infrastructure-as-code

Describe the solution you'd like
It would be nice to have a way to control whether a VM starts on boot or not. Maybe a new autostart option to salt.states.virt.running and/or salt.states.virt.defined? Or maybe a new function?

Describe alternatives you've considered
I'll probably use salt.modules.virt.set_autostart for now.

Remove PodSecurityPolicy in the helm manifest

helm install trivy . --namespace trivy --create-namespace

W1018 19:47:44.637292   21571 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W1018 19:47:44.745250   21571 warnings.go:70] policy/v1beta1 PodSecurityPolicy is de

What is the problem?

Triggerring a Lambda from Kinesis requires permissions to GetRecords, GetShardIterator, DescribeStream, ListShards, and ListStreams Actions.

However, Stream.grantRead adds DescribeStreamSummary, GetRecords, GetShardIterator, ListShards, SubscribeToShard permissions

Reproduction Steps

const myRole = new Role(
          this,
          `MyLambdaRole`,
  

Add a new usage-based cost component to the aws_db_instance resource:

• Name: Additional backup storage
• Unit: GB
• Usage key: additional_backup_storage_gb

AWS Pricing pages:

• https://aws.amazon.com/rds/aurora/pricing/?pg=pr&loc=1
• https://aws.amazon.com/rds/postgresql/pricing/?pg=pr&loc=3
• https://aws.amazon.com/rds/mysql/pricing/?pg=pr&loc=2
• https://aws.amazon.com/rds/mariadb

Hello Team,
Here is the my current checkov_scan.yml file
name: Run Checkov action serverless
id: checkov1
uses: bridgecrewio/checkov-action@master
with:
#skip_check: CKV_AWS_23 # optional: skip a specific check_id
#quiet: true # optional: display only failed checks
#log_level: DEBUG # optional: set log level. Default WARNING

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Description

Add GCE support for google_project_iam_custom_role (TF)

Sources

• Terraform Resource Documentation
• GCP Resource Documentation

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).