fix: revert sechub & backup cdk (#657)

superwerker · Oct 23, 2024 · b5d4a03 · b5d4a03
1 parent 04f61e1
commit b5d4a03
Show file tree

Hide file tree

Showing 6 changed files with 511 additions and 78 deletions.
diff --git a/cdk/src/index.ts b/cdk/src/index.ts
@@ -40,6 +40,10 @@ NagSuppressions.addStackSuppressions(
       id: 'AwsSolutions-SF2',
       reason: 'Tracing for Stepfunction is not necessary in our case',
     },
+    {
+      id: 'AwsSolutions-S1',
+      reason: 'S3 access logs not required',
+    },
   ],
   true,
 );

diff --git a/cdk/src/stacks/backup.ts b/cdk/src/stacks/backup.ts
@@ -1,3 +1,22 @@
+import path from 'path';
+import { NestedStack, NestedStackProps } from 'aws-cdk-lib';
+import { CfnInclude } from 'aws-cdk-lib/cloudformation-include';
+import { Construct } from 'constructs';
+
+export class BackupStack extends NestedStack {
+  constructor(scope: Construct, id: string, props: NestedStackProps) {
+    super(scope, id, props);
+    new CfnInclude(this, 'SuperwerkerTemplate', {
+      templateFile: path.join(__dirname, '..', '..', '..', 'templates', 'backup.yaml'),
+    });
+  }
+}
+
+// Backup feature with Custom Resource still flacky
+// using for now old SSM based Approach
+
+/*
+
 import fs from 'fs';
 import {
   CfnResource,
@@ -410,3 +429,5 @@ export class BackupStack extends NestedStack {
     backupPolicy.node.addDependency(backupPolicyEnable.node.defaultChild as CfnResource);
   }
 }
+
+*/
diff --git a/cdk/src/stacks/security-hub.ts b/cdk/src/stacks/security-hub.ts
@@ -1,3 +1,21 @@
+import path from 'path';
+import { NestedStack, NestedStackProps } from 'aws-cdk-lib';
+import { CfnInclude } from 'aws-cdk-lib/cloudformation-include';
+import { Construct } from 'constructs';
+
+export class SecurityHubStack extends NestedStack {
+  constructor(scope: Construct, id: string, props: NestedStackProps) {
+    super(scope, id, props);
+    new CfnInclude(this, 'SuperwerkerTemplate', {
+      templateFile: path.join(__dirname, '..', '..', '..', 'templates', 'security-hub.yaml'),
+    });
+  }
+}
+
+// Security Hub Activation with Custom Resource still flacky due to AWS APIs
+// using for now old SSM based Approach
+
+/*
 import { NestedStack, NestedStackProps } from 'aws-cdk-lib';
 import { StringParameter } from 'aws-cdk-lib/aws-ssm';
 import { Construct } from 'constructs';
@@ -22,3 +40,4 @@ export class SecurityHubStack extends NestedStack {
     });
   }
 }
+*/
diff --git a/cdk/yarn.lock b/cdk/yarn.lock
@@ -35,28 +35,20 @@
   resolved "https://registry.yarnpkg.com/@aws-cdk/aws-lambda-python-alpha/-/aws-lambda-python-alpha-2.66.1-alpha.0.tgz#fad09f0d7132fa3b19ad2d7497f5b0e56edc53e5"
   integrity sha512-iRP6uhMzkY3dDneSbtp12iY7/7Bs7hs7TuDD8gdylAu482omFcP3gjDowXMQjogCYT9B4cJwOsKI54bnvJZg9g==
 
-"@aws-cdk/cloud-assembly-schema@2.147.3":
-  version "2.147.3"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-2.147.3.tgz#39f8baf499b09fb068f30afe5bc705e230f2ef33"
-  integrity sha512-Ar+NLd9XOPD4sa02FluxQGbpvgF36qVdsCrvY2XK3MAMARSjc37GVuVYitWxF/STGu4Xx3rHrJJ4p8iJy9f0YQ==
-  dependencies:
-    jsonschema "^1.4.1"
-    semver "^7.6.2"
-
-"@aws-cdk/cloud-assembly-schema@^38.0.0":
+"@aws-cdk/cloud-assembly-schema@^38.0.0", "@aws-cdk/cloud-assembly-schema@^38.0.1":
   version "38.0.1"
   resolved "https://registry.yarnpkg.com/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-38.0.1.tgz#cdf4684ae8778459e039cd44082ea644a3504ca9"
   integrity sha512-KvPe+NMWAulfNVwY7jenFhzhuLhLqJ/OPy5jx7wUstbjnYnjRVLpUHPU3yCjXFE0J8cuJVdx95BJ4rOs66Pi9w==
   dependencies:
     jsonschema "^1.4.1"
     semver "^7.6.3"
 
-"@aws-cdk/cx-api@2.147.3":
-  version "2.147.3"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/cx-api/-/cx-api-2.147.3.tgz#85c4900f4236b71993082a406dd528716a5d8553"
-  integrity sha512-uFivZ/u+EHFc57j0wJWzZ5UqaiBsQKzA9vUjJpuyfd50O6tO3DDEbKogS2Fn8sHCWufOiRwB46hWTUOIqoVcwg==
+"@aws-cdk/cx-api@^2.162.1":
+  version "2.163.1"
+  resolved "https://registry.yarnpkg.com/@aws-cdk/cx-api/-/cx-api-2.163.1.tgz#ef55da9f471c963d877b23d3201ca4560d656b2e"
+  integrity sha512-0bVL/pX0UcliCdXVcgtLVL3W5EHAp4RgW7JN3prz1dIOmLZzZ30DW0qWSc0D0EVE3rVG6RVgfIiuFBFK6WFZ+w==
   dependencies:
-    semver "^7.6.2"
+    semver "^7.6.3"
 
 "@aws-crypto/sha256-browser@5.2.0":
   version "5.2.0"
@@ -2992,10 +2984,10 @@ aws-sdk-client-mock@^4.1.0:
     sinon "^18.0.1"
     tslib "^2.1.0"
 
-aws-sdk@^2.1639.0:
-  version "2.1644.0"
-  resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.1644.0.tgz#998b5a7fc059b13f760e19013948cc8b2317165c"
-  integrity sha512-9DkVmQWrL766uxeag6wLbXNahwodrIvxZlh1JZ6bzMoNXLCx38GhQfdtLhCoqK7+k0c5QIzHhjPqyqwPM4ohJw==
+aws-sdk@^2.1691.0:
+  version "2.1691.0"
+  resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.1691.0.tgz#9d6ccdcbae03c806fc62667b76eb3e33e5294dcc"
+  integrity sha512-/F2YC+DlsY3UBM2Bdnh5RLHOPNibS/+IcjUuhP8XuctyrN+MlL+fWDAiela32LTDk7hMy4rx8MTgvbJ+0blO5g==
   dependencies:
     buffer "4.9.2"
     events "1.1.1"
@@ -3218,15 +3210,15 @@ case@1.6.3:
   resolved "https://registry.yarnpkg.com/case/-/case-1.6.3.tgz#0a4386e3e9825351ca2e6216c60467ff5f1ea1c9"
   integrity sha512-mzDSXIPaFwVDvZAHqZ9VlbyF4yyXRuX6IvB06WvPYkqJVO24kX1PPhv9bfpKNFZyxYFmmgo03HUiD8iklmJYRQ==
 
-cdk-assets@^2.147.3:
-  version "2.147.3"
-  resolved "https://registry.yarnpkg.com/cdk-assets/-/cdk-assets-2.147.3.tgz#fd31ee564cc5c67f941cc0a70ec395c1ec78ea80"
-  integrity sha512-lTsdZxmHI6MhYbPYDDWmnamB4ddo61UZqO+WbC+QWMUeMbxE4bxn0GzK4iVSCEmhlsk9ExqulHgqa5eTsFNLlg==
+cdk-assets@^2.155.14:
+  version "2.155.15"
+  resolved "https://registry.yarnpkg.com/cdk-assets/-/cdk-assets-2.155.15.tgz#e9480cc610d95c940dd785dfc50bcca32786e0ee"
+  integrity sha512-L8I+YEkh1V4jljJ6gMkiDuW7+G8SkA6sF8l5dQMw3WBNeD6RUPZ2gV8gDAse+PNZ59Xu8lXElAnwzJeZQKpHqg==
   dependencies:
-    "@aws-cdk/cloud-assembly-schema" "2.147.3"
-    "@aws-cdk/cx-api" "2.147.3"
+    "@aws-cdk/cloud-assembly-schema" "^38.0.1"
+    "@aws-cdk/cx-api" "^2.162.1"
     archiver "^5.3.2"
-    aws-sdk "^2.1639.0"
+    aws-sdk "^2.1691.0"
     glob "^7.2.3"
     mime "^2.6.0"
     yargs "^16.2.0"
@@ -6278,7 +6270,7 @@ semver@^6.3.0, semver@^6.3.1:
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
   integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==
 
-semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.2, semver@^7.6.3:
+semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.3:
   version "7.6.3"
   resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143"
   integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==