refactor: convert Lambda code from S3 binary object to ECR container image #626
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
4 times, most recently
from
2fb6fc5
to
c97e650
Compare
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
from
a41d463
to
2ae4a56
Compare
craigzour
changed the base branch from
develop
to
feature/deploy-redis-and-postgresql-in-localstack
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
2 times, most recently
from
adbb88f
to
5d16129
Compare
craigzour
changed the base branch from
feature/deploy-redis-and-postgresql-in-localstack
to
develop
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
8 times, most recently
from
9c7d603
to
7fc48c8
Compare
craigzour
changed the base branch from
develop
to
feature/deploy-redis-and-postgresql-in-localstack
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
3 times, most recently
from
aae65ff
to
05ccd57
Compare
Base automatically changed from
feature/deploy-redis-and-postgresql-in-localstack
to
develop
April 9, 2024 18:51
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
from
05ccd57
to
726c7d1
Compare
craigzour
changed the title
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
from
726c7d1
to
74fd666
Compare
craigzour
changed the title
… that had their name changed
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
2 times, most recently
from
639bc87
to
5d881c0
Compare
craigzour
force-pushed
the
feature/containerized-lambda-function
branch
from
5d881c0
to
d20d66b
Compare
⚠ Terrform update availableTerraform: 1.8.2 (using 1.6.6)
Terragrunt: 0.58.1 (using 0.54.8) |
Staging: ecr✅ Terraform Init: Plan: 26 to add, 0 to change, 2 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_ecr_lifecycle_policy.form_viewer_policy must be replaced
-/+ resource "aws_ecr_lifecycle_policy" "form_viewer_policy" {
~ id = "form_viewer_staging" -> (known after apply)
~ policy = jsonencode(
~ {
~ rules = [
~ {
~ selection = {
- tagPrefixList = [
- "v",
]
~ tagStatus = "tagged" -> "any"
# (2 unchanged attributes hidden)
}
# (3 unchanged attributes hidden)
},
]
} # forces replacement
)
~ registry_id = "687401027353" -> (known after apply)
# (1 unchanged attribute hidden)
}
# aws_ecr_lifecycle_policy.lambda["audit-logs-archiver-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "audit-logs-archiver-lambda"
}
# aws_ecr_lifecycle_policy.lambda["audit-logs-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "audit-logs-lambda"
}
# aws_ecr_lifecycle_policy.lambda["cognito-email-sender-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "cognito-email-sender-lambda"
}
# aws_ecr_lifecycle_policy.lambda["cognito-pre-sign-up-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "cognito-pre-sign-up-lambda"
}
# aws_ecr_lifecycle_policy.lambda["form-archiver-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "form-archiver-lambda"
}
# aws_ecr_lifecycle_policy.lambda["nagware-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "nagware-lambda"
}
# aws_ecr_lifecycle_policy.lambda["notify-slack-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "notify-slack-lambda"
}
# aws_ecr_lifecycle_policy.lambda["reliability-dlq-consumer-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "reliability-dlq-consumer-lambda"
}
# aws_ecr_lifecycle_policy.lambda["reliability-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "reliability-lambda"
}
# aws_ecr_lifecycle_policy.lambda["response-archiver-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "response-archiver-lambda"
}
# aws_ecr_lifecycle_policy.lambda["submission-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "submission-lambda"
}
# aws_ecr_lifecycle_policy.lambda["vault-integrity-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "vault-integrity-lambda"
}
# aws_ecr_lifecycle_policy.load_test_policy[0] must be replaced
-/+ resource "aws_ecr_lifecycle_policy" "load_test_policy" {
~ id = "load_test" -> (known after apply)
~ policy = jsonencode(
~ {
~ rules = [
~ {
~ selection = {
- tagPrefixList = [
- "v",
]
~ tagStatus = "tagged" -> "any"
# (2 unchanged attributes hidden)
}
# (3 unchanged attributes hidden)
},
]
} # forces replacement
)
~ registry_id = "687401027353" -> (known after apply)
# (1 unchanged attribute hidden)
}
# aws_ecr_repository.lambda["audit-logs-archiver-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "audit-logs-archiver-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["audit-logs-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "audit-logs-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["cognito-email-sender-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "cognito-email-sender-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["cognito-pre-sign-up-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "cognito-pre-sign-up-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["form-archiver-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "form-archiver-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["nagware-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "nagware-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["notify-slack-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "notify-slack-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["reliability-dlq-consumer-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "reliability-dlq-consumer-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["reliability-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "reliability-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["response-archiver-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "response-archiver-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["submission-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "submission-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["vault-integrity-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "vault-integrity-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
Plan: 26 to add, 0 to change, 2 to destroy.
Changes to Outputs:
+ ecr_repository_url_audit_logs_archiver_lambda = (known after apply)
+ ecr_repository_url_audit_logs_lambda = (known after apply)
+ ecr_repository_url_cognito_email_sender_lambda = (known after apply)
+ ecr_repository_url_cognito_pre_sign_up_lambda = (known after apply)
+ ecr_repository_url_form_archiver_lambda = (known after apply)
+ ecr_repository_url_nagware_lambda = (known after apply)
+ ecr_repository_url_notify_slack_lambda = (known after apply)
+ ecr_repository_url_reliability_dlq_consumer_lambda = (known after apply)
+ ecr_repository_url_reliability_lambda = (known after apply)
+ ecr_repository_url_response_archiver_lambda = (known after apply)
+ ecr_repository_url_submission_lambda = (known after apply)
+ ecr_repository_url_vault_integrity_lambda = (known after apply)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"audit-logs-archiver-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"audit-logs-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"cognito-email-sender-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"cognito-pre-sign-up-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"form-archiver-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"nagware-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"notify-slack-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"reliability-dlq-consumer-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"reliability-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"response-archiver-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"submission-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"vault-integrity-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.load_test_repository[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.viewer_repository"]
33 tests, 19 passed, 14 warnings, 0 failures, 0 exceptions
|
Staging: s3✅ Terraform Init: Plan: 0 to add, 0 to change, 5 to destroyShow summary
Show planResource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_s3_bucket.lambda_code will be destroyed
# (because aws_s3_bucket.lambda_code is not in configuration)
- resource "aws_s3_bucket" "lambda_code" {
- acl = "private" -> null
- arn = "arn:aws:s3:::forms-staging-lambda-code" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_domain_name = "forms-staging-lambda-code.s3.amazonaws.com" -> null
- bucket_regional_domain_name = "forms-staging-lambda-code.s3.ca-central-1.amazonaws.com" -> null
- force_destroy = true -> null
- hosted_zone_id = "Z1QDHH18159H29" -> null
- id = "forms-staging-lambda-code" -> null
- object_lock_enabled = false -> null
- region = "ca-central-1" -> null
- request_payer = "BucketOwner" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- grant {
- id = "8ee828b5522b38b6797b8f886ed0b30f039d4eaa7ea331fa60669a6e0352d7e5" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = true -> null
- mfa_delete = false -> null
}
}
# aws_s3_bucket_ownership_controls.lambda_code will be destroyed
# (because aws_s3_bucket_ownership_controls.lambda_code is not in configuration)
- resource "aws_s3_bucket_ownership_controls" "lambda_code" {
- bucket = "forms-staging-lambda-code" -> null
- id = "forms-staging-lambda-code" -> null
- rule {
- object_ownership = "BucketOwnerEnforced" -> null
}
}
# aws_s3_bucket_public_access_block.lambda_code will be destroyed
# (because aws_s3_bucket_public_access_block.lambda_code is not in configuration)
- resource "aws_s3_bucket_public_access_block" "lambda_code" {
- block_public_acls = true -> null
- block_public_policy = true -> null
- bucket = "forms-staging-lambda-code" -> null
- id = "forms-staging-lambda-code" -> null
- ignore_public_acls = true -> null
- restrict_public_buckets = true -> null
}
# aws_s3_bucket_server_side_encryption_configuration.lambda_code will be destroyed
# (because aws_s3_bucket_server_side_encryption_configuration.lambda_code is not in configuration)
- resource "aws_s3_bucket_server_side_encryption_configuration" "lambda_code" {
- bucket = "forms-staging-lambda-code" -> null
- id = "forms-staging-lambda-code" -> null
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
# aws_s3_bucket_versioning.lambda_code will be destroyed
# (because aws_s3_bucket_versioning.lambda_code is not in configuration)
- resource "aws_s3_bucket_versioning" "lambda_code" {
- bucket = "forms-staging-lambda-code" -> null
- id = "forms-staging-lambda-code" -> null
- versioning_configuration {
- status = "Enabled" -> null
}
}
Plan: 0 to add, 0 to change, 5 to destroy.
Changes to Outputs:
- lambda_code_arn = "arn:aws:s3:::forms-staging-lambda-code" -> null
- lambda_code_id = "forms-staging-lambda-code" -> null
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.audit_logs_archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.reliability_file_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.vault_file_storage"]
23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions
|
Staging: cognito✅ Terraform Init: Plan: 4 to add, 1 to change, 6 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cognito_user_pool.forms will be updated in-place
~ resource "aws_cognito_user_pool" "forms" {
id = "ca-central-1_Cguq9JNQ1"
name = "forms_user_pool"
tags = {}
# (13 unchanged attributes hidden)
~ lambda_config {
~ pre_sign_up = "arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Pre_Sign_Up" -> (known after apply)
# (1 unchanged attribute hidden)
~ custom_email_sender {
~ lambda_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Email_Sender" -> (known after apply)
# (1 unchanged attribute hidden)
}
}
# (5 unchanged blocks hidden)
}
# aws_iam_policy.lambda_s3 will be destroyed
# (because aws_iam_policy.lambda_s3 is not in configuration)
- resource "aws_iam_policy" "lambda_s3" {
- arn = "arn:aws:iam::687401027353:policy/cognito_lambda_s3" -> null
- description = "IAM policy for storing files in S3" -> null
- id = "arn:aws:iam::687401027353:policy/cognito_lambda_s3" -> null
- name = "cognito_lambda_s3" -> null
- path = "/" -> null
- policy = jsonencode(
{
- Statement = [
- {
- Action = [
- "s3:PutObject",
- "s3:ListBucket",
- "s3:GetObject",
- "s3:DeleteObject",
]
- Effect = "Allow"
- Resource = [
- "arn:aws:s3:::forms-staging-lambda-code/*",
- "arn:aws:s3:::forms-staging-lambda-code",
]
},
]
- Version = "2012-10-17"
}
) -> null
- policy_id = "ANPA2ADCLI4MTE2ZUSKZP" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
}
# aws_lambda_function.cognito_email_sender must be replaced
-/+ resource "aws_lambda_function" "cognito_email_sender" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Email_Sender" -> (known after apply)
~ function_name = "Cognito_Email_Sender" -> "cognito-email-sender" # forces replacement
- handler = "cognito_email_sender.handler" -> null
~ id = "Cognito_Email_Sender" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Email_Sender/invocations" -> (known after apply)
~ last_modified = "2024-01-12T15:09:29.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Email_Sender:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Email_Sender:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "cognito_email_sender_code" -> null
- s3_object_version = "pQng_9WlEDo1NcBrILhs20sbhfFBD1Oo" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "JQU+xOvCFaZHW/kdM3TnHxkFnJXz/ytxiRXLMJzpxF0=" -> (known after apply)
~ source_code_size = 5346786 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.cognito_pre_sign_up must be replaced
-/+ resource "aws_lambda_function" "cognito_pre_sign_up" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Pre_Sign_Up" -> (known after apply)
- filename = "/tmp/pre_sign_up_main.zip" -> null
~ function_name = "Cognito_Pre_Sign_Up" -> "cognito-pre-sign-up" # forces replacement
- handler = "pre_sign_up.handler" -> null
~ id = "Cognito_Pre_Sign_Up" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Pre_Sign_Up/invocations" -> (known after apply)
~ last_modified = "2023-10-30T19:32:35.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Pre_Sign_Up:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Cognito_Pre_Sign_Up:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "QTDI90Q+x/QfDnbowk26CzT+EGf4lzBQCRoJniGB88s=" -> (known after apply)
~ source_code_size = 326 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (2 unchanged blocks hidden)
}
# aws_lambda_permission.allow_cognito_to_call_cognito_email_sender_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cognito_to_call_cognito_email_sender_lambda" {
~ function_name = "Cognito_Email_Sender" -> "cognito-email-sender" # forces replacement
~ id = "terraform-20230516185044900500000003" -> (known after apply)
~ statement_id = "terraform-20230516185044900500000003" -> (known after apply)
~ statement_id_prefix = "terraform-" -> (known after apply)
# (3 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cognito_to_call_cognito_pre_sign_up_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cognito_to_call_cognito_pre_sign_up_lambda" {
~ function_name = "Cognito_Pre_Sign_Up" -> "cognito-pre-sign-up" # forces replacement
~ id = "terraform-20230607124925319100000001" -> (known after apply)
~ statement_id = "terraform-20230607124925319100000001" -> (known after apply)
~ statement_id_prefix = "terraform-" -> (known after apply)
# (3 unchanged attributes hidden)
}
# aws_s3_object.cognito_email_sender_code will be destroyed
# (because aws_s3_object.cognito_email_sender_code is not in configuration)
- resource "aws_s3_object" "cognito_email_sender_code" {
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "77b6abfcc32504965c9f28128c3bece9-2" -> null
- force_destroy = false -> null
- id = "cognito_email_sender_code" -> null
- key = "cognito_email_sender_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/cognito_email_sender.zip" -> null
- source_hash = "JQU+xOvCFaZHW/kdM3TnHxkFnJXz/ytxiRXLMJzpxF0=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- version_id = "pQng_9WlEDo1NcBrILhs20sbhfFBD1Oo" -> null
}
Plan: 4 to add, 1 to change, 6 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_cognito_user_pool.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_userpool_import_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_userpool_import"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cognito_encryption"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_pre_sign_up"]
31 tests, 19 passed, 12 warnings, 0 failures, 0 exceptions
|
Staging: app✅ Terraform Init: Plan: 1 to add, 0 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_ecs_task_definition.form_viewer must be replaced
-/+ resource "aws_ecs_task_definition" "form_viewer" {
~ arn = "arn:aws:ecs:ca-central-1:687401027353:task-definition/form-viewer:1506" -> (known after apply)
~ arn_without_revision = "arn:aws:ecs:ca-central-1:687401027353:task-definition/form-viewer" -> (known after apply)
~ container_definitions = jsonencode(
~ [
~ {
- cpu = 0
- essential = true
~ linuxParameters = {
~ capabilities = {
- add = []
# (1 unchanged attribute hidden)
}
}
- mountPoints = []
name = "form_viewer"
~ portMappings = [
~ {
- hostPort = 3000
- protocol = "tcp"
# (1 unchanged attribute hidden)
},
]
- systemControls = []
- volumesFrom = []
# (4 unchanged attributes hidden)
},
] # forces replacement
)
~ id = "form-viewer" -> (known after apply)
~ revision = 1506 -> (known after apply)
- tags = {} -> null
# (9 unchanged attributes hidden)
}
Plan: 1 to add, 0 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"]
34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions
|
Staging: lambdas✅ Terraform Init: Plan: 14 to add, 10 to change, 26 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cloudwatch_event_target.audit_logs_archiver_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "audit_logs_archiver_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs_Archiver" -> (known after apply)
id = "audit-logs-archiver-lambda-trigger-terraform-20240220171402558600000001"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.form_archiver_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "form_archiver_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Archive_Form_Templates" -> (known after apply)
id = "form-archiver-lambda-trigger-terraform-20240208183143516200000001"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.nagware_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "nagware_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Nagware" -> (known after apply)
id = "nagware-lambda-trigger-terraform-20240208193325429400000001"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.reliability_dlq_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "reliability_dlq_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability_DLQ_Consumer" -> (known after apply)
id = "reliability-dlq-lambda-trigger-terraform-20240208183143528700000002"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.response_archiver_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "response_archiver_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Response_Archiver" -> (known after apply)
id = "response-archiver-lambda-trigger-terraform-20240208183143574200000003"
# (3 unchanged attributes hidden)
}
# aws_iam_policy.lambda_s3 will be updated in-place
~ resource "aws_iam_policy" "lambda_s3" {
id = "arn:aws:iam::687401027353:policy/lambda_s3"
name = "lambda_s3"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = [
# (3 unchanged elements hidden)
"arn:aws:s3:::forms-staging-reliability-file-storage",
- "arn:aws:s3:::forms-staging-lambda-code/*",
- "arn:aws:s3:::forms-staging-lambda-code",
"arn:aws:s3:::forms-staging-audit-logs-archive-storage/*",
# (3 unchanged elements hidden)
]
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
tags = {}
# (5 unchanged attributes hidden)
}
# aws_lambda_code_signing_config.lambda_code_signing_config[0] will be destroyed
# (because aws_lambda_code_signing_config.lambda_code_signing_config is not in configuration)
- resource "aws_lambda_code_signing_config" "lambda_code_signing_config" {
- arn = "arn:aws:lambda:ca-central-1:687401027353:code-signing-config:csc-0e61d1a25a7a3956e" -> null
- config_id = "csc-0e61d1a25a7a3956e" -> null
- id = "arn:aws:lambda:ca-central-1:687401027353:code-signing-config:csc-0e61d1a25a7a3956e" -> null
- last_modified = "2023-12-11T15:10:22.188857Z" -> null
- allowed_publishers {
- signing_profile_version_arns = [
- "arn:aws:signer:ca-central-1:687401027353:/signing-profiles/lambda_signing_profile_20231207215659156300000001/3cak3nO7rT",
] -> null
}
- policies {
- untrusted_artifact_on_deployment = "Enforce" -> null
}
}
# aws_lambda_event_source_mapping.audit_logs will be updated in-place
~ resource "aws_lambda_event_source_mapping" "audit_logs" {
~ function_name = "arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs" -> (known after apply)
id = "bc90f6e4-30dc-4493-a000-2635f5db0fe9"
# (17 unchanged attributes hidden)
}
# aws_lambda_event_source_mapping.reliability will be updated in-place
~ resource "aws_lambda_event_source_mapping" "reliability" {
~ function_name = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability" -> (known after apply)
id = "1f81bf31-9e9a-487e-8f53-cfd54d93316a"
# (17 unchanged attributes hidden)
}
# aws_lambda_event_source_mapping.reprocess_submission will be updated in-place
~ resource "aws_lambda_event_source_mapping" "reprocess_submission" {
~ function_name = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability" -> (known after apply)
id = "e9bf5752-e38a-4dd8-9d2e-489597c00ef1"
# (17 unchanged attributes hidden)
}
# aws_lambda_event_source_mapping.vault_updated_item_stream will be updated in-place
~ resource "aws_lambda_event_source_mapping" "vault_updated_item_stream" {
~ function_name = "arn:aws:lambda:ca-central-1:687401027353:function:Vault_Data_Integrity_Check" -> (known after apply)
id = "6bfeda18-4b6d-4a3d-b54b-bbdebb8aa98e"
# (19 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lambda_function.audit_logs must be replaced
-/+ resource "aws_lambda_function" "audit_logs" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs" -> (known after apply)
~ function_name = "Audit_Logs" -> "audit-logs" # forces replacement
- handler = "audit_logs.handler" -> null
~ id = "Audit_Logs" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs/invocations" -> (known after apply)
~ last_modified = "2024-03-15T13:46:13.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "audit_logs_code" -> null
- s3_object_version = "AUJ430SITKAR0SC.DpjsXdw0iP5ntwXp" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "8XJrXQPGK78QNXqkYizyGlH5uM+xYA/x57QzSc/sbKw=" -> (known after apply)
~ source_code_size = 4114773 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.audit_logs_archiver must be replaced
-/+ resource "aws_lambda_function" "audit_logs_archiver" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs_Archiver" -> (known after apply)
~ function_name = "Audit_Logs_Archiver" -> "audit-logs-archiver" # forces replacement
- handler = "audit_logs_archiver.handler" -> null
~ id = "Audit_Logs_Archiver" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs_Archiver/invocations" -> (known after apply)
~ last_modified = "2024-02-20T17:14:02.647+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs_Archiver:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Audit_Logs_Archiver:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "audit_logs_archiver_code" -> null
- s3_object_version = "bMDQzYU6tawp4CUVqctMsk9nqAIirObZ" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "j21QkAUTlKxkmkad5xW89Zgl6fwIQ54MWvLhLAnhwdI=" -> (known after apply)
~ source_code_size = 4774980 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.form_archiver must be replaced
-/+ resource "aws_lambda_function" "form_archiver" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Archive_Form_Templates" -> (known after apply)
~ function_name = "Archive_Form_Templates" -> "form-archiver" # forces replacement
- handler = "form_archiver.handler" -> null
~ id = "Archive_Form_Templates" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Archive_Form_Templates/invocations" -> (known after apply)
~ last_modified = "2024-04-09T19:02:51.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Archive_Form_Templates:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Archive_Form_Templates:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "form_archiver_code" -> null
- s3_object_version = "abRfM2DX7WwemV.SuTE_2Mc9eU0DrDkp" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "tZom8NvYkLTCiFBHAx0p97qloJ1ZcMMumoKxxhc4SWc=" -> (known after apply)
~ source_code_size = 4485536 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.nagware must be replaced
-/+ resource "aws_lambda_function" "nagware" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Nagware" -> (known after apply)
~ function_name = "Nagware" -> "nagware" # forces replacement
- handler = "nagware.handler" -> null
~ id = "Nagware" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Nagware/invocations" -> (known after apply)
~ last_modified = "2024-04-09T19:02:46.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Nagware:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Nagware:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "nagware_code" -> null
- s3_object_version = "KyCYYJA9Gs44WT7Ups8oU49qpGhxfW.k" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "ewsERJHdgUqXPuAunXW9Djvue3VCJbRmdbJySbEUXMY=" -> (known after apply)
~ source_code_size = 10578943 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.reliability must be replaced
-/+ resource "aws_lambda_function" "reliability" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability" -> (known after apply)
~ function_name = "Reliability" -> "reliability" # forces replacement
- handler = "reliability.handler" -> null
~ id = "Reliability" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Reliability/invocations" -> (known after apply)
~ last_modified = "2024-04-22T14:01:41.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Reliability:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "reliability_code" -> null
- s3_object_version = "kTorjeerPtRM4w1pwNIig3.4D4YxE3JD" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "gyCSkTbBtROZbqEOQMsEWTd3X+JXF91xF4ufJrDBrys=" -> (known after apply)
~ source_code_size = 11933697 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.reliability_dlq_consumer must be replaced
-/+ resource "aws_lambda_function" "reliability_dlq_consumer" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability_DLQ_Consumer" -> (known after apply)
~ function_name = "Reliability_DLQ_Consumer" -> "reliability-dlq-consumer" # forces replacement
- handler = "dead_letter_queue_consumer.handler" -> null
~ id = "Reliability_DLQ_Consumer" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Reliability_DLQ_Consumer/invocations" -> (known after apply)
~ last_modified = "2024-02-08T18:31:43.556+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Reliability_DLQ_Consumer:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Reliability_DLQ_Consumer:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "reliability_dlq_consumer_code" -> null
- s3_object_version = "BvpQY3NZQMaRMOsGpoZWavOy3AZupOJY" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "F7WbeUnrxxXYZkj7tkJyJcFV6inBl3QWsV9AzLcvfB4=" -> (known after apply)
~ source_code_size = 4641394 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.response_archiver must be replaced
-/+ resource "aws_lambda_function" "response_archiver" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Response_Archiver" -> (known after apply)
~ function_name = "Response_Archiver" -> "response-archiver" # forces replacement
- handler = "response_archiver.handler" -> null
~ id = "Response_Archiver" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Response_Archiver/invocations" -> (known after apply)
~ last_modified = "2024-02-08T18:31:43.601+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Response_Archiver:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Response_Archiver:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "response_archiver_code" -> null
- s3_object_version = "Hooe7gUS8n2KyXfCqL6CuX9xUeCBapo6" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "iCOPYEkuyPrXdcFRLr6qL6swUo/kXiUZTdHb0tWWuOE=" -> (known after apply)
~ source_code_size = 5847434 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.submission must be replaced
-/+ resource "aws_lambda_function" "submission" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Submission" -> (known after apply)
- handler = "submission.handler" -> null
~ id = "Submission" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Submission/invocations" -> (known after apply)
~ last_modified = "2024-03-15T13:46:14.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Submission:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Submission:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "submission_code" -> null
- s3_object_version = "MnDwZ.Kvqsf5nNQdD39DAXo1ypnCEJhj" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "DJVk2STondW1jm6Vj61kIHKK8sQw/oCC/75SlBdG3b8=" -> (known after apply)
~ source_code_size = 5435903 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (8 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.vault_integrity must be replaced
-/+ resource "aws_lambda_function" "vault_integrity" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:Vault_Data_Integrity_Check" -> (known after apply)
- code_signing_config_arn = "arn:aws:lambda:ca-central-1:687401027353:code-signing-config:csc-0e61d1a25a7a3956e" -> null
~ function_name = "Vault_Data_Integrity_Check" -> "vault-integrity" # forces replacement
- handler = "vault_data_integrity_check.handler" -> null
~ id = "Vault_Data_Integrity_Check" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Vault_Data_Integrity_Check/invocations" -> (known after apply)
~ last_modified = "2024-05-01T13:11:36.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:Vault_Data_Integrity_Check:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:Vault_Data_Integrity_Check:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "signed/29941171-a3bb-4511-be92-2c7d9ddd8912" -> null
~ signing_job_arn = "arn:aws:signer:ca-central-1:687401027353:/signing-jobs/29941171-a3bb-4511-be92-2c7d9ddd8912" -> (known after apply)
~ signing_profile_version_arn = "arn:aws:signer:ca-central-1:687401027353:/signing-profiles/lambda_signing_profile_20231207215659156300000001/3cak3nO7rT" -> (known after apply)
~ source_code_hash = "PD5RmSEVjAYMZc1lvfSSn6O3RadR+J09hCPKVbQS/+g=" -> (known after apply)
~ source_code_size = 8238461 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- environment {
- variables = {
- "LOCALSTACK" = "false"
} -> null
}
- ephemeral_storage {
- size = 512 -> null
}
# (2 unchanged blocks hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_archive_form_responses_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_archive_form_responses_lambda" {
~ function_name = "Response_Archiver" -> "response-archiver" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_dead_letter_queue_consumer_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_dead_letter_queue_consumer_lambda" {
~ function_name = "Reliability_DLQ_Consumer" -> "reliability-dlq-consumer" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_form_archiver_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_form_archiver_lambda" {
~ function_name = "Archive_Form_Templates" -> "form-archiver" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_nagware_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_nagware_lambda" {
~ function_name = "Nagware" -> "nagware" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.audit_logs_archiver must be replaced
-/+ resource "aws_lambda_permission" "audit_logs_archiver" {
~ function_name = "Audit_Logs_Archiver" -> "audit-logs-archiver" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_s3_object.audit_logs_archiver_code will be destroyed
# (because aws_s3_object.audit_logs_archiver_code is not in configuration)
- resource "aws_s3_object" "audit_logs_archiver_code" {
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "application/octet-stream" -> null
- etag = "f904d0dfaa1ad573894fc1fbfba22a27"...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.audit_logs_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.form_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.nagware_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.reliability_dlq_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.response_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.response_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.vault_integrity"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sqs"]
WARN -... |
Staging: alarms✅ Terraform Init: Plan: 32 to add, 1 to change, 33 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cloudwatch_log_subscription_filter.forms_app_log_stream must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "forms_app_log_stream" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-3008753258" -> (known after apply)
name = "forms_app_log_stream"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.forms_unhandled_error_steam must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "forms_unhandled_error_steam" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-3008753258" -> (known after apply)
name = "forms_unhandled_error_stream"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_log"] will be destroyed
# (because key ["audit_log"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-821307863" -> null
- log_group_name = "/aws/lambda/Audit_Logs" -> null
- name = "error_detection_in_audit_log_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_logs"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Audit_Logs"
+ name = "error_detection_in_audit_logs_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_logs_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2742612913" -> (known after apply)
name = "error_detection_in_audit_logs_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["dlq_consumer"] will be destroyed
# (because key ["dlq_consumer"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-125968559" -> null
- log_group_name = "/aws/lambda/Reliability_DLQ_Consumer" -> null
- name = "error_detection_in_dlq_consumer_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["form_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Archive_Form_Templates"
+ name = "error_detection_in_form_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["nagware"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2378547274" -> (known after apply)
name = "error_detection_in_nagware_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["reliability"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2677299195" -> (known after apply)
name = "error_detection_in_reliability_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["reliability_dlq_consumer"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Reliability_DLQ_Consumer"
+ name = "error_detection_in_reliability_dlq_consumer_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["response_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-1985583210" -> (known after apply)
name = "error_detection_in_response_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["submission"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2956744385" -> (known after apply)
name = "error_detection_in_submission_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["template_archiver"] will be destroyed
# (because key ["template_archiver"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-4036201582" -> null
- log_group_name = "/aws/lambda/Archive_Form_Templates" -> null
- name = "error_detection_in_template_archiver_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["vault_data_integrity_check"] will be destroyed
# (because key ["vault_data_integrity_check"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-125604783" -> null
- log_group_name = "/aws/lambda/Vault_Data_Integrity_Check" -> null
- name = "error_detection_in_vault_data_integrity_check_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["vault_integrity"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name = "error_detection_in_vault_integrity_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_log"] will be destroyed
# (because key ["audit_log"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-821307863" -> null
- log_group_name = "/aws/lambda/Audit_Logs" -> null
- name = "timeout_detection_in_audit_log_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_logs"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Audit_Logs"
+ name = "timeout_detection_in_audit_logs_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_logs_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2742612913" -> (known after apply)
name = "timeout_detection_in_audit_logs_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["dlq_consumer"] will be destroyed
# (because key ["dlq_consumer"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-125968559" -> null
- log_group_name = "/aws/lambda/Reliability_DLQ_Consumer" -> null
- name = "timeout_detection_in_dlq_consumer_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["form_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Archive_Form_Templates"
+ name = "timeout_detection_in_form_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["nagware"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2378547274" -> (known after apply)
name = "timeout_detection_in_nagware_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["reliability"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2677299195" -> (known after apply)
name = "timeout_detection_in_reliability_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["reliability_dlq_consumer"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Reliability_DLQ_Consumer"
+ name = "timeout_detection_in_reliability_dlq_consumer_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["response_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-1985583210" -> (known after apply)
name = "timeout_detection_in_response_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["submission"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2956744385" -> (known after apply)
name = "timeout_detection_in_submission_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["template_archiver"] will be destroyed
# (because key ["template_archiver"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-4036201582" -> null
- log_group_name = "/aws/lambda/Archive_Form_Templates" -> null
- name = "timeout_detection_in_template_archiver_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["vault_data_integrity_check"] will be destroyed
# (because key ["vault_data_integrity_check"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-125604783" -> null
- log_group_name = "/aws/lambda/Vault_Data_Integrity_Check" -> null
- name = "timeout_detection_in_vault_data_integrity_check_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["vault_integrity"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name = "timeout_detection_in_vault_integrity_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "vault_data_integrity_check_lambda_iterator_age" {
~ dimensions = {
~ "FunctionName" = "Vault_Data_Integrity_Check" -> "vault-integrity"
~ "Resource" = "Vault_Data_Integrity_Check" -> "vault-integrity"
}
id = "Vault data integrity check lambda iterator age"
tags = {}
# (17 unchanged attributes hidden)
}
# aws_lambda_function.notify_slack must be replaced
-/+ resource "aws_lambda_function" "notify_slack" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" -> (known after apply)
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
- handler = "notify_slack.handler" -> null
~ id = "NotifySlack" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack/invocations" -> (known after apply)
~ last_modified = "2024-04-09T19:04:57.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-staging-lambda-code" -> null
- s3_key = "notify_slack_code" -> null
- s3_object_version = "Mmm0Cdbowg9iJjdYxmZSiP8lzDHqQJ8O" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "kbHJgDNOQodqCMI271CAcgHrZGTvsoUmV5UoyA6F7k8=" -> (known after apply)
~ source_code_size = 26171 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_lambda" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_critical must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_critical" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSCriticalAlert" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_ok must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_ok" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSOkAlert" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_ok_us_east must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_ok_us_east" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSOkAlertUSEast" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_warning must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_warning" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSWarningAlert" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_warning_us_east must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_warning_us_east" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSWarningAlertUSEast" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_s3_object.notify_slack_code will be destroyed
# (because aws_s3_object.notify_slack_code is not in configuration)
- resource "aws_s3_object" "notify_slack_code" {
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "application/octet-stream" -> null
- etag = "212705c038f15626255809231f4906e7" -> null
- force_destroy = false -> null
- id = "notify_slack_code" -> null
- key = "notify_slack_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/notify_slack_code.zip" -> null
- source_hash = "kbHJgDNOQodqCMI271CAcgHrZGTvsoUmV5UoyA6F7k8=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- version_id = "Mmm0Cdbowg9iJjdYxmZSiP8lzDHqQJ8O" -> null
}
# aws_sns_topic_subscription.topic_critical must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_critical" {
~ arn = "arn:aws:sns:ca-central-1:687401027353:alert-critical:5f8130a6-61be-4edc-b180-6c0101540e19" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:ca-central-1:687401027353:alert-critical:5f8130a6-61be-4edc-b180-6c0101540e19" -> (known after apply)
~ owner_id = "687401027353" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_ok must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_ok" {
~ arn = "arn:aws:sns:ca-central-1:687401027353:alert-ok:c1c0c05d-e97a-4e36-8f70-53ba9c4632a3" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:ca-central-1:687401027353:alert-ok:c1c0c05d-e97a-4e36-8f70-53ba9c4632a3" -> (known after apply)
~ owner_id = "687401027353" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_ok_us_east must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_ok_us_east" {
~ arn = "arn:aws:sns:us-east-1:687401027353:alert-ok:8ca9bae3-64b7-44d5-8fcc-cd90b21bed8a" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:us-east-1:687401027353:alert-ok:8ca9bae3-64b7-44d5-8fcc-cd90b21bed8a" -> (known after apply)
~ owner_id = "687401027353" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_warning must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_warning" {
~ arn = "arn:aws:sns:ca-central-1:687401027353:alert-warning:da0c2d3a-a255-4183-a601-9f987465d5ac" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:ca-central-1:687401027353:alert-warning:da0c2d3a-a255-4183-a601-9f987465d5ac" -> (known after apply)
~ owner_id = "687401027353" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_warning_us_east must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_warning_us_east" {
~ arn = "arn:aws:sns:us-east-1:687401027353:alert-warning:bf69d914-f76b-4e6e-aee2-6588d5388c05" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:687401027353:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:us-east-1:687401027353:alert-warning:bf69d914-f76b-4e6e-aee2-6588d5388c05" -> (known after apply)
~ owner_id = "687401027353" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
Plan: 32 to add, 1 to change, 33 to destroy.
Warning: Argument is deprecated
with module.athena_bucket.aws_s3_bucket.this,
on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
8: resource "aws_s3_bucket" "this" {
Use the aws_s3_bucket_lifecycle_configuration resource instead
(and 3 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup1"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup2"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.response_time_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.route53_ddos[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.twoFa_verification_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_slack_lambda"]
WARN - plan.json -... |
Staging: load_testing✅ Terraform Init: Plan: 1 to add, 0 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_lambda_function.load_testing must be replaced
-/+ resource "aws_lambda_function" "load_testing" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:687401027353:function:LoadTesting" -> (known after apply)
~ function_name = "LoadTesting" -> "load-testing" # forces replacement
~ id = "LoadTesting" -> (known after apply)
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:LoadTesting/invocations" -> (known after apply)
~ last_modified = "2024-01-26T18:26:40.000+0000" -> (known after apply)
- layers = [] -> null
~ qualified_arn = "arn:aws:lambda:ca-central-1:687401027353:function:LoadTesting:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:687401027353:function:LoadTesting:$LATEST/invocations" -> (known after apply)
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "fa577303c0f922f7b8b7394b1761926bcaf207e13af2e539d714afc4ca3cbb00" -> (known after apply)
~ source_code_size = 0 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (10 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
- logging_config {
- log_format = "Text" -> null
- log_group = "/aws/lambda/LoadTesting" -> null
}
# (2 unchanged blocks hidden)
}
Plan: 1 to add, 0 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_iam_role.load_test_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.load_testing"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
patheard
approved these changes
May 1, 2024
This was referenced May 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
IMPORTANT:
We should merge and apply #641 first
Summary | Résumé
linked to cds-snc/platform-forms-client#3486