Skip to content

feat: add portfolio-aws-org-guardduty #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
williambrady merged 1 commit into from
Feb 10, 2026
Merged

feat: add portfolio-aws-org-guardduty #15

williambrady merged 1 commit into from
Feb 10, 2026

Conversation

@williambrady
Copy link
Owner

@williambrady williambrady commented Feb 10, 2026

Add portfolio-aws-org-guardduty to managed repositories as GuardDuty functionality is being extracted into its own dedicated repo. Remove the guardduty topic from portfolio-aws-org-baseline and portfolio-aws-account-baseline accordingly.

feat: add portfolio-aws-org-guardduty and remove guardduty topic from…
44bcb59 
… baseline repos

Add portfolio-aws-org-guardduty to managed repositories as GuardDuty
functionality is being extracted into its own dedicated repo. Remove the
guardduty topic from portfolio-aws-org-baseline and
portfolio-aws-account-baseline accordingly.
@github-actions
Copy link

github-actions bot commented Feb 10, 2026

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 
github_repository.managed["portfolio"]: Refreshing state... [id=portfolio]
github_repository.managed["portfolio-aws-account-baseline"]: Refreshing state... [id=portfolio-aws-account-baseline]
github_repository.managed["portfolio-code-scanner"]: Refreshing state... [id=portfolio-code-scanner]
github_repository.managed["portfolio-github-management"]: Refreshing state... [id=portfolio-github-management]
github_repository.managed["portfolio-template-iac"]: Refreshing state... [id=portfolio-template-iac]
github_repository.managed["portfolio-aws-health"]: Refreshing state... [id=portfolio-aws-health]
github_repository.managed["portfolio-github-example"]: Refreshing state... [id=portfolio-github-example]
github_repository.managed["portfolio-aws-org-baseline"]: Refreshing state... [id=portfolio-aws-org-baseline]
github_repository_collaborator.managed["portfolio-code-scanner:ghaworkflow"]: Refreshing state... [id=portfolio-code-scanner:ghaworkflow]
github_repository_collaborator.managed["portfolio-aws-account-baseline:ghaworkflow"]: Refreshing state... [id=portfolio-aws-account-baseline:ghaworkflow]
github_repository_collaborator.managed["portfolio-aws-health:ghaworkflow"]: Refreshing state... [id=portfolio-aws-health:ghaworkflow]
github_repository_collaborator.managed["portfolio-template-iac:ghaworkflow"]: Refreshing state... [id=portfolio-template-iac:ghaworkflow]
github_repository_collaborator.managed["portfolio-github-management:ghaworkflow"]: Refreshing state... [id=portfolio-github-management:ghaworkflow]
github_repository_collaborator.managed["portfolio-aws-org-baseline:ghaworkflow"]: Refreshing state... [id=portfolio-aws-org-baseline:ghaworkflow]
github_repository_collaborator.managed["portfolio-github-example:ghaworkflow"]: Refreshing state... [id=portfolio-github-example:ghaworkflow]
github_repository_collaborator.managed["portfolio:ghaworkflow"]: Refreshing state... [id=portfolio:ghaworkflow]
github_branch_protection.main["portfolio-github-example"]: Refreshing state... [id=BPR_kwDOQ1CA-M4EQ_PX]
github_branch_protection.main["portfolio-aws-account-baseline"]: Refreshing state... [id=BPR_kwDORC4J384ETQI4]
github_branch_protection.main["portfolio-code-scanner"]: Refreshing state... [id=BPR_kwDOQj8lqc4EQ-vz]
github_branch_protection.main["portfolio-aws-health"]: Refreshing state... [id=BPR_kwDORCAGks4ETEzW]
github_branch_protection.main["portfolio-aws-org-baseline"]: Refreshing state... [id=BPR_kwDORC4Icc4ETQI3]
github_branch_protection.main["portfolio-github-management"]: Refreshing state... [id=BPR_kwDOQj9B584EQczj]
github_branch_protection.main["portfolio-template-iac"]: Refreshing state... [id=BPR_kwDOQ4f1HM4ERIMj]
github_branch_protection.main["portfolio"]: Refreshing state... [id=BPR_kwDOQ4gK2c4ERJDb]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # github_branch_protection.main["portfolio-aws-org-guardduty"] will be created
  + resource "github_branch_protection" "main" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = true
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = true
        }
    }

  # github_repository.managed["portfolio-aws-account-baseline"] will be updated in-place
  ~ resource "github_repository" "managed" {
        id                          = "portfolio-aws-account-baseline"
        name                        = "portfolio-aws-account-baseline"
      ~ topics                      = [
          - "guardduty",
            # (11 unchanged elements hidden)
        ]
        # (38 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # github_repository.managed["portfolio-aws-org-baseline"] will be updated in-place
  ~ resource "github_repository" "managed" {
        id                          = "portfolio-aws-org-baseline"
        name                        = "portfolio-aws-org-baseline"
      ~ topics                      = [
          - "guardduty",
            # (11 unchanged elements hidden)
        ]
        # (38 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # github_repository.managed["portfolio-aws-org-guardduty"] will be created
  + resource "github_repository" "managed" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + allow_update_branch         = true
      + archived                    = false
      + auto_init                   = true
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "AWS Organization GuardDuty configuration"
      + etag                        = (known after apply)
      + fork                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_discussions             = false
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = false
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "portfolio-aws-org-guardduty"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + source_owner                = (known after apply)
      + source_repo                 = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "aws",
          + "guardduty",
          + "iac",
          + "organization",
          + "portfolio",
          + "security",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis (known after apply)
    }

  # github_repository_collaborator.managed["portfolio-aws-org-guardduty:ghaworkflow"] will be created
  + resource "github_repository_collaborator" "managed" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "push"
      + permission_diff_suppression = false
      + repository                  = "portfolio-aws-org-guardduty"
      + username                    = "ghaworkflow"
    }

Plan: 3 to add, 2 to change, 0 to destroy.

Changes to Outputs:
  ~ repositories     = {
      + portfolio-aws-org-guardduty    = {
          + full_name = (known after apply)
          + html_url  = (known after apply)
          + http_url  = (known after apply)
          + id        = (known after apply)
          + node_id   = (known after apply)
          + ssh_url   = (known after apply)
        }
        # (8 unchanged attributes hidden)
    }
  ~ repository_names = [
        # (3 unchanged elements hidden)
        "portfolio-aws-org-baseline",
      + "portfolio-aws-org-guardduty",
        "portfolio-code-scanner",
        # (3 unchanged elements hidden)
    ]

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"

Pushed by: @williambrady, Action: pull_request

@augmentcode
Copy link

augmentcode bot commented Feb 10, 2026

🤖 Augment PR Summary

Summary: Adds portfolio-aws-org-guardduty to the managed repositories as GuardDuty configuration is split into a dedicated repo.

Changes: Updates repositories.yaml to include the new repo and removes the guardduty topic from the org/account baseline repos.

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode bot reviewed Feb 10, 2026
View reviewed changes
Copy link

@augmentcode augmentcode bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

@github-actions
Copy link

github-actions bot commented Feb 10, 2026

SDLC Code Scanner Security Scan ✅

Severity Count
Critical 0
High 0
Medium 6
Low 9
Total 15

Scanners: checkov, trivy, pylint

Top Findings

  1. 🟡 MEDIUM - Ensure GitHub repository is Private
    • Tool: checkov | Rule: CKV_GIT_1
    • Location: /terraform/main.tf:10
    • Resource: github_repository.managed
  2. 🟡 MEDIUM - GitHub pull requests should require at least 2 approvals
    • Tool: checkov | Rule: CKV_GIT_5
    • Location: /terraform/main.tf:70
    • Resource: github_branch_protection.main
  3. 🟡 MEDIUM - Ensure GitHub branch protection rules requires signed commits
    • Tool: checkov | Rule: CKV_GIT_6
    • Location: /terraform/main.tf:70
    • Resource: github_branch_protection.main
  4. 🟡 MEDIUM - unused-variable: Unused variable 'encryption'
    • Tool: pylint | Rule: W0612
    • Location: scripts/validate_aws.py:149
  5. 🟡 MEDIUM - broad-exception-caught: Catching too general exception Exception
    • Tool: pylint | Rule: W0718
    • Location: scripts/validate_aws.py:346

View the full report in the Actions artifacts

ghaworkflow
ghaworkflow approved these changes Feb 10, 2026
View reviewed changes
Copy link
Collaborator

@ghaworkflow ghaworkflow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks correct.

@williambrady williambrady merged commit 8a77856 into main Feb 10, 2026
5 checks passed
@williambrady williambrady deleted the feature/add-portfolio-aws-org-guardduty branch February 10, 2026 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ghaworkflow ghaworkflow ghaworkflow approved these changes

+1 more reviewer

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@williambrady @ghaworkflow