[chore] Update dependencies

.github/workflows/secure_workflows.yml

@@ -32,4 +32,4 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       - name: Ensure 3rd party workflows have SHA pinned
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40ba2d51b6b6d8695f2b6bd74e785172d4f8d00f # v3.0.14
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ed00f72a3ca5b6eff8ad4d3ffdcacedb67a21db1 # v3.0.15

api/requirements-dev.txt

@@ -1,3 +1,3 @@
 black==24.10.0
 aws-lambda-powertools[all,aws-sdk]==3.1.0
-boto3-stubs[dynamodb,kms]==1.35.41
+boto3-stubs[dynamodb,kms]==1.35.44

canary/requirements-dev.txt

@@ -1,3 +1,3 @@
 black==24.10.0
 aws-lambda-powertools[all,aws-sdk]==3.1.0
-boto3-stubs[dynamodb,kms]==1.35.41
+boto3-stubs[dynamodb,kms]==1.35.44

ci_template.yml

@@ -220,7 +220,7 @@ Resources:
               SSEAlgorithm: "aws:kms"
       LifecycleConfiguration:
         Rules:
-          - ExpirationInDays: 3
+          - ExpirationInDays: 30
             Id: RetentionRule
             Status: Enabled
       ObjectLockEnabled: false

docs/architecture.drawio

@@ -1,4 +1,4 @@
-<mxfile host="Electron" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/24.7.8 Chrome/128.0.6613.36 Electron/32.0.1 Safari/537.36" version="24.7.8" pages="3">
+<mxfile host="Electron" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/24.7.17 Chrome/128.0.6613.36 Electron/32.0.1 Safari/537.36" version="24.7.17" pages="3">
   <diagram name="Architecture" id="E42G6QC6KwTKVLPO9dri">
     <mxGraphModel dx="954" dy="615" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1100" pageHeight="850" math="0" shadow="0">
       <root>
@@ -57,7 +57,7 @@
           </mxGeometry>
         </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-11" value="VPC Endpoint&lt;div&gt;KMS&lt;/div&gt;" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.endpoints;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-2" vertex="1">
-          <mxGeometry x="220" y="280" width="40" height="40" as="geometry" />
+          <mxGeometry x="259" y="280" width="40" height="40" as="geometry" />
         </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-10" value="VPC Endpoint&lt;div&gt;DynamoDB&lt;/div&gt;" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.endpoints;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-2" vertex="1">
           <mxGeometry x="80.5" y="280" width="39" height="39" as="geometry" />
@@ -89,10 +89,7 @@
           </mxGeometry>
         </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-16" value="VPC Endpoint&lt;div&gt;S3&lt;/div&gt;" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.endpoints;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-2" vertex="1">
-          <mxGeometry x="360" y="280" width="40" height="40" as="geometry" />
-        </mxCell>
-        <mxCell id="s8pf-N_aXUalvBTkA1gd-17" value="VPC Endpoint&lt;div&gt;IAM (us-east-1 only)&lt;/div&gt;" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#8C4FFF;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.endpoints;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-2" vertex="1">
-          <mxGeometry x="500" y="279" width="40" height="40" as="geometry" />
+          <mxGeometry x="435" y="279" width="40" height="40" as="geometry" />
         </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-18" value="" style="rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="moWvoZEPMx79c-ki6pcE-2" source="moWvoZEPMx79c-ki6pcE-10" target="s8pf-N_aXUalvBTkA1gd-16" edge="1">
           <mxGeometry relative="1" as="geometry">
@@ -105,17 +102,6 @@
             <mxPoint x="-7" y="13" as="offset" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="s8pf-N_aXUalvBTkA1gd-21" value="" style="rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="moWvoZEPMx79c-ki6pcE-2" source="moWvoZEPMx79c-ki6pcE-10" target="s8pf-N_aXUalvBTkA1gd-17" edge="1">
-          <mxGeometry relative="1" as="geometry">
-            <mxPoint x="250" y="302" as="targetPoint" />
-            <mxPoint x="361" y="200" as="sourcePoint" />
-          </mxGeometry>
-        </mxCell>
-        <mxCell id="s8pf-N_aXUalvBTkA1gd-22" value="iam:GetRole" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontFamily=Amazon Ember;" parent="s8pf-N_aXUalvBTkA1gd-21" vertex="1" connectable="0">
-          <mxGeometry x="0.2241" relative="1" as="geometry">
-            <mxPoint x="6" y="14" as="offset" />
-          </mxGeometry>
-        </mxCell>
         <mxCell id="moWvoZEPMx79c-ki6pcE-16" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="moWvoZEPMx79c-ki6pcE-6" source="moWvoZEPMx79c-ki6pcE-5" target="moWvoZEPMx79c-ki6pcE-15" edge="1">
           <mxGeometry relative="1" as="geometry" />
         </mxCell>
@@ -128,7 +114,7 @@
           <mxGeometry x="35" y="158.5" width="58" height="58" as="geometry" />
         </mxCell>
         <mxCell id="moWvoZEPMx79c-ki6pcE-7" value="AWS KMS" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.key_management_service;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-6" vertex="1">
-          <mxGeometry x="348" y="429.5" width="44" height="44" as="geometry" />
+          <mxGeometry x="387" y="429.5" width="44" height="44" as="geometry" />
         </mxCell>
         <mxCell id="moWvoZEPMx79c-ki6pcE-8" value="Amazon DynamoDB" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#C925D1;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.dynamodb;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-6" vertex="1">
           <mxGeometry x="208.5" y="430" width="43" height="43" as="geometry" />
@@ -140,22 +126,14 @@
           <mxGeometry relative="1" as="geometry" />
         </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-14" value="Amazon S3" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#7AA116;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.s3;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-6" vertex="1">
-          <mxGeometry x="486" y="427.5" width="48" height="48" as="geometry" />
+          <mxGeometry x="561" y="427.5" width="48" height="48" as="geometry" />
         </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-23" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="moWvoZEPMx79c-ki6pcE-6" source="s8pf-N_aXUalvBTkA1gd-16" target="s8pf-N_aXUalvBTkA1gd-14" edge="1">
           <mxGeometry relative="1" as="geometry" />
         </mxCell>
-        <mxCell id="s8pf-N_aXUalvBTkA1gd-24" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="moWvoZEPMx79c-ki6pcE-6" source="s8pf-N_aXUalvBTkA1gd-17" target="0SNBOY_yQhhwCrRUdBA--1" edge="1">
-          <mxGeometry relative="1" as="geometry">
-            <mxPoint x="650" y="427.5" as="targetPoint" />
-          </mxGeometry>
-        </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-25" value="AWS Certificate Manager" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.certificate_manager_3;fontFamily=Amazon Ember;" parent="moWvoZEPMx79c-ki6pcE-6" vertex="1">
           <mxGeometry x="60" y="427.5" width="48" height="48" as="geometry" />
         </mxCell>
-        <mxCell id="0SNBOY_yQhhwCrRUdBA--1" value="AWS IAM" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.identity_and_access_management;fontFamily=Amazon Ember;" vertex="1" parent="moWvoZEPMx79c-ki6pcE-6">
-          <mxGeometry x="626" y="427.5" width="48" height="48" as="geometry" />
-        </mxCell>
         <mxCell id="s8pf-N_aXUalvBTkA1gd-5" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="s8pf-N_aXUalvBTkA1gd-4" target="moWvoZEPMx79c-ki6pcE-5" edge="1">
           <mxGeometry relative="1" as="geometry" />
         </mxCell>

enclave/Cargo.toml

@@ -13,15 +13,15 @@ name = "enclave-vault"
 path = "src/main.rs"
 
 [dependencies]
-anyhow = "1.0.89"
+anyhow = "1.0.90"
 aws-lc-rs = "1.10.0"
 base64 = "0.22.1"
 byteorder = "1.5.0"
 cel-interpreter = "0.7.1"
 chrono = { version = "0.4.38", default-features = false, features = ["std", "clock"] }
 hex = "0.4.3"
 serde = { version = "1.0.210", features = ["derive"] }
-serde_json = "1.0.128"
+serde_json = "1.0.132"
 rustls = { version = "0.23.15", default-features = false, features = ["aws_lc_rs"] }
 vsock = "0.5.1"
 zeroize = { version = "1.8.1", features = ["zeroize_derive"] }

parent/Cargo.toml

@@ -14,15 +14,15 @@ name = "parent-vault"
 path = "src/main.rs"
 
 [dependencies]
-anyhow = "1.0.89"
+anyhow = "1.0.90"
 aws-config = { version = "1.5.8", default-features = false, features = ["rustls", "rt-tokio", "behavior-version-latest"] }
 aws-credential-types = "1.2.1"
 axum = { version = "0.7.7", default-features = false, features = ["http1", "json", "tokio", "tracing"] }
 byteorder = "1.5.0"
 clap = { version = "4.5.20", features = ["derive", "env"] }
 rand = "0.8.5"
 serde = { version = "1.0.210", features = ["derive"] }
-serde_json = "1.0.128"
+serde_json = "1.0.132"
 thiserror = "1.0.64"
 tokio = { version = "1.40.0", features = ["rt-multi-thread", "process", "tracing"] }
 tracing = { version = "0.1.40", features = ["log"] }

vpc_template.yml

@@ -144,39 +144,31 @@ Resources:
       VpcId: !Ref rVpc
       Tags:
         - Key: Name
-          Value: !Sub
-            - "${pResourcePrefix}-rtb-private1-${AvailabilityZone}"
-            - AvailabilityZone: !Select [0, !GetAZs ""]
+          Value: !Sub "${pResourcePrefix}-rtb-private1-${rPrivateSubnet1.AvailabilityZone}"
 
   rPrivateRouteTable2:
     Type: "AWS::EC2::RouteTable"
     Properties:
       VpcId: !Ref rVpc
       Tags:
         - Key: Name
-          Value: !Sub
-            - "${pResourcePrefix}-rtb-private2-${AvailabilityZone}"
-            - AvailabilityZone: !Select [1, !GetAZs ""]
+          Value: !Sub "${pResourcePrefix}-rtb-private2-${rPrivateSubnet2.AvailabilityZone}"
 
   rPrivateRouteTable3:
     Type: "AWS::EC2::RouteTable"
     Properties:
       VpcId: !Ref rVpc
       Tags:
         - Key: Name
-          Value: !Sub
-            - "${pResourcePrefix}-rtb-private3-${AvailabilityZone}"
-            - AvailabilityZone: !Select [0, !GetAZs ""]
+          Value: !Sub "${pResourcePrefix}-rtb-private3-${rPrivateSubnet3.AvailabilityZone}"
 
   rPrivateRouteTable4:
     Type: "AWS::EC2::RouteTable"
     Properties:
       VpcId: !Ref rVpc
       Tags:
         - Key: Name
-          Value: !Sub
-            - "${pResourcePrefix}-rtb-private4-${AvailabilityZone}"
-            - AvailabilityZone: !Select [1, !GetAZs ""]
+          Value: !Sub "${pResourcePrefix}-rtb-private4-${rPrivateSubnet4.AvailabilityZone}"
 
   rPrivateRouteTableAssociation1:
     Type: "AWS::EC2::SubnetRouteTableAssociation"