DS-4278 Terraform vulnerabilities fix and version upgrade (#1126)

# Task Branch Pull Request

**<https://nhsd-jira.digital.nhs.uk/browse/DS-4278>**

## Description of Changes

Terraform vulnerability fix and version upgrade 

## Type of change

Delete not appropriate

- Bug fix (Terraform vulnerability fix and version upgrade)

## Development Checklist

- [x] I have performed a self-review of my own code
- [x] Tests have added that prove my fix is effective or that my feature
works (Integration tests)
- [x] I have updated Dependabot to include my changes (if applicable)

## Code Reviewer Checklist

- [x] I can confirm the changes have been tested or approved by a tester

Author: ajmu1

README.md

@@ -192,7 +192,7 @@ To run ruff on you branch:
 
 List all the type of test suites included and provide instructions how to execute them
 
-- Unit Testing
+- Unit
 - Integration
 - Performance
 

build/automation/lib/terraform.mk

@@ -4,7 +4,7 @@ TERRAFORM_STATE_STORE = $(or $(TEXAS_TERRAFORM_STATE_STORE), state-store-$(AWS_A
 TERRAFORM_STATE_LOCK = $(or $(TEXAS_TERRAFORM_STATE_LOCK), state-lock-$(AWS_ACCOUNT_NAME))
 TERRAFORM_STATE_KEY = $(PROJECT_GROUP_SHORT)-$(PROJECT_NAME_SHORT)/$(ENVIRONMENT)
 TERRAFORM_STATE_KEY_SHARED = texas
-TERRAFORM_VERSION = $(or $(TEXAS_TERRAFORM_VERSION), 1.2.1)
+TERRAFORM_VERSION = $(or $(TEXAS_TERRAFORM_VERSION), 1.13.0)
 
 # ==============================================================================
 

infrastructure/modules/s3/main.tf

@@ -8,7 +8,7 @@
 #tfsec:ignore:aws-s3-specify-public-access-block
 module "s3_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "3.15.1"
+  version = "5.7.0"
   bucket  = var.name
   acl     = var.acl
 

infrastructure/stacks/api-key/.terraform.lock.hcl

@@ -5,9 +5,9 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.68.0"
+      version = "~> 6.14.1"
     }
-    template = {
+    random = {
       source  = "hashicorp/random"
       version = "~> 3.3.0"
     }

infrastructure/stacks/api-key/terraform.tf

@@ -1,6 +1,6 @@
 module "change_event_dlq_handler_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.change_event_dlq_handler_lambda
   description   = "Change Event DLQ Handler lambda"
@@ -40,7 +40,7 @@ module "change_event_dlq_handler_lambda" {
 
 module "dos_db_handler_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.dos_db_handler_lambda
   description   = "DoS DB Handler lambda"
@@ -94,7 +94,7 @@ module "dos_db_handler_lambda" {
 
 module "dos_db_update_dlq_handler_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.dos_db_update_dlq_handler_lambda
   description   = "DoS DB Update DLQ Handler lambda"
@@ -133,7 +133,7 @@ module "dos_db_update_dlq_handler_lambda" {
 
 module "event_replay_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.event_replay_lambda
   description   = "Event Replay lambda"
@@ -175,7 +175,7 @@ module "event_replay_lambda" {
 
 module "ingest_change_event_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.ingest_change_event_lambda
   description   = "Ingest Change Event lambda"
@@ -216,7 +216,7 @@ module "ingest_change_event_lambda" {
 
 module "send_email_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.send_email_lambda
   description   = "Send Email lambda"
@@ -258,7 +258,7 @@ module "send_email_lambda" {
 
 module "service_matcher_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.service_matcher_lambda
   description   = "Service Matcher lambda"
@@ -311,7 +311,7 @@ module "service_matcher_lambda" {
 
 module "service_sync_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.service_sync_lambda
   description   = "Service Sync lambda"
@@ -371,7 +371,7 @@ module "service_sync_lambda" {
 
 module "slack_messenger_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.slack_messenger_lambda
   description   = "Slack Messenger lambda"
@@ -412,7 +412,7 @@ module "slack_messenger_lambda" {
 
 module "quality_checker_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "v6.4.0"
+  version = "v8.1.0"
 
   function_name = var.quality_checker_lambda
   description   = "Quality Checker lambda"

infrastructure/stacks/application/.terraform.lock.hcl

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.68.0"
+      version = "~> 6.14.1"
     }
   }
 }

infrastructure/stacks/application/lambda.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.68.0"
+      version = "~> 6.14.1"
     }
   }
 }