jluevan13 · prisma-cloud-devsecops · Jun 16, 2023
diff --git a/deploy/kubernetes/terraform/main.tf b/deploy/kubernetes/terraform/main.tf
@@ -6,10 +6,10 @@ resource "aws_security_group" "k8s-security-group" {
   name        = "md-k8s-security-group"
   description = "allow all internal traffic, ssh, http from anywhere"
   ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    self        = "true"
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = "true"
   }
   ingress {
     from_port   = 22
@@ -42,17 +42,20 @@ resource "aws_security_group" "k8s-security-group" {
     cidr_blocks = ["0.0.0.0/0"]
   }
   ingress {
-   from_port   = 31601
-   to_port     = 31601
-   protocol    = "tcp"
-   cidr_blocks = ["0.0.0.0/0"]
- }
+    from_port   = 31601
+    to_port     = 31601
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
   egress {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
+  tags = {
+    yor_trace = "c184b889-b2d3-4a07-94b7-8863ec6592d0"
+  }
 }
 
 resource "aws_instance" "ci-sockshop-k8s-master" {
@@ -65,12 +68,12 @@ resource "aws_instance" "ci-sockshop-k8s-master" {
   }
 
   connection {
-    user = "ubuntu"
+    user        = "ubuntu"
     private_key = "${file("${var.private_key_path}")}"
   }
 
   provisioner "file" {
-    source = "deploy/kubernetes/manifests"
+    source      = "deploy/kubernetes/manifests"
     destination = "/tmp/"
   }
 
@@ -83,6 +86,9 @@ resource "aws_instance" "ci-sockshop-k8s-master" {
       "sudo apt-get install -y kubelet kubeadm kubectl kubernetes-cni"
     ]
   }
+  tags = {
+    yor_trace = "5c1a1195-5886-479c-a227-d0642f4a53f0"
+  }
 }
 
 resource "aws_instance" "ci-sockshop-k8s-node" {
@@ -96,7 +102,7 @@ resource "aws_instance" "ci-sockshop-k8s-node" {
   }
 
   connection {
-    user = "ubuntu"
+    user        = "ubuntu"
     private_key = "${file("${var.private_key_path}")}"
   }
 
@@ -110,27 +116,33 @@ resource "aws_instance" "ci-sockshop-k8s-node" {
       "sudo sysctl -w vm.max_map_count=262144"
     ]
   }
+  tags = {
+    yor_trace = "722f5ce2-8e59-47b8-8caf-379ca61702fd"
+  }
 }
 
 resource "aws_elb" "ci-sockshop-k8s-elb" {
-  depends_on = [ "aws_instance.ci-sockshop-k8s-node" ]
-  name = "ci-sockshop-k8s-elb"
-  instances = ["${aws_instance.ci-sockshop-k8s-node.*.id}"]
+  depends_on         = ["aws_instance.ci-sockshop-k8s-node"]
+  name               = "ci-sockshop-k8s-elb"
+  instances          = ["${aws_instance.ci-sockshop-k8s-node.*.id}"]
   availability_zones = ["${data.aws_availability_zones.available.names}"]
-  security_groups = ["${aws_security_group.k8s-security-group.id}"] 
+  security_groups    = ["${aws_security_group.k8s-security-group.id}"]
   listener {
-    lb_port = 80
-    instance_port = 30001
-    lb_protocol = "http"
+    lb_port           = 80
+    instance_port     = 30001
+    lb_protocol       = "http"
     instance_protocol = "http"
   }
 
   listener {
-    lb_port = 9411
-    instance_port = 30002
-    lb_protocol = "http"
+    lb_port           = 9411
+    instance_port     = 30002
+    lb_protocol       = "http"
     instance_protocol = "http"
   }
 
+  tags = {
+    yor_trace = "8a27b35e-35ba-490a-8aec-2ce9d8f463ed"
+  }
 }
 
diff --git a/install/aws-minimesos/aws.tf b/install/aws-minimesos/aws.tf
@@ -3,7 +3,7 @@ variable "aws_region" {
 }
 
 provider "aws" {
-  region = "${var.aws_region}"
+  region     = "${var.aws_region}"
   access_key = "${var.access_key}"
   secret_key = "${var.secret_key}"
 }
@@ -13,44 +13,53 @@ variable "aws_amis" {
   default = {
     ap-northeast-1 = "ami-63b44a02"
     ap-southeast-1 = "ami-21d30f42"
-    eu-central-1 = "ami-26c43149"
-    eu-west-1 = "ami-ed82e39e"
-    sa-east-1 = "ami-dc48dcb0"
-    us-east-1 = "ami-3bdd502c"
-    us-west-1 = "ami-48db9d28"
-    cn-north-1 = "ami-bead78d3"
-    us-gov-west-1 = "ami-6770ce06"
+    eu-central-1   = "ami-26c43149"
+    eu-west-1      = "ami-ed82e39e"
+    sa-east-1      = "ami-dc48dcb0"
+    us-east-1      = "ami-3bdd502c"
+    us-west-1      = "ami-48db9d28"
+    cn-north-1     = "ami-bead78d3"
+    us-gov-west-1  = "ami-6770ce06"
     ap-southeast-2 = "ami-ba3e14d9"
-    us-west-2 = "ami-d732f0b7"
+    us-west-2      = "ami-d732f0b7"
 
   }
 }
 
 resource "aws_vpc" "terraform" {
-  cidr_block = "10.0.0.0/16"
+  cidr_block           = "10.0.0.0/16"
   enable_dns_hostnames = true
 
   tags {
     Name = "terraform"
   }
+  tags = {
+    yor_trace = "a35faae2-96d7-49ff-9e41-b9e6a5075f5f"
+  }
 }
 
 resource "aws_internet_gateway" "terraform" {
   vpc_id = "${aws_vpc.terraform.id}"
   tags {
     Name = "terraform"
   }
+  tags = {
+    yor_trace = "ed714ef2-f951-4059-ae2c-bb637a08c4f4"
+  }
 }
 
 resource "aws_subnet" "terraform" {
-  vpc_id = "${aws_vpc.terraform.id}"
+  vpc_id     = "${aws_vpc.terraform.id}"
   cidr_block = "10.0.0.0/24"
   tags {
     Name = "terraform"
   }
   availability_zone = "eu-west-1b"
 
   map_public_ip_on_launch = true
+  tags = {
+    yor_trace = "945a8b3e-b77e-4e27-b403-957c7546e54c"
+  }
 }
 
 resource "aws_route_table" "terraform" {
@@ -64,33 +73,39 @@ resource "aws_route_table" "terraform" {
   tags {
     Name = "terraform"
   }
+  tags = {
+    yor_trace = "c537a35b-3ac4-489f-b472-98c9c7842a50"
+  }
 }
 
 // The Route Table Association binds our subnet and route together.
 resource "aws_route_table_association" "terraform" {
-  subnet_id = "${aws_subnet.terraform.id}"
+  subnet_id      = "${aws_subnet.terraform.id}"
   route_table_id = "${aws_route_table.terraform.id}"
 }
 
 // The AWS Security Group is akin to a firewall. It specifies the inbound
 // only open required ports in a production environment.
 resource "aws_security_group" "terraform" {
-  name = "terraform-web"
+  name   = "terraform-web"
   vpc_id = "${aws_vpc.terraform.id}"
 
   ingress {
-    protocol = -1
+    protocol  = -1
     from_port = 0
-    to_port = 0
+    to_port   = 0
     cidr_blocks = [
-      "0.0.0.0/0"]
+    "0.0.0.0/0"]
   }
 
   egress {
-    protocol = -1
+    protocol  = -1
     from_port = 0
-    to_port = 0
+    to_port   = 0
     cidr_blocks = [
-      "0.0.0.0/0"]
+    "0.0.0.0/0"]
+  }
+  tags = {
+    yor_trace = "b3099d8d-0b6b-48dc-acdb-0f509a676079"
   }
 }
diff --git a/install/aws-minimesos/main.tf b/install/aws-minimesos/main.tf
@@ -6,8 +6,8 @@
 
 resource "aws_instance" "minimesos" {
 
-  count = 1
-  ami = "${lookup(var.aws_amis, var.aws_region)}"
+  count             = 1
+  ami               = "${lookup(var.aws_amis, var.aws_region)}"
   availability_zone = "eu-west-1b"
 
   root_block_device {
@@ -16,18 +16,18 @@ resource "aws_instance" "minimesos" {
   }
 
   instance_type = "m4.xlarge"
-  key_name = "${var.aws_key_name}"
-  subnet_id = "${aws_subnet.terraform.id}"
+  key_name      = "${var.aws_key_name}"
+  subnet_id     = "${aws_subnet.terraform.id}"
 
   vpc_security_group_ids = [
-    "${aws_security_group.terraform.id}"]
+  "${aws_security_group.terraform.id}"]
 
   tags {
     Name = "minimesos-${count.index}"
   }
 
   connection {
-    user = "ubuntu"
+    user        = "ubuntu"
     private_key = "${var.private_key_file}"
   }
 
@@ -37,7 +37,7 @@ resource "aws_instance" "minimesos" {
     ]
   }
   provisioner "file" {
-    source = "provision.sh"
+    source      = "provision.sh"
     destination = "/tmp/provision.sh"
   }
 
@@ -47,6 +47,9 @@ resource "aws_instance" "minimesos" {
       "/tmp/provision.sh"
     ]
   }
+  tags = {
+    yor_trace = "d243148a-bc4f-4b9a-b263-cdca57365256"
+  }
 }
 
 
diff --git a/staging/main.tf b/staging/main.tf
@@ -6,10 +6,10 @@ resource "aws_security_group" "microservices-demo-staging-k8s" {
   name        = "microservices-demo-staging-k8s"
   description = "allow all internal traffic, all traffic from bastion and http from anywhere"
   ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    self        = "true"
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = "true"
   }
   ingress {
     from_port       = 0
@@ -29,10 +29,13 @@ resource "aws_security_group" "microservices-demo-staging-k8s" {
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
+  tags = {
+    yor_trace = "56117d44-b769-46b5-929f-c2739dc3b698"
+  }
 }
 
 resource "aws_instance" "k8s-node" {
-  depends_on      = [ "aws_instance.k8s-master" ] 
+  depends_on      = ["aws_instance.k8s-master"]
   count           = "${var.nodecount}"
   instance_type   = "${var.node_instance_type}"
   ami             = "${lookup(var.aws_amis, var.aws_region)}"
@@ -66,6 +69,9 @@ resource "aws_instance" "k8s-node" {
     command = "ssh -i ${var.private_key_file} -o StrictHostKeyChecking=no ubuntu@${self.private_ip} sudo `cat join.cmd`"
   }
 
+  tags = {
+    yor_trace = "f7663aaf-1e4d-4291-a747-f906fedd2651"
+  }
 }
 
 resource "aws_instance" "k8s-master" {
@@ -112,26 +118,32 @@ resource "aws_instance" "k8s-master" {
   provisioner "local-exec" {
     command = "scp -i ${var.private_key_file} -o StrictHostKeyChecking=no ubuntu@${self.private_ip}:~/config ~/.kube/"
   }
+  tags = {
+    yor_trace = "22be48cb-6330-4c1e-a76d-0ab15dcc1b5c"
+  }
 }
 
 resource "null_resource" "up" {
-  depends_on      = [ "aws_instance.k8s-node" ]
+  depends_on = ["aws_instance.k8s-node"]
   provisioner "local-exec" {
     command = "./up.sh ${var.weave_cloud_token}"
   }
 }
 
 resource "aws_elb" "microservices-demo-staging-k8s" {
-  depends_on = [ "aws_instance.k8s-node" ]
-  name = "microservices-demo-staging-k8s"
-  instances = ["${aws_instance.k8s-node.*.id}"]
+  depends_on         = ["aws_instance.k8s-node"]
+  name               = "microservices-demo-staging-k8s"
+  instances          = ["${aws_instance.k8s-node.*.id}"]
   availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
-  security_groups = ["${aws_security_group.microservices-demo-staging-k8s.id}"]
+  security_groups    = ["${aws_security_group.microservices-demo-staging-k8s.id}"]
 
   listener {
-    lb_port = 80
-    instance_port = 30001
-    lb_protocol = "http"
+    lb_port           = 80
+    instance_port     = 30001
+    lb_protocol       = "http"
     instance_protocol = "http"
   }
+  tags = {
+    yor_trace = "04baf045-5f77-4e41-baf1-aff0919cf859"
+  }
 }