Skip to content

feat: modernize module with CI/CD pipeline, security enhancements, and rename to terraform-aws-ec2-backup #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 30, 2025
Merged

feat: modernize module with CI/CD pipeline, security enhancements, and rename to terraform-aws-ec2-backup #3

merged 5 commits into from
Jul 30, 2025
+3,054 −496

Conversation

mikmorley
Copy link
Owner

This pull request introduces significant updates to the CI/CD pipeline, Terraform module, and project documentation. The changes include a complete overhaul of the GitHub Actions workflows, enhancements to security and monitoring features, and a major version update with breaking changes to the Terraform module. Below are the key highlights:

CI/CD Pipeline Enhancements:

  • Addition of Comprehensive Workflows: Introduced workflows for Terraform validation, Lambda testing, security scanning, Terraform planning, documentation validation, and a final status check. These workflows include steps for linting, testing, security analysis, and commenting on pull requests with results (.github/workflows/terraform-lint.yml, .github/workflows/terraform-lint.ymlL1-R329).
  • Environment Variable Standardization: Added TF_VERSION and NODE_VERSION environment variables for consistent tool versioning (.github/workflows/terraform-lint.yml, .github/workflows/terraform-lint.ymlL1-R329).

Terraform Module Updates:

  • Breaking Changes: Renamed the module to terraform-aws-ec2-backup, updated the source path for the Terraform Registry, and increased the minimum Terraform version requirement to 1.0+ (CHANGELOG.md, CHANGELOG.mdR1-R109).
  • New Features: Added IAM policy hardening, advanced monitoring with custom CloudWatch metrics, SNS notifications, and support for enhanced tagging (CHANGELOG.md, CHANGELOG.mdR1-R109).
  • Performance Improvements: Upgraded Lambda runtime to Node.js 20.x, migrated to AWS SDK v3, and increased Lambda memory allocation for better performance (CHANGELOG.md, CHANGELOG.mdR1-R109).

Documentation Improvements:

  • Changelog Introduction: Added a CHANGELOG.md file adhering to the "Keep a Changelog" format to document all notable changes (CHANGELOG.md, CHANGELOG.mdR1-R109).
  • Migration Guide: Included a detailed guide for migrating from v1.x to v2.0, outlining required changes and optional enhancements (CHANGELOG.md, CHANGELOG.mdR1-R109).
  • Enhanced README: Improved documentation with usage examples, troubleshooting steps, and security best practices (CHANGELOG.md, CHANGELOG.mdR1-R109).

@github-actions GitHub Actions
Copy link

Terraform Validation Results 🚀

Terraform Format and Style 🖌 failure

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation Output 

Warning: Deprecated attribute

  on main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)
Success! The configuration is valid, but there were some validation warnings
as shown above.

@github-actions GitHub Actions
Copy link

Terraform Validation Results 🚀

Terraform Format and Style 🖌 failure

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation Output 

Warning: Deprecated attribute

  on main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)
Success! The configuration is valid, but there were some validation warnings
as shown above.

@github-actions GitHub Actions
Copy link

Terraform Validation Results 🚀

Terraform Format and Style 🖌 failure

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation Output 

Warning: Deprecated attribute

  on main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)
Success! The configuration is valid, but there were some validation warnings
as shown above.

@github-actions GitHub Actions
Copy link

Terraform Plan Results 📋

Terraform Plan 📖 failure

Show Plan Output 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform planned the following actions, but then encountered a problem:

  # module.backup_test.terraform_data.lambda_package will be created
  + resource "terraform_data" "lambda_package" {
      + id               = (known after apply)
      + triggers_replace = [
          + "aQj7dIwnPhKwel2mPsjiDn/AruTkE+Ce0duDQMgDF5k=",
          + "lgG6ollM3Y2Uu1dYRpeFh+RTA3hj7FhtFh/MAp75wEo=",
        ]
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)

Pushed by: @mikmorley, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Validation Results 🚀

Terraform Format and Style 🖌 failure

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation Output 

Warning: Deprecated attribute

  on main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)
Success! The configuration is valid, but there were some validation warnings
as shown above.

@github-actions GitHub Actions
Copy link

Terraform Plan Results 📋

Terraform Plan 📖 failure

Show Plan Output 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform planned the following actions, but then encountered a problem:

  # module.backup_test.terraform_data.lambda_package will be created
  + resource "terraform_data" "lambda_package" {
      + id               = (known after apply)
      + triggers_replace = [
          + "aQj7dIwnPhKwel2mPsjiDn/AruTkE+Ce0duDQMgDF5k=",
          + "lgG6ollM3Y2Uu1dYRpeFh+RTA3hj7FhtFh/MAp75wEo=",
        ]
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)

Pushed by: @mikmorley, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Validation Results 🚀

Terraform Format and Style 🖌 failure

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation Output 

Warning: Deprecated attribute

  on main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)
Success! The configuration is valid, but there were some validation warnings
as shown above.

@github-actions GitHub Actions
Copy link

Terraform Plan Results 📋

Terraform Plan 📖 failure

Show Plan Output 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform planned the following actions, but then encountered a problem:

  # module.backup_test.terraform_data.lambda_package will be created
  + resource "terraform_data" "lambda_package" {
      + id               = (known after apply)
      + triggers_replace = [
          + "aQj7dIwnPhKwel2mPsjiDn/AruTkE+Ce0duDQMgDF5k=",
          + "lgG6ollM3Y2Uu1dYRpeFh+RTA3hj7FhtFh/MAp75wEo=",
        ]
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../main.tf line 77, in data "aws_iam_policy_document" "default":
  77:       values   = [data.aws_region.current.name]

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 10 more similar warnings elsewhere)

Pushed by: @mikmorley, Action: pull_request

@mikmorley mikmorley requested a review from Copilot July 29, 2025 00:50
Copilot
Copilot AI reviewed Jul 29, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request modernizes the terraform-aws-ec2-backup module with significant security, monitoring, and CI/CD enhancements. The module has been renamed from terraform-aws-scheduled-ec2-ami-backup-automation to terraform-aws-ec2-backup and upgraded to version 2.0.0 with breaking changes including enhanced IAM security, comprehensive monitoring capabilities, and a complete CI/CD pipeline overhaul.

Key changes include:

  • Enhanced security with least-privilege IAM policies and scoped permissions
  • Comprehensive monitoring with CloudWatch alarms, custom metrics, and SNS notifications
  • Modern architecture upgrade from Node.js 12.x to 20.x with AWS SDK v3 migration

Reviewed Changes

Copilot reviewed 11 out of 14 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
versions.tf New file establishing Terraform 1.0+ and AWS provider 4.0+ requirements
variables.tf Enhanced with comprehensive input validation, monitoring options, and advanced tagging variables
main.tf Major overhaul with security-hardened IAM policies, monitoring infrastructure, and runtime Lambda building
lambda/package.json Updated package metadata and migrated to AWS SDK v3 dependencies
lambda/index.js Complete rewrite with AWS SDK v3, enhanced error handling, and custom metrics publishing
lambda/README.md Updated documentation explaining automated build process and development workflow
lambda/.eslintrc.js New ESLint configuration for code quality enforcement
TESTING.md New comprehensive testing guide documenting CI/CD pipeline and local testing procedures
README.md Complete documentation overhaul with modern examples, troubleshooting, and security guidance
CHANGELOG.md New changelog following Keep a Changelog format with detailed migration guide
.github/workflows/terraform-lint.yml Complete CI/CD pipeline with validation, testing, security scanning, and automated PR comments
Files not reviewed (1)
  • lambda/package-lock.json: Language not supported
Comments suppressed due to low confidence (2)

lambda/package.json:21

  • The version "^3.0.0" for @aws-sdk/client-ec2 is too broad and may include breaking changes. Consider using a more specific version range like "^3.400.0" to ensure compatibility and avoid potential issues with future major releases within the v3 range.
    "@aws-sdk/client-ec2": "^3.0.0",

lambda/package.json:22

  • The version "^3.0.0" for @aws-sdk/client-cloudwatch is too broad and may include breaking changes. Consider using a more specific version range like "^3.400.0" to ensure compatibility and avoid potential issues with future major releases within the v3 range.
    "@aws-sdk/client-cloudwatch": "^3.0.0"

@mikmorley mikmorley merged commit 85196d9 into main Jul 30, 2025
6 checks passed
@mikmorley mikmorley deleted the dev branch July 30, 2025 03:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mikmorley