Feat/#55 Inspector 스캔을 통한 취약점 검사

[yunhoch0i]

#️⃣ Related Issues

#55

📝 Work Summary

AMI로 만들어진 서버의 runtime 환경의 보안 문제를 해결하기 위해 Inspector 스캔을 통해 로그 수집
수집된 로그를 통해 취약점이 발견된 경우 최신 보안 패치가 적용된 AMI를 빌드하여 후속 조치가 이루어질 수 있도록 파이프라인 구축

EC2 서버를 스캔하여 취약점이 감지되면 EventBridge를 통해 Lambda가 slack에 취약점 경고를 보내 담당자가 조치할 수 있는 환경 구성

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-24 04:48:20 UTC

---

Plan Output

Planning failed. Terraform encountered an error while generating this plan.

[github-actions]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-24 04:49:49 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-24 04:51:29 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-24 04:51:29 UTC

---

Plan Output

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-24 04:51:28 UTC

---

Plan Output

Planning failed. Terraform encountered an error while generating this plan.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-24 04:51:28 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-24 05:39:23 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-24 05:39:26 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-24 05:39:59 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-24 05:40:00 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-24 05:39:59 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-24 05:39:57 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-24 05:40:02 UTC

---

Plan Output

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-25 00:15:29 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-25 00:15:30 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-25 00:15:33 UTC

---

Plan Output

Plan failed

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-25 00:15:29 UTC

---

Plan Output

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-25 00:15:29 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 00:27:59 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: No value for required variable

  on variables.tf line 1:
   1: variable "operation_account_id" {

The root module input variable "operation_account_id" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-29 00:27:58 UTC

---

Plan Output

(no changes or output empty)

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-29 00:27:59 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-29 00:27:58 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.inspector_slack_notification will be updated in-place
  ~ resource "aws_lambda_function" "inspector_slack_notification" {
        id                             = "inspector_slack_notification"
      ~ last_modified                  = "2025-07-24T04:35:03.737+0000" -> (known after apply)
      ~ source_code_hash               = "BnYLp/FUDSn+4mXnIsz47/0aAZJFUTrZ2sf78C8ZMGQ=" -> "lRkEeeeQpB3tLzGrcC29C3YGm8Ye2rs4jXjCOVjP3PE="
        tags                           = {}
        # (21 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              # Warning: this attribute value will be marked as sensitive and will not
              # display in UI output after applying this change.
              ~ "SLACK_WEBHOOK_URL" = (sensitive value)
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-29 00:40:41 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.inspector_slack_notification will be updated in-place
  ~ resource "aws_lambda_function" "inspector_slack_notification" {
        id                             = "inspector_slack_notification"
      ~ last_modified                  = "2025-07-24T04:35:03.737+0000" -> (known after apply)
      ~ source_code_hash               = "BnYLp/FUDSn+4mXnIsz47/0aAZJFUTrZ2sf78C8ZMGQ=" -> "lRkEeeeQpB3tLzGrcC29C3YGm8Ye2rs4jXjCOVjP3PE="
        tags                           = {}
        # (21 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              # Warning: this attribute value will be marked as sensitive and will not
              # display in UI output after applying this change.
              ~ "SLACK_WEBHOOK_URL" = (sensitive value)
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 00:40:43 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.this will be created
  + resource "aws_inspector2_delegated_admin_account" "this" {
      + account_id          = "433331841346"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-29 00:40:51 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-29 00:42:48 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: reading AWS Inspector Enabler (502676416967-EC2): operation error Inspector2: BatchGetAccountStatus, https response error StatusCode: 403, RequestID: 6ae6f72f-e1b4-40dd-921d-0b997074d629, AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: inspector2:BatchGetAccountStatus on resource: arn:aws:inspector2:ap-northeast-2:502676416967:/status/batch/get

  with aws_inspector2_enabler.this,
  on main.tf line 26, in resource "aws_inspector2_enabler" "this":
  26: resource "aws_inspector2_enabler" "this" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 00:42:43 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.this will be created
  + resource "aws_inspector2_delegated_admin_account" "this" {
      + account_id          = "433331841346"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-29 00:42:46 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.inspector_slack_notification will be updated in-place
  ~ resource "aws_lambda_function" "inspector_slack_notification" {
        id                             = "inspector_slack_notification"
      ~ last_modified                  = "2025-07-24T04:35:03.737+0000" -> (known after apply)
      ~ source_code_hash               = "BnYLp/FUDSn+4mXnIsz47/0aAZJFUTrZ2sf78C8ZMGQ=" -> "lRkEeeeQpB3tLzGrcC29C3YGm8Ye2rs4jXjCOVjP3PE="
        tags                           = {}
        # (21 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              # Warning: this attribute value will be marked as sensitive and will not
              # display in UI output after applying this change.
              ~ "SLACK_WEBHOOK_URL" = (sensitive value)
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-29 00:42:47 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-29 00:42:48 UTC

---

Plan Output

(no changes or output empty)

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-29 00:45:07 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: reading AWS Inspector Enabler (502676416967-EC2): operation error Inspector2: BatchGetAccountStatus, https response error StatusCode: 403, RequestID: 8eabc495-314e-4731-8f70-2e4f2ad43d06, AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: inspector2:BatchGetAccountStatus on resource: arn:aws:inspector2:ap-northeast-2:502676416967:/status/batch/get

  with aws_inspector2_enabler.this,
  on main.tf line 26, in resource "aws_inspector2_enabler" "this":
  26: resource "aws_inspector2_enabler" "this" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 00:45:06 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.this will be created
  + resource "aws_inspector2_delegated_admin_account" "this" {
      + account_id          = "433331841346"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-29 00:47:46 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: reading AWS Inspector Enabler (502676416967-EC2): operation error Inspector2: BatchGetAccountStatus, https response error StatusCode: 403, RequestID: 660b024b-48e3-46bc-a02e-b64a3a76368e, AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: inspector2:BatchGetAccountStatus on resource: arn:aws:inspector2:ap-northeast-2:502676416967:/status/batch/get

  with aws_inspector2_enabler.this,
  on main.tf line 26, in resource "aws_inspector2_enabler" "this":
  26: resource "aws_inspector2_enabler" "this" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-29 02:00:52 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: No value for required variable

  on variables.tf line 1:
   1: variable "prod_account_id" {

The root module input variable "prod_account_id" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 02:00:51 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.this will be created
  + resource "aws_inspector2_delegated_admin_account" "this" {
      + account_id          = "433331841346"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-29 02:00:52 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-29 02:01:02 UTC

---

Plan Output

(no changes or output empty)

Plan Error (if any)

(no errors)

[yunhoch0i]

충돌로 인한 PR 재오픈