infrastructure-as-code

Describe the solution you'd like
It would be nice to have a way to control whether a VM starts on boot or not. Maybe a new autostart option to salt.states.virt.running and/or salt.states.virt.defined? Or maybe a new function?

Describe alternatives you've considered
I'll probably use salt.modules.virt.set_autostart for now.

AlmaLinux should be detected as RHEL/CentOS. Trivy should be able to detect RHEL/CentOS vulnerabilities

https://almalinux.org/

It would be useful to have a way to list all fargate profiles associated with a fargate cluster. Currently there isn't a way to access the default profile created by the FargateCluster construct.

Use Case

My specific case is to allow new FargateCluster to create a default fargate profile, then fetch the pod execution role from that profile and reuse it later when adding further

For most of my resources, most of the cost components have 0 usage. (Example: S3 bucket using standard storage, no Glacier, no infrequent/frequent access, etc).

When I have known 0 usage, I put a 0 in the YAML file; however, the Infracost output still displays these items with a cost of $0. It would be nice to skip these items (which have a quantity of 0) because they do not contribute at all t

Uploading the SARIF formatted output to the GH repo fails. It does not appear to be valid SARIF according to the parser. Using the github/codeql-action/upload-sarif@v1 produces an error message with invalid data.

To Reproduce
Steps to reproduce the behavior:

1. Create a GH Action with the following steps to run the checkov scan and generate a checkov.sarif results file:

- name

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Description

a) user have a preexisting working .driftignore
b) user updates the .driftignore by appending new content to it
c) fa

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).