Merge branch 'main' into UML-3738

ministryofjustice · Jan 10, 2025 · 56be0c4 · 56be0c4
2 parents dfca208 + d394448
commit 56be0c4
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 62 deletions.
diff --git a/.github/workflows/_lint-terraform.yml b/.github/workflows/_lint-terraform.yml
@@ -46,7 +46,7 @@ jobs:
           role-duration-seconds: 1800
           role-session-name: OPGUseAnLPAECRGithubAction
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # [email protected]
+      - uses: webfactory/ssh-agent@72c0bfd31ab22a2e11716951e3f107a9647dc97e # [email protected]
         with:
           ssh-private-key: ${{ secrets.USE_AN_LPA_DEPLOY_KEY_PRIVATE_KEY }}
 

diff --git a/.github/workflows/_run-terraform.yml b/.github/workflows/_run-terraform.yml
@@ -101,7 +101,7 @@ jobs:
           role-duration-seconds: 1800
           role-session-name: OPGUseAnLPATerraformGithubAction
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # [email protected]
+      - uses: webfactory/ssh-agent@72c0bfd31ab22a2e11716951e3f107a9647dc97e # [email protected]
         with:
           ssh-private-key: ${{ secrets.USE_AN_LPA_DEPLOY_KEY_PRIVATE_KEY }}
 

diff --git a/.github/workflows/scheduled-workspace-cleanup.yml b/.github/workflows/scheduled-workspace-cleanup.yml
@@ -36,7 +36,7 @@ jobs:
           terraform_version: ${{ steps.set-terraform-version.outputs.TF_VERSION }}
           terraform_wrapper: false
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # [email protected]
+      - uses: webfactory/ssh-agent@72c0bfd31ab22a2e11716951e3f107a9647dc97e # [email protected]
         with:
           ssh-private-key: ${{ secrets.USE_AN_LPA_DEPLOY_KEY_PRIVATE_KEY }}
 

diff --git a/service-front/app/composer.json b/service-front/app/composer.json
@@ -67,7 +67,7 @@
         "mezzio/mezzio-helpers": "^5.0",
         "mezzio/mezzio-session": "^1.3",
         "mezzio/mezzio-twigrenderer": "^2.3",
-        "nesbot/carbon": "^3.0.0",
+        "nesbot/carbon": "3.8.0",
         "paragonie/halite": "^5.0"
     },
     "require-dev": {

diff --git a/service-front/app/composer.lock b/service-front/app/composer.lock
diff --git a/terraform/account/kms.tf b/terraform/account/kms.tf
@@ -150,11 +150,9 @@ data "aws_iam_policy_document" "cloudwatch_kms" {
 
 data "aws_iam_policy_document" "event_receiver_kms" {
   statement {
-    sid    = "Allow Encryption by Service"
-    effect = "Allow"
-    resources = [
-      "arn:aws:kms:*:${data.aws_caller_identity.current.account_id}:key/*"
-    ]
+    sid       = "Allow Encryption by Service"
+    effect    = "Allow"
+    resources = ["*"]
     actions = [
       "kms:Encrypt",
       "kms:ReEncrypt*",
@@ -171,23 +169,20 @@ data "aws_iam_policy_document" "event_receiver_kms" {
   }
 
   statement {
-    sid    = "Allow Decryption by Service"
-    effect = "Allow"
-    resources = [
-      "arn:aws:kms:*:${data.aws_caller_identity.current.account_id}:key/*"
-    ]
+    sid       = "Allow Decryption by Service"
+    effect    = "Allow"
+    resources = ["*"]
     actions = [
       "kms:Decrypt",
       "kms:GenerateDataKey*",
-      "kms:DescribeKey",
+      "kms:DescribeKey"
     ]
 
     principals {
       type = "Service"
       identifiers = [
         "sqs.amazonaws.com",
-        "events.amazonaws.com",
-        "lambda.amazonaws.com",
+        "events.amazonaws.com"
       ]
     }
   }