AWS prescriptive-guidance documentation change
Summary
Updated author attribution and replaced curly quotes with straight quotes in stage names and code references throughout the document.
Security assessment
The changes are formatting and syntax corrections (curly to straight quotes) with no indication of addressing security vulnerabilities. The validation stage's mention of security tools (tfsec, checkov) was already present and not altered in functionality.
Diff
diff --git a/prescriptive-guidance/latest/patterns/create-a-ci-cd-pipeline-to-validate-terraform-configurations-by-using-aws-codepipeline.md b/prescriptive-guidance/latest/patterns/create-a-ci-cd-pipeline-to-validate-terraform-configurations-by-using-aws-codepipeline.md index 2b22d9eed..48c114fa2 100644 --- a//prescriptive-guidance/latest/patterns/create-a-ci-cd-pipeline-to-validate-terraform-configurations-by-using-aws-codepipeline.md +++ b//prescriptive-guidance/latest/patterns/create-a-ci-cd-pipeline-to-validate-terraform-configurations-by-using-aws-codepipeline.md @@ -9 +9 @@ SummaryPrerequisites and limitationsArchitectureToolsEpicsTroubleshootingRelated - _Created by Aromal Raj Jayarajan (AWS) and Vijesh Vijayakumaran Nair (AWS)_ + _Aromal Raj Jayarajan and Vijesh Vijayakumaran Nair, Amazon Web Services_ @@ -19 +19 @@ Terraform is a command-line interface application that helps you use code to pro - 1. `“checkout”` pulls the Terraform configuration that you’re testing from an AWS CodeCommit repository. + 1. `"checkout"` pulls the Terraform configuration that you’re testing from an AWS CodeCommit repository. @@ -21 +21 @@ Terraform is a command-line interface application that helps you use code to pro - 2. `“validate”` runs infrastructure as code (IaC) validation tools, including [tfsec](https://github.com/aquasecurity/tfsec), [TFLint](https://github.com/terraform-linters/tflint), and [checkov](https://www.checkov.io/). The stage also runs the following Terraform IaC validation commands: `terraform validate` and `terraform fmt`. + 2. `"validate"` runs infrastructure as code (IaC) validation tools, including [tfsec](https://github.com/aquasecurity/tfsec), [TFLint](https://github.com/terraform-linters/tflint), and [checkov](https://www.checkov.io/). The stage also runs the following Terraform IaC validation commands: `terraform validate` and `terraform fmt`. @@ -23 +23 @@ Terraform is a command-line interface application that helps you use code to pro - 3. `“plan”` shows what changes will be applied to the infrastructure if the Terraform configuration is applied. + 3. `"plan"` shows what changes will be applied to the infrastructure if the Terraform configuration is applied. @@ -25 +25 @@ Terraform is a command-line interface application that helps you use code to pro - 4. `“apply”` uses the generated plan to provision the required infrastructure in a test environment. + 4. `"apply"` uses the generated plan to provision the required infrastructure in a test environment. @@ -27 +27 @@ Terraform is a command-line interface application that helps you use code to pro - 5. `“destroy”` removes the test infrastructure that was created during the `“apply”` stage. + 5. `"destroy"` removes the test infrastructure that was created during the `"apply"` stage. @@ -98 +98 @@ The diagram shows the following workflow: - 3. CodePipeline runs the `“checkout”` pipeline stage to pull the Terraform configuration from an AWS CodeCommit repository for testing. + 3. CodePipeline runs the `"checkout"` pipeline stage to pull the Terraform configuration from an AWS CodeCommit repository for testing. @@ -100 +100 @@ The diagram shows the following workflow: - 4. CodePipeline runs the `“validate”` stage to test the Terraform configuration by running IaC validation tools and running Terraform IaC validation commands in a CodeBuild project. + 4. CodePipeline runs the `"validate"` stage to test the Terraform configuration by running IaC validation tools and running Terraform IaC validation commands in a CodeBuild project. @@ -102 +102 @@ The diagram shows the following workflow: - 5. CodePipeline runs the `“plan”` stage to create a plan in the CodeBuild project based on the Terraform configuration. The AWS user can review this plan before the changes are applied to the test environment. + 5. CodePipeline runs the `"plan"` stage to create a plan in the CodeBuild project based on the Terraform configuration. The AWS user can review this plan before the changes are applied to the test environment. @@ -104 +104 @@ The diagram shows the following workflow: - 6. Code Pipeline runs the `“apply”` stage to implement the plan by using the CodeBuild project to provision the required infrastructure in the test environment. + 6. Code Pipeline runs the `"apply"` stage to implement the plan by using the CodeBuild project to provision the required infrastructure in the test environment. @@ -106 +106 @@ The diagram shows the following workflow: - 7. CodePipeline runs the `“destroy”` stage, which uses CodeBuild to remove the test infrastructure that was created during the `“apply”` stage. + 7. CodePipeline runs the `"destroy"` stage, which uses CodeBuild to remove the test infrastructure that was created during the `"apply"` stage. @@ -251 +251 @@ Verify the report output.| -The `<project_name>-validate` CodeBuild project generates vulnerability reports for your code during the `“validate”` stage.| DevOps engineer +The `<project_name>-validate` CodeBuild project generates vulnerability reports for your code during the `"validate"` stage.| DevOps engineer @@ -266 +266 @@ Issue| Solution -You receive an **AccessDenied** error during the `“apply”` stage.| +You receive an **AccessDenied** error during the `"apply"` stage.| @@ -268 +268 @@ You receive an **AccessDenied** error during the `“apply”` stage.| - 1. Review the execution logs of the CodeBuild project associated with the `“apply”` stage to identify any missing IAM permissions. For more information, see [View build details in AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/view-build-details.html) in the _AWS CodeBuild User Guide_. + 1. Review the execution logs of the CodeBuild project associated with the `"apply"` stage to identify any missing IAM permissions. For more information, see [View build details in AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/view-build-details.html) in the _AWS CodeBuild User Guide_. @@ -318 +318 @@ The following is a list of build specification (buildspec) files that this patte - * `buildspec_validate.yml` runs the `“validate”` stage. + * `buildspec_validate.yml` runs the `"validate"` stage. @@ -320 +320 @@ The following is a list of build specification (buildspec) files that this patte - * `buildspec_plan.yml` runs the `“plan”` stage. + * `buildspec_plan.yml` runs the `"plan"` stage. @@ -322 +322 @@ The following is a list of build specification (buildspec) files that this patte - * `buildspec_apply.yml` runs the `“apply”` stage. + * `buildspec_apply.yml` runs the `"apply"` stage. @@ -324 +324 @@ The following is a list of build specification (buildspec) files that this patte - * `buildspec_destroy.yml` runs the `“destroy”` stage. + * `buildspec_destroy.yml` runs the `"destroy"` stage.