From 587e0e44aa5a6551776e891527180fd31da8a549 Mon Sep 17 00:00:00 2001 From: Mohamed Habib Date: Tue, 3 Sep 2024 12:38:21 +0100 Subject: [PATCH 1/4] Update main.tf --- dev-vpc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-vpc/main.tf b/dev-vpc/main.tf index 29f7b3f..101b10a 100644 --- a/dev-vpc/main.tf +++ b/dev-vpc/main.tf @@ -21,4 +21,4 @@ resource "aws_ssm_parameter" "foo" { value = "10.10.10.0/32" } -resource "null_resource" "test" {} +resource "null_resource" "test2" {} From 66d2052b84cfce58e5f60fb2f20fec6ab08cfe0f Mon Sep 17 00:00:00 2001 From: Mohamed Habib Date: Mon, 10 Nov 2025 21:26:08 -0500 Subject: [PATCH 2/4] Update main.tf --- dev-ec2/main.tf | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/dev-ec2/main.tf b/dev-ec2/main.tf index 396da95..9ee7203 100644 --- a/dev-ec2/main.tf +++ b/dev-ec2/main.tf @@ -2,24 +2,17 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.24.0" + version = "~> 5.0" } } - backend "s3" { - bucket = "digger-states-test" - key = "demo-ee/features/state" - region = "us-east-1" - } } provider "aws" { - region = "us-east-1" # Replace with your desired AWS region + region = "us-east-1" } - -resource "aws_ssm_parameter" "foo" { - name = "/dev/ec2" - type = "String" - value = "ec2 instance" +# This EC2 instance should trigger the Rego deny rule +resource "aws_instance" "test" { + ami = "ami-0c55b159cbfafe1f0" # Amazon Linux 2 AMI + instance_type = "t2.micro" } - From fdbcdad6b0e0c725d9324ced6f020bf9e3bef15b Mon Sep 17 00:00:00 2001 From: Mohamed Habib Date: Mon, 10 Nov 2025 21:27:48 -0500 Subject: [PATCH 3/4] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index f645b83..4fcca5a 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -30,6 +30,7 @@ jobs: ee: 'true' digger-spec: ${{ inputs.spec }} setup-aws: true + setup-terraform: true # recommended to use oidc instead aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 170306c07c0476e1a77f09497af1b83e695a961b Mon Sep 17 00:00:00 2001 From: Mohamed Habib Date: Mon, 10 Nov 2025 21:35:20 -0500 Subject: [PATCH 4/4] Update main.tf --- dev-vpc/main.tf | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/dev-vpc/main.tf b/dev-vpc/main.tf index 101b10a..9ee7203 100644 --- a/dev-vpc/main.tf +++ b/dev-vpc/main.tf @@ -2,23 +2,17 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.24.0" + version = "~> 5.0" } } - backend "s3" { - bucket = "digger-states-test" # Change if a different S3 bucket name was used for the backend - /* Un-comment to use DynamoDB state locking - dynamodb_table = "digger-locktable-quickstart-aws" # Change if a different DynamoDB table name was used for backend - */ - key = "terraform/state" - region = "us-east-1" - } } -resource "aws_ssm_parameter" "foo" { - name = "/dev/vpc" - type = "String" - value = "10.10.10.0/32" +provider "aws" { + region = "us-east-1" } -resource "null_resource" "test2" {} +# This EC2 instance should trigger the Rego deny rule +resource "aws_instance" "test" { + ami = "ami-0c55b159cbfafe1f0" # Amazon Linux 2 AMI + instance_type = "t2.micro" +}