Prerequisites

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Context

I have a question about timestamp in name for remeditation tasks.
In what cases they would not be created? I can't understand it.
Now on every apply all remeditation tasks are always recreated.

Hi @pmalczuk,

This is by design to ensure continuous on-demand compliance; for example if you wished to schedule this through a pipeline to run daily remediation.

Setting skip_remediation=true will prevent the task creation. You can also add this as a global variable to be accepted at runtime -var "skip_remediation=true".

Hope this helps

Hi @gettek
Thanks for explanation. I think it should help in my pipeline.
I checked that the variable skip_remediation is only defined in module set_assignment but not used there. Maybe you missed it in this module?

Hi @pmalczuk,
Yes you're correct, I noticed it was missing also a few days ago and was wrongly removed in version 2.2.0 but will create a fix for the upcoming release in a few days.

@pmalczuk can you try with working branch 2.6.0 and let me know?

I just ran into this as well (skip_remediation not implemented). Will try the 2.6.0 version....

so it seems to work, although when NOT skipping remediation tasks, I think it's creating them for policies that don't have DINE/modify effects. For example, in my initiative I have a policy with a deny effect, and a remediation task is being created for it.

thanks @timwebster9 have added that fix to 2.6.0 now

@gettek I updated set_assignment/variables.tf with your latest changes, and it still creates remediation tasks for 'deny' policies...

Apologies, I will devote some time to this over the coming days, planning to also implement a parameter to change remediation_scope