max/ai-sdlc-standards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ai-sdlc-standards/.demo/infra/main.tf

29 lines
753 B
Terraform
Raw Permalink Normal View History

Elevate requirements to organizational/architectural policy - Security: no IAM in service repos, no custom auth, no direct external calls - Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config - DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions - Cost: resource tagging, no unbounded allocation, no per-tenant infra - Updated checker and demo to match - These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
2026-03-07 07:41:27 +00:00
# SEC-001 VIOLATION: IAM resources in a service repo
resource "aws_iam_role" "service_role" {
name = "user-service-role"
assume_role_policy = data.aws_iam_policy_document.assume.json
}
resource "aws_iam_policy" "s3_access" {
name = "user-service-s3-access"
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Action = ["s3:GetObject", "s3:PutObject"]
Resource = "arn:aws:s3:::reltio-prod-data/*"
}]
})
}
# OPS-002 VIOLATION: Infrastructure provisioning in service repo
resource "aws_sqs_queue" "user_events" {
name = "user-events-queue"
}
resource "aws_dynamodb_table" "user_cache" {
name = "user-cache"
billing_mode = "PAY_PER_REQUEST"
hash_key = "userId"
}
Reference in New Issue Copy Permalink