From 43ae0affbc6ca3159b8499b057b477194d48a8dd Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 19:35:31 +0000
Subject: [PATCH 1/2] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/pre-commit/pre-commit-hooks: v4.4.0 → v4.6.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.4.0...v4.6.0)
- [github.com/antonbabenko/pre-commit-terraform: v1.77.0 → v1.96.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.77.0...v1.96.1)
---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 11d16c9..5351bab 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.6.0
     hooks:
     -   id: trailing-whitespace
     -   id: end-of-file-fixer
@@ -10,7 +10,7 @@ repos:
         args: ["--allow-multiple-documents"]
     -   id: check-added-large-files
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+    rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
     hooks:
       - id: terraform_fmt     #  args: ["--enable require-variable-braces,deprecate-which"]
       - id: terraform_tflint

From ca50dacb656ccde8272b167aa37e43ae243d63e6 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 19:36:11 +0000
Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 account_alias/README.md                  |  2 +-
 account_alias/main.tf                    |  2 +-
 role/main.tf                             | 10 +++++-----
 role/variables.tf                        |  2 +-
 sdl_logs/README.md                       |  1 -
 sdl_logs/eventbridge.tf                  |  6 +++---
 sdl_logs/guardduty.tf                    |  2 +-
 sdl_logs/kms.tf                          |  2 +-
 sdl_logs/main.tf                         |  1 -
 sdl_logs/s3.tf                           |  4 ++--
 sdl_logs/sns.tf                          |  2 +-
 security-alerts/cloudwatch.tf            |  2 +-
 security-alerts/code/sechub_transform.py |  4 ++--
 security-alerts/data.tf                  |  2 +-
 security-alerts/events.tf                |  2 +-
 security-alerts/iam.tf                   |  2 +-
 security-alerts/lambda.tf                |  2 +-
 security-alerts/step_function.tf         |  2 +-
 security-alerts/variables.tf             |  2 +-
 19 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/account_alias/README.md b/account_alias/README.md
index 2d0e002..6efbd50 100644
--- a/account_alias/README.md
+++ b/account_alias/README.md
@@ -2,4 +2,4 @@
 
 Sets the account alias for an AWS account. https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html
 
-Variable account_alias will be set for the account, e.g. "batcave-dev". Queryable with [ListAccountAliases](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html)
\ No newline at end of file
+Variable account_alias will be set for the account, e.g. "batcave-dev". Queryable with [ListAccountAliases](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html)
diff --git a/account_alias/main.tf b/account_alias/main.tf
index bb9e232..50eff4d 100644
--- a/account_alias/main.tf
+++ b/account_alias/main.tf
@@ -9,4 +9,4 @@ variable "alias_name" {
     condition     = length(var.alias_name) >= 3 && length(var.alias_name) <= 63
     error_message = "Account Alias must have between 3 and 63 characters."
   }
-}
\ No newline at end of file
+}
diff --git a/role/main.tf b/role/main.tf
index 17994c7..4e53c41 100644
--- a/role/main.tf
+++ b/role/main.tf
@@ -10,7 +10,7 @@ resource "aws_iam_role" "api-service-role" {
   permissions_boundary = var.permissions_boundary
   tags = var.tags
   assume_role_policy = <<-EOF
-  { 
+  {
     "Version": "2012-10-17",
     "Statement": [
       {
@@ -39,7 +39,7 @@ resource "aws_iam_role" "job-scheduler-service-role" {
   permissions_boundary = var.permissions_boundary
   tags = var.tags
   assume_role_policy = <<-EOF
-  { 
+  {
     "Version": "2012-10-17",
     "Statement": [
     {
@@ -70,7 +70,7 @@ resource "aws_iam_role" "cms-cloud-s3-snowflake-role" {
   assume_role_policy = <<-EOF
   {
     "Version": "2012-10-17",
-    "Statement": 
+    "Statement":
     [
       {
         "Effect": "Allow",
@@ -84,10 +84,10 @@ resource "aws_iam_role" "cms-cloud-s3-snowflake-role" {
           "StringEquals": {
             "sts:ExternalId": "${var.SDLExternalId}"
             }
-          }  
+          }
       }
     ]
-  }                  
+  }
   EOF
 }
 
diff --git a/role/variables.tf b/role/variables.tf
index 5709602..941e33a 100644
--- a/role/variables.tf
+++ b/role/variables.tf
@@ -61,4 +61,4 @@ variable "tags" {
   description = "A mapping of tags to assign to all resources"
   type        = map(string)
   default     = {}
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/README.md b/sdl_logs/README.md
index 0ae14dc..8a3c37c 100644
--- a/sdl_logs/README.md
+++ b/sdl_logs/README.md
@@ -1,4 +1,3 @@
 # SDL logs
 
 Sends all object create events on the logging bucket to eventbridge, a trigger to SNS, and connection to the Panther SQS queue for ingestion.
-
diff --git a/sdl_logs/eventbridge.tf b/sdl_logs/eventbridge.tf
index 06718de..0cdf132 100644
--- a/sdl_logs/eventbridge.tf
+++ b/sdl_logs/eventbridge.tf
@@ -42,9 +42,9 @@ resource "aws_cloudwatch_event_target" "target" {
             "awsRegion":<region>,
             "eventTime":<time>,
             "eventName":"PutObject",
-            "s3":{  
+            "s3":{
                 "s3SchemaVersion":"1.0",
-                "bucket":{  
+                "bucket":{
                     "name":"${data.aws_s3_bucket.cms_logging_bucket.id}",
                     "arn":"${data.aws_s3_bucket.cms_logging_bucket.arn}"
                 },
@@ -55,4 +55,4 @@ resource "aws_cloudwatch_event_target" "target" {
 }
 EOF
   }
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/guardduty.tf b/sdl_logs/guardduty.tf
index 830e92b..ae750d3 100644
--- a/sdl_logs/guardduty.tf
+++ b/sdl_logs/guardduty.tf
@@ -9,4 +9,4 @@ resource "aws_guardduty_publishing_destination" "s3-export" {
 resource "aws_s3_object" "guardduty_directory" {
   bucket = aws_s3_bucket.gd_export_s3_bucket.id
   key    = "guardduty/"
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/kms.tf b/sdl_logs/kms.tf
index c58522c..4ab58c1 100644
--- a/sdl_logs/kms.tf
+++ b/sdl_logs/kms.tf
@@ -91,4 +91,4 @@ resource "aws_kms_key" "kms_key" {
 resource "aws_kms_alias" "kms_key" {
   name          = "alias/batcave-panther"
   target_key_id = aws_kms_key.kms_key.id
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/main.tf b/sdl_logs/main.tf
index 7125487..33e1592 100644
--- a/sdl_logs/main.tf
+++ b/sdl_logs/main.tf
@@ -88,4 +88,3 @@ resource "aws_iam_role_policy" "kms_decryption" {
     ]
   })
 }
-
diff --git a/sdl_logs/s3.tf b/sdl_logs/s3.tf
index 8be1525..ae2c0a3 100644
--- a/sdl_logs/s3.tf
+++ b/sdl_logs/s3.tf
@@ -3,7 +3,7 @@ data "aws_s3_bucket" "cms_logging_bucket" {
 }
 
 
-# Bucket notifications are managed as a single resource by AWS. 
+# Bucket notifications are managed as a single resource by AWS.
 # If an organizational change is made from cms cloud, our notifications will be overwritten, and if we
 # make a change, we overwrite their settings, so this became a last resort
 # This local-exec requires aws cli on the local machine
@@ -80,4 +80,4 @@ resource "aws_s3_bucket_notification" "panther_bucket_notifications" {
     topic_arn = aws_sns_topic.panther_topic.arn
     events    = ["s3:ObjectCreated:*"]
   }
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/sns.tf b/sdl_logs/sns.tf
index ab86ba4..604b882 100644
--- a/sdl_logs/sns.tf
+++ b/sdl_logs/sns.tf
@@ -106,4 +106,4 @@ resource "aws_sns_topic_subscription" "panther" {
   topic_arn = aws_sns_topic.panther_topic.arn
   protocol  = "sqs"
   endpoint  = "arn:aws:sqs:us-east-1:${var.panther_aws_account_id}:panther-input-data-notifications-queue"
-}
\ No newline at end of file
+}
diff --git a/security-alerts/cloudwatch.tf b/security-alerts/cloudwatch.tf
index 570fc60..fe53d83 100644
--- a/security-alerts/cloudwatch.tf
+++ b/security-alerts/cloudwatch.tf
@@ -41,4 +41,4 @@ resource "aws_cloudwatch_metric_alarm" "sechub_statemachine_alarm" {
   dimensions = {
     StateMachineArn = aws_sfn_state_machine.sechub_state_machine.arn
   }
-}
\ No newline at end of file
+}
diff --git a/security-alerts/code/sechub_transform.py b/security-alerts/code/sechub_transform.py
index a966258..794ac3d 100644
--- a/security-alerts/code/sechub_transform.py
+++ b/security-alerts/code/sechub_transform.py
@@ -1,7 +1,7 @@
 import os
 
 def handler(event, context):
-    
+
     account_name = os.environ.get("ACCOUNT_NAME")
     try:
         event['detail']['findings'][0]['AwsAccountId'] = account_name
@@ -9,4 +9,4 @@ def handler(event, context):
         print('Error encountered during parsing of event for AwsAccountId')
         print(e)
         return event
-    return event
\ No newline at end of file
+    return event
diff --git a/security-alerts/data.tf b/security-alerts/data.tf
index b4c27da..2502393 100644
--- a/security-alerts/data.tf
+++ b/security-alerts/data.tf
@@ -1 +1 @@
-data "aws_region" "current" {}
\ No newline at end of file
+data "aws_region" "current" {}
diff --git a/security-alerts/events.tf b/security-alerts/events.tf
index 3ec5140..627b011 100644
--- a/security-alerts/events.tf
+++ b/security-alerts/events.tf
@@ -65,4 +65,4 @@ resource "aws_cloudwatch_event_target" "target" {
 #   target_id = aws_cloudwatch_event_rule.nessus.name
 #   arn       = aws_sfn_state_machine.sechub_state_machine.arn
 #   role_arn  = aws_iam_role.sfn_target_role.arn
-# }
\ No newline at end of file
+# }
diff --git a/security-alerts/iam.tf b/security-alerts/iam.tf
index ea49c5a..909b974 100644
--- a/security-alerts/iam.tf
+++ b/security-alerts/iam.tf
@@ -206,4 +206,4 @@ resource "aws_iam_policy" "sfn_target_policy" {
   description = "Allows Eventbridge Rules to invoke the SecHub findings state machine"
 
   policy = data.aws_iam_policy_document.sfn_target_policy.json
-}
\ No newline at end of file
+}
diff --git a/security-alerts/lambda.tf b/security-alerts/lambda.tf
index c7c2ce1..99a808d 100644
--- a/security-alerts/lambda.tf
+++ b/security-alerts/lambda.tf
@@ -62,4 +62,4 @@ resource "aws_lambda_function" "transform-lambda" {
       ACCOUNT_NAME = var.account_name
     }
   }
-}
\ No newline at end of file
+}
diff --git a/security-alerts/step_function.tf b/security-alerts/step_function.tf
index b589f7b..36eda6f 100644
--- a/security-alerts/step_function.tf
+++ b/security-alerts/step_function.tf
@@ -74,4 +74,4 @@ resource "aws_sfn_state_machine" "sechub_state_machine" {
       }
     }
   })
-}
\ No newline at end of file
+}
diff --git a/security-alerts/variables.tf b/security-alerts/variables.tf
index 3242603..fa3acbf 100644
--- a/security-alerts/variables.tf
+++ b/security-alerts/variables.tf
@@ -30,4 +30,4 @@ variable "account_name" {
 variable "slack_channel_id" {
   type    = string
   default = "C036GQ3E9D1"
-}
\ No newline at end of file
+}