Skip to content

CCM-6333 Adding Reporting fixes#101

Merged
aidenvaines-cgi merged 4 commits intomainfrom
CCM-6333_TFSec_Fixes
Mar 24, 2025
Merged

CCM-6333 Adding Reporting fixes#101
aidenvaines-cgi merged 4 commits intomainfrom
CCM-6333_TFSec_Fixes

Conversation

@aidenvaines-cgi
Copy link
Copy Markdown
Contributor

@aidenvaines-cgi aidenvaines-cgi commented Mar 18, 2025

Description

  • Sets TFSec to normal mode, disables soft-fail
  • Removes some useless folders
  • Fixes whitespace detection in a workflow
  • Adds some appropriate TFSec exclusions
  • Fixes some TFSec best practice

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

jamesthompson26-nhs
jamesthompson26-nhs reviewed Mar 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jamesthompson26-nhs jamesthompson26-nhs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWS' advice on the workgroup level encryption (when working with bucket keys on the underlying bucket):

  1. Remove the KMS key from the Athena workgroup's encryption configuration:
    Since the bucket keys will be handling the encryption, you don't need the additional layer of encryption from the workgroup-level KMS key. Removing it will simplify the configuration.

  2. Rely solely on the bucket keys for encryption:
    With the bucket keys enabled on the S3 bucket, Athena will automatically use that for encrypting and decrypting the query results. This will reduce the no of API calls.

@aidenvaines-cgi aidenvaines-cgi marked this pull request as ready for review March 24, 2025 09:24
@aidenvaines-cgi aidenvaines-cgi requested a review from a team as a code owner March 24, 2025 09:24
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 24, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@aidenvaines-cgi aidenvaines-cgi added this pull request to the merge queue Mar 24, 2025
Merged via the queue into main with commit 3a055ea Mar 24, 2025
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sidnhs sidnhs sidnhs approved these changes

@jamesthompson26-nhs jamesthompson26-nhs jamesthompson26-nhs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aidenvaines-cgi @sidnhs @jamesthompson26-nhs