┬───────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ . │ terraform │ - │ 0 │ - │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ main.tf │ terraform │ - │ 0 │ - │
└─────────┴───────────┴─────────────────┴───────────────────┴─────────┘
Legend:

  • '-': Not scanned
  • '0': Clean (no security findings detected)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/modules/vpc-hub

*****************************

Running Checkov in terraform/modules/vpc-hub
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-06-19 10:15:05,292 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 50, Failed checks: 0, Skipped checks: 17


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/modules/vpc-hub

*****************************

Running tflint in terraform/modules/vpc-hub
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/modules/vpc-hub

*****************************

Running Trivy in terraform/modules/vpc-hub
2025-06-19T10:14:58Z	WARN	[vulndb] Trivy DB may be corrupted and will be re-downloaded. If you manually downloaded DB - use the `--skip-db-update` flag to skip updating DB.
2025-06-19T10:14:58Z	INFO	[vulndb] Need to update DB
2025-06-19T10:14:58Z	INFO	[vulndb] Downloading vulnerability DB...
2025-06-19T10:14:58Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-19T10:15:00Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-19T10:15:00Z	INFO	[vuln] Vulnerability scanning is enabled
2025-06-19T10:15:00Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-06-19T10:15:00Z	INFO	[misconfig] Need to update the checks bundle
2025-06-19T10:15:00Z	INFO	[misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-06-19T10:15:02Z	INFO	[secret] Secret scanning is enabled
2025-06-19T10:15:02Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-06-19T10:15:02Z	INFO	[secret] Please see also https://trivy.dev/v0.63/docs/scanner/secret#recommendation for faster secret detection
2025-06-19T10:15:02Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-06-19T10:15:02Z	WARN	[terraform parser] Variable values were not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="tags_common, tags_prefix, vpc_cidr, vpc_flow_log_iam_role"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:238"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:338"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:412"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:489"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-19T10:15:02Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="main.tf:136-141"
2025-06-19T10:15:02Z	INFO	Number of language-specific files	num=0
2025-06-19T10:15:02Z	INFO	Detected config files	num=2

Report Summary

┌─────────┬───────────┬─────────────────┬───────────────────┬─────────┐
│ Target  │   Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ .       │ terraform │        -0-    │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ main.tf │ terraform │        -0-    │
└─────────┴───────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

trivy_exitcode=0

@dependabot
Update hashicorp/aws requirement from ~> 5.0 to ~> 6.0
e3b8cd4 
Updates the requirements on [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) to permit the latest version.
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v5.0.0...v6.0.0)

---
updated-dependencies:
- dependency-name: hashicorp/aws
  dependency-version: 6.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/terraform/terraform/modules/vpc-hub/hashicorp/aws-tw-6.0 branch from 30f3e42 to e3b8cd4 Compare June 27, 2025 12:40
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/modules/vpc-hub

Running Trivy in terraform/modules/vpc-hub
2025-06-27T12:42:28Z WARN [vulndb] Trivy DB may be corrupted and will be re-downloaded. If you manually downloaded DB - use the --skip-db-update flag to skip updating DB.
2025-06-27T12:42:28Z INFO [vulndb] Need to update DB
2025-06-27T12:42:28Z INFO [vulndb] Downloading vulnerability DB...
2025-06-27T12:42:28Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-27T12:42:30Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-27T12:42:30Z INFO [vuln] Vulnerability scanning is enabled
2025-06-27T12:42:30Z INFO [misconfig] Misconfiguration scanning is enabled
2025-06-27T12:42:30Z INFO [misconfig] Need to update the checks bundle
2025-06-27T12:42:30Z INFO [misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-06-27T12:42:32Z INFO [secret] Secret scanning is enabled
2025-06-27T12:42:32Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-06-27T12:42:32Z INFO [secret] Please see also https://trivy.dev/v0.63/docs/scanner/secret#recommendation for faster secret detection
2025-06-27T12:42:32Z INFO [terraform scanner] Scanning root module file_path="."
2025-06-27T12:42:32Z WARN [terraform parser] Variable values were not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="tags_common, tags_prefix, vpc_cidr, vpc_flow_log_iam_role"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="main.tf:136-141"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:238"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:338"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:412"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="main.tf:489"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-27T12:42:32Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-27T12:42:32Z INFO Number of language-specific files num=0
2025-06-27T12:42:32Z INFO Detected config files num=2

Report Summary

┌─────────┬───────────┬─────────────────┬───────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ . │ terraform │ - │ 0 │ - │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ main.tf │ terraform │ - │ 0 │ - │
└─────────┴───────────┴─────────────────┴───────────────────┴─────────┘
Legend:

  • '-': Not scanned
  • '0': Clean (no security findings detected)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/modules/vpc-hub

*****************************

Running Checkov in terraform/modules/vpc-hub
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-06-27 12:42:35,683 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 50, Failed checks: 0, Skipped checks: 17


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/modules/vpc-hub

*****************************

Running tflint in terraform/modules/vpc-hub
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/modules/vpc-hub

*****************************

Running Trivy in terraform/modules/vpc-hub
2025-06-27T12:42:28Z	WARN	[vulndb] Trivy DB may be corrupted and will be re-downloaded. If you manually downloaded DB - use the `--skip-db-update` flag to skip updating DB.
2025-06-27T12:42:28Z	INFO	[vulndb] Need to update DB
2025-06-27T12:42:28Z	INFO	[vulndb] Downloading vulnerability DB...
2025-06-27T12:42:28Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-27T12:42:30Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-06-27T12:42:30Z	INFO	[vuln] Vulnerability scanning is enabled
2025-06-27T12:42:30Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-06-27T12:42:30Z	INFO	[misconfig] Need to update the checks bundle
2025-06-27T12:42:30Z	INFO	[misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-06-27T12:42:32Z	INFO	[secret] Secret scanning is enabled
2025-06-27T12:42:32Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-06-27T12:42:32Z	INFO	[secret] Please see also https://trivy.dev/v0.63/docs/scanner/secret#recommendation for faster secret detection
2025-06-27T12:42:32Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-06-27T12:42:32Z	WARN	[terraform parser] Variable values were not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="tags_common, tags_prefix, vpc_cidr, vpc_flow_log_iam_role"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="main.tf:136-141"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:238"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:338"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:412"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="main.tf:489"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:236"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:336"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:410"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-27T12:42:32Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="main.tf:487"
2025-06-27T12:42:32Z	INFO	Number of language-specific files	num=0
2025-06-27T12:42:32Z	INFO	Detected config files	num=2

Report Summary

┌─────────┬───────────┬─────────────────┬───────────────────┬─────────┐
│ Target  │   Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ .       │ terraform │        -0-    │
├─────────┼───────────┼─────────────────┼───────────────────┼─────────┤
│ main.tf │ terraform │        -0-    │
└─────────┴───────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

trivy_exitcode=0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file DO NOT MERGE terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ASTRobinson