chore: GCForms release v3.5.0 #526
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![sre-read-write[bot]](https://avatars.githubusercontent.com/in/146819?s=60&v=4){kind=small}
sre-read-write
bot
requested review from
dsamojlenko and
timarney
as code owners
sre-read-write
bot
changed the title
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
10 times, most recently
from
d9f15b5
to
e654c64
Compare
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
13 times, most recently
from
186fb1b
to
a7158ac
Compare
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
2 times, most recently
from
5f0c329
to
28c22fa
Compare
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
2 times, most recently
from
cb2d10f
to
2455f30
Compare
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
from
2455f30
to
909a1e6
Compare
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
from
909a1e6
to
2c3412a
Compare
Production: ecr✅ Terraform Init: Plan: 0 to add, 1 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_ecr_repository.viewer_repository will be updated in-place
~ resource "aws_ecr_repository" "viewer_repository" {
id = "form_viewer_production"
name = "form_viewer_production"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.viewer_repository"]
20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions
|
Production: hosted_zone✅ Terraform Init: Plan: 0 to add, 1 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
Terraform will perform the following actions:
# aws_route53_zone.form_viewer[0] will be updated in-place
~ resource "aws_route53_zone" "form_viewer" {
id = "Z1031499PBK3926Y7HKK"
name = "forms-formulaires.alpha.canada.ca"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (7 unchanged attributes hidden)
}
# aws_route53_zone.form_viewer[1] will be destroyed
# (because index [1] is out of range for count)
- resource "aws_route53_zone" "form_viewer" {
- arn = "arn:aws:route53:::hostedzone/Z0774184336K3QX9DUJ7E" -> null
- comment = "Managed by Terraform" -> null
- force_destroy = false -> null
- id = "Z0774184336K3QX9DUJ7E" -> null
- name = "forms-formulaires.canada.ca" -> null
- name_servers = [
- "ns-1218.awsdns-24.org",
- "ns-2042.awsdns-63.co.uk",
- "ns-26.awsdns-03.com",
- "ns-843.awsdns-41.net",
] -> null
- primary_name_server = "ns-2042.awsdns-63.co.uk" -> null
- tags = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- zone_id = "Z0774184336K3QX9DUJ7E" -> null
}
Plan: 0 to add, 1 to change, 1 to destroy.
Changes to Outputs:
~ hosted_zone_ids = [
"Z1031499PBK3926Y7HKK",
- "Z0774184336K3QX9DUJ7E",
]
~ hosted_zone_names = [
"forms-formulaires.alpha.canada.ca",
- "forms-formulaires.canada.ca",
]
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.form_viewer[0]"]
20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions
|
Production: kms✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_kms_key.cloudwatch will be updated in-place
~ resource "aws_kms_key" "cloudwatch" {
id = "b5973af1-3114-4808-9455-57441c35854d"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_kms_key.cloudwatch_us_east will be updated in-place
~ resource "aws_kms_key" "cloudwatch_us_east" {
id = "cd20da31-792b-421e-bd6e-e5b16fd791c9"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_kms_key.dynamo_db will be updated in-place
~ resource "aws_kms_key" "dynamo_db" {
id = "afbaea67-8277-4a4c-853e-7697dd2dade5"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cloudwatch"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cloudwatch_us_east"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.dynamo_db"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Production: oidc_roles✅ Terraform Init: Plan: 6 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_iam_policy.platform_forms_client_release[0] will be created
+ resource "aws_iam_policy" "platform_forms_client_release" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "platform-forms-client-release"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "ecr:UploadLayerPart",
+ "ecr:SetRepositoryPolicy",
+ "ecr:PutImage",
+ "ecr:ListImages",
+ "ecr:InitiateLayerUpload",
+ "ecr:GetRepositoryPolicy",
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:DescribeRepositories",
+ "ecr:DescribeImages",
+ "ecr:CompleteLayerUpload",
+ "ecr:BatchGetImage",
+ "ecr:BatchDeleteImage",
+ "ecr:BatchCheckLayerAvailability",
]
+ Effect = "Allow"
+ Resource = "arn:aws:ecr:ca-central-1:957818836222:repository/form_viewer_production"
},
+ {
+ Action = "ecr:GetAuthorizationToken"
+ Effect = "Allow"
+ Resource = "*"
},
]
+ Version = "2012-10-17"
}
)
+ policy_id = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_iam_role_policy_attachment.forms_terraform_apply_release_admin[0] will be created
+ resource "aws_iam_role_policy_attachment" "forms_terraform_apply_release_admin" {
+ id = (known after apply)
+ policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
+ role = "forms-terraform-apply-release"
}
# aws_iam_role_policy_attachment.platform_forms_client_release[0] will be created
+ resource "aws_iam_role_policy_attachment" "platform_forms_client_release" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "platform-forms-client-release"
}
# module.github_workflow_roles.aws_iam_role.this["forms-terraform-apply-release"] will be created
+ resource "aws_iam_role" "this" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRoleWithWebIdentity"
+ Condition = {
+ StringLike = {
+ "token.actions.githubusercontent.com:sub" = "repo:cds-snc/forms-terraform:ref:refs/tags/v*"
}
}
+ Effect = "Allow"
+ Principal = {
+ Federated = "arn:aws:iam::957818836222:oidc-provider/token.actions.githubusercontent.com"
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "forms-terraform-apply-release"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
}
# module.github_workflow_roles.aws_iam_role.this["platform-forms-client-pr-review-env"] will be created
+ resource "aws_iam_role" "this" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRoleWithWebIdentity"
+ Condition = {
+ StringLike = {
+ "token.actions.githubusercontent.com:sub" = "repo:cds-snc/platform-forms-client:pull_request"
}
}
+ Effect = "Allow"
+ Principal = {
+ Federated = "arn:aws:iam::957818836222:oidc-provider/token.actions.githubusercontent.com"
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "platform-forms-client-pr-review-env"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
}
# module.github_workflow_roles.aws_iam_role.this["platform-forms-client-release"] will be created
+ resource "aws_iam_role" "this" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRoleWithWebIdentity"
+ Condition = {
+ StringLike = {
+ "token.actions.githubusercontent.com:sub" = "repo:cds-snc/platform-forms-client:ref:refs/tags/v*"
}
}
+ Effect = "Allow"
+ Principal = {
+ Federated = "arn:aws:iam::957818836222:oidc-provider/token.actions.githubusercontent.com"
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "platform-forms-client-release"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
}
Plan: 6 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.platform_forms_client_release[0]"]
20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions
|
Production: sqs✅ Terraform Init: Plan: 0 to add, 5 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_sqs_queue.audit_log_deadletter_queue will be updated in-place
~ resource "aws_sqs_queue" "audit_log_deadletter_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_deadletter_queue"
name = "audit_log_deadletter_queue"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sqs_queue.audit_log_queue will be updated in-place
~ resource "aws_sqs_queue" "audit_log_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
name = "audit_log_queue"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
}
# aws_sqs_queue.reliability_deadletter_queue will be updated in-place
~ resource "aws_sqs_queue" "reliability_deadletter_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/957818836222/reliability_deadletter_queue.fifo"
name = "reliability_deadletter_queue.fifo"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
}
# aws_sqs_queue.reliability_queue will be updated in-place
~ resource "aws_sqs_queue" "reliability_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/957818836222/submission_processing.fifo"
name = "submission_processing.fifo"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_sqs_queue.reprocess_submission_queue will be updated in-place
~ resource "aws_sqs_queue" "reprocess_submission_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
name = "reprocess_submission_queue.fifo"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
Plan: 0 to add, 5 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.audit_log_deadletter_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.audit_log_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.reliability_deadletter_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.reliability_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.reprocess_submission_queue"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
Production: secrets✅ Terraform Init: Plan: 2 to add, 4 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# aws_secretsmanager_secret.notify_callback_bearer_token will be created
+ resource "aws_secretsmanager_secret" "notify_callback_bearer_token" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = "notify_callback_bearer_token"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 0
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_secretsmanager_secret_version.freshdesk_api_key will be updated in-place
~ resource "aws_secretsmanager_secret_version" "freshdesk_api_key" {
id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:freshdesk_api_key-2Q118n|050422F2-B95D-45CF-83EC-7F5D7B1A59A2"
# (5 unchanged attributes hidden)
}
# aws_secretsmanager_secret_version.notify_api_key will be updated in-place
~ resource "aws_secretsmanager_secret_version" "notify_api_key" {
id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr|EE73FE9C-4AE8-4807-8C62-583B67026995"
# (5 unchanged attributes hidden)
}
# aws_secretsmanager_secret_version.notify_callback_bearer_token will be created
+ resource "aws_secretsmanager_secret_version" "notify_callback_bearer_token" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# aws_secretsmanager_secret_version.recaptcha_secret will be updated in-place
~ resource "aws_secretsmanager_secret_version" "recaptcha_secret" {
id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN|967811CC-0531-47D8-8EBB-989DA955784C"
# (5 unchanged attributes hidden)
}
# aws_secretsmanager_secret_version.token_secret will be updated in-place
~ resource "aws_secretsmanager_secret_version" "token_secret" {
id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou|B98778D7-F936-4F7A-985E-CC38A5FA7213"
# (5 unchanged attributes hidden)
}
Plan: 2 to add, 4 to change, 0 to destroy.
Changes to Outputs:
+ notify_callback_bearer_token_secret_arn = (known after apply)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.freshdesk_api_key"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.notify_api_key"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.notify_callback_bearer_token"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.recaptcha_secret"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.token_secret"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
Production: s3✅ Terraform Init: Plan: 13 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.lambda_code will be created
+ resource "aws_s3_bucket" "lambda_code" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "forms-production-lambda-code"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
}
# aws_s3_bucket_lifecycle_configuration.archive_storage will be created
+ resource "aws_s3_bucket_lifecycle_configuration" "archive_storage" {
+ bucket = "forms-production-archive-storage"
+ id = (known after apply)
+ rule {
+ id = "Clear Archive Storage after 30 days"
+ status = "Enabled"
+ expiration {
+ days = 30
+ expired_object_delete_marker = (known after apply)
}
}
}
# aws_s3_bucket_lifecycle_configuration.reliability_file_storage will be created
+ resource "aws_s3_bucket_lifecycle_configuration" "reliability_file_storage" {
+ bucket = "forms-production-reliability-file-storage"
+ id = (known after apply)
+ rule {
+ id = "Clear Reliability Queue after 30 days"
+ status = "Enabled"
+ expiration {
+ days = 30
+ expired_object_delete_marker = (known after apply)
}
}
}
# aws_s3_bucket_ownership_controls.archive_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "archive_storage" {
+ bucket = "forms-production-archive-storage"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_ownership_controls.lambda_code will be created
+ resource "aws_s3_bucket_ownership_controls" "lambda_code" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_ownership_controls.reliability_file_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "reliability_file_storage" {
+ bucket = "forms-production-reliability-file-storage"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_ownership_controls.vault_file_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "vault_file_storage" {
+ bucket = "forms-production-vault-file-storage"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_public_access_block.lambda_code will be created
+ resource "aws_s3_bucket_public_access_block" "lambda_code" {
+ block_public_acls = true
+ block_public_policy = true
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = true
+ restrict_public_buckets = true
}
# aws_s3_bucket_server_side_encryption_configuration.archive_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "archive_storage" {
+ bucket = "forms-production-archive-storage"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_server_side_encryption_configuration.lambda_code will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "lambda_code" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_server_side_encryption_configuration.reliability_file_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "reliability_file_storage" {
+ bucket = "forms-production-reliability-file-storage"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_server_side_encryption_configuration.vault_file_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "vault_file_storage" {
+ bucket = "forms-production-vault-file-storage"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_versioning.lambda_code will be created
+ resource "aws_s3_bucket_versioning" "lambda_code" {
+ bucket = (known after apply)
+ id = (known after apply)
+ versioning_configuration {
+ mfa_delete = (known after apply)
+ status = "Enabled"
}
}
Plan: 13 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ lambda_code_arn = (known after apply)
+ lambda_code_id = (known after apply)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.lambda_code"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.reliability_file_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.vault_file_storage"]
23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions
|
Production: sns✅ Terraform Init: Plan: 0 to add, 5 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_sns_topic.alert_critical will be updated in-place
~ resource "aws_sns_topic" "alert_critical" {
id = "arn:aws:sns:ca-central-1:957818836222:alert-critical"
name = "alert-critical"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_ok will be updated in-place
~ resource "aws_sns_topic" "alert_ok" {
id = "arn:aws:sns:ca-central-1:957818836222:alert-ok"
name = "alert-ok"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_ok_us_east will be updated in-place
~ resource "aws_sns_topic" "alert_ok_us_east" {
id = "arn:aws:sns:us-east-1:957818836222:alert-ok"
name = "alert-ok"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_warning will be updated in-place
~ resource "aws_sns_topic" "alert_warning" {
id = "arn:aws:sns:ca-central-1:957818836222:alert-warning"
name = "alert-warning"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_warning_us_east will be updated in-place
~ resource "aws_sns_topic" "alert_warning_us_east" {
id = "arn:aws:sns:us-east-1:957818836222:alert-warning"
name = "alert-warning"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 5 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_critical"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_ok"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_ok_us_east"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_warning"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_warning_us_east"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
Production: cognito✅ Terraform Init: Plan: 2 to add, 13 to change, 3 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
<= read (data resources)
Terraform will perform the following actions:
# data.aws_iam_policy_document.cognito_lambda_kms will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "cognito_lambda_kms" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "kms:Decrypt",
+ "kms:Encrypt",
+ "kms:GenerateDataKey",
]
+ effect = "Allow"
+ resources = [
+ "arn:aws:kms:ca-central-1:957818836222:key/632f1017-9281-41b3-8f25-56c6f81843a6",
]
}
}
# aws_cloudwatch_log_group.cognito_email_sender will be updated in-place
~ resource "aws_cloudwatch_log_group" "cognito_email_sender" {
id = "/aws/lambda/Cognito_Email_Sender"
name = "/aws/lambda/Cognito_Email_Sender"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.cognito_pre_sign_up will be updated in-place
~ resource "aws_cloudwatch_log_group" "cognito_pre_sign_up" {
id = "/aws/lambda/Cognito_Pre_Sign_Up"
name = "/aws/lambda/Cognito_Pre_Sign_Up"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cognito_user_pool.forms will be updated in-place
~ resource "aws_cognito_user_pool" "forms" {
id = "ca-central-1_eSTGTCw33"
name = "forms_user_pool"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (10 unchanged attributes hidden)
# (6 unchanged blocks hidden)
}
# aws_cognito_user_pool_client.forms will be updated in-place
~ resource "aws_cognito_user_pool_client" "forms" {
~ callback_urls = [
- "https://forms-formulaires.canada.ca/api/auth/callback/cognito",
# (2 unchanged elements hidden)
]
id = "5rkjd3us3ocssieiitdbtjitiv"
name = "forms_client"
# (16 unchanged attributes hidden)
}
# aws_iam_policy.cognito_lambda_kms will be updated in-place
~ resource "aws_iam_policy" "cognito_lambda_kms" {
id = "arn:aws:iam::957818836222:policy/cognito_lambda_kms"
name = "cognito_lambda_kms"
~ policy = jsonencode(
{
- Statement = [
- {
- Action = [
- "kms:GenerateDataKey",
- "kms:Encrypt",
- "kms:Decrypt",
]
- Effect = "Allow"
- Resource = "arn:aws:kms:ca-central-1:957818836222:key/632f1017-9281-41b3-8f25-56c6f81843a6"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.cognito_lambda_logging will be updated in-place
~ resource "aws_iam_policy" "cognito_lambda_logging" {
id = "arn:aws:iam::957818836222:policy/cognito_lambda_logging"
name = "cognito_lambda_logging"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.cognito_lambda_secrets will be updated in-place
~ resource "aws_iam_policy" "cognito_lambda_secrets" {
id = "arn:aws:iam::957818836222:policy/cognito_lambda_secrets"
name = "cognito_lambda_secrets"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:cognito_notify_api_key-M0cR8f" -> "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr"
- Sid = ""
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.cognito_userpool_import_logging will be updated in-place
~ resource "aws_iam_policy" "cognito_userpool_import_logging" {
id = "arn:aws:iam::957818836222:policy/cognito_userpool_import_logging"
name = "cognito_userpool_import_logging"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_s3 will be created
+ resource "aws_iam_policy" "lambda_s3" {
+ arn = (known after apply)
+ description = "IAM policy for storing files in S3"
+ id = (known after apply)
+ name = "cognito_lambda_s3"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "s3:PutObject",
+ "s3:ListBucket",
+ "s3:GetObject",
+ "s3:DeleteObject",
]
+ Effect = "Allow"
+ Resource = [
+ "arn:aws:s3:::forms-staging-lambda-code/*",
+ "arn:aws:s3:::forms-staging-lambda-code",
]
},
]
+ Version = "2012-10-17"
}
)
+ policy_id = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_iam_role.cognito_lambda will be updated in-place
~ resource "aws_iam_role" "cognito_lambda" {
id = "iam_for_cognito_lambda"
name = "iam_for_cognito_lambda"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_iam_role.cognito_userpool_import will be updated in-place
~ resource "aws_iam_role" "cognito_userpool_import" {
id = "role_for_cognito_user_pool_import"
name = "role_for_cognito_user_pool_import"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_kms_key.cognito_encryption will be updated in-place
~ resource "aws_kms_key" "cognito_encryption" {
id = "632f1017-9281-41b3-8f25-56c6f81843a6"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_lambda_function.cognito_email_sender will be updated in-place
~ resource "aws_lambda_function" "cognito_email_sender" {
- filename = "/tmp/cognito_email_sender_main.zip" -> null
id = "Cognito_Email_Sender"
~ last_modified = "2023-10-05T18:39:35.000+0000" -> (known after apply)
~ layers = [
- "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages:6",
]
~ runtime = "nodejs16.x" -> "nodejs18.x"
+ s3_bucket = "forms-staging-lambda-code"
+ s3_key = "cognito_email_sender_code"
+ s3_object_version = (known after apply)
~ source_code_hash = "Au9QF/JOavDRQ5VevDLPhwxxPe8omiNw08gEHhHx55Q=" -> "JQU+xOvCFaZHW/kdM3TnHxkFnJXz/ytxiRXLMJzpxF0="
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
~ environment {
~ variables = {
~ "NOTIFY_API_KEY" = (sensitive value)
# (3 unchanged elements hidden)
}
}
# (2 unchanged blocks hidden)
}
# aws_lambda_function.cognito_pre_sign_up will be updated in-place
~ resource "aws_lambda_function" "cognito_pre_sign_up" {
id = "Cognito_Pre_Sign_Up"
~ runtime = "nodejs16.x" -> "nodejs18.x"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (21 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lambda_layer_version.cognito_email_sender_nodejs will be destroyed
# (because aws_lambda_layer_version.cognito_email_sender_nodejs is not in configuration)
- resource "aws_lambda_layer_version" "cognito_email_sender_nodejs" {
- arn = "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages:6" -> null
- compatible_architectures = [] -> null
- compatible_runtimes = [
- "nodejs16.x",
] -> null
- created_date = "2023-09-19T18:53:44.051+0000" -> null
- filename = "/tmp/cognito_email_sender_nodejs.zip" -> null
- id = "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages:6" -> null
- layer_arn = "arn:aws:lambda:ca-central-1:957818836222:layer:cognito_email_sender_node_packages" -> null
- layer_name = "cognito_email_sender_node_packages" -> null
- skip_destroy = false -> null
- source_code_hash = "qs5cRdZWWVSfafohxew27cuy4hk3mS87FPivY+FhcwQ=" -> null
- source_code_size = 14750107 -> null
- version = "6" -> null
}
# aws_s3_object.cognito_email_sender_code will be created
+ resource "aws_s3_object" "cognito_email_sender_code" {
+ acl = (known after apply)
+ bucket = "forms-staging-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = (known after apply)
+ etag = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ key = "cognito_email_sender_code"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "/tmp/cognito_email_sender.zip"
+ source_hash = "JQU+xOvCFaZHW/kdM3TnHxkFnJXz/ytxiRXLMJzpxF0="
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_secretsmanager_secret.cognito_notify_api_key will be destroyed
# (because aws_secretsmanager_secret.cognito_notify_api_key is not in configuration)
- resource "aws_secretsmanager_secret" "cognito_notify_api_key" {
- arn = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:cognito_notify_api_key-M0cR8f" -> null
- force_overwrite_replica_secret = false -> null
- id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:cognito_notify_api_key-M0cR8f" -> null
- name = "cognito_notify_api_key" -> null
- recovery_window_in_days = 0 -> null
- tags = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
}
# aws_secretsmanager_secret_version.cognito_notify_api_key will be destroyed
# (because aws_secretsmanager_secret_version.cognito_notify_api_key is not in configuration)
- resource "aws_secretsmanager_secret_version" "cognito_notify_api_key" {
- arn = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:cognito_notify_api_key-M0cR8f" -> null
- id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:cognito_notify_api_key-M0cR8f|95DD5E13-0829-49EF-93EF-4B5AA3BA58ED" -> null
- secret_id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:cognito_notify_api_key-M0cR8f" -> null
- secret_string = (sensitive value) -> null
- version_id = "95DD5E13-0829-49EF-93EF-4B5AA3BA58ED" -> null
- version_stages = [
- "AWSCURRENT",
] -> null
}
Plan: 2 to add, 13 to change, 3 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_cognito_user_pool.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_userpool_import_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_userpool_import"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cognito_encryption"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.cognito_email_sender_code"]
33 tests, 19 passed, 14 warnings, 0 failures, 0 exceptions
|
Production: network✅ Terraform Init: Plan: 0 to add, 38 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
<= read (data resources)
Terraform will perform the following actions:
# data.aws_subnets.ecr_endpoint_available will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_subnets" "ecr_endpoint_available" {
+ id = (known after apply)
+ ids = (known after apply)
+ tags = (known after apply)
+ filter {
+ name = "availability-zone"
+ values = [
+ "ca-central-1a",
+ "ca-central-1b",
]
}
+ filter {
+ name = "tag:Access"
+ values = [
+ "private",
]
}
+ filter {
+ name = "vpc-id"
+ values = [
+ "vpc-0e852a6f3554a8bca",
]
}
}
# data.aws_subnets.lambda_endpoint_available will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_subnets" "lambda_endpoint_available" {
+ id = (known after apply)
+ ids = (known after apply)
+ tags = (known after apply)
+ filter {
+ name = "availability-zone"
+ values = [
+ "ca-central-1a",
+ "ca-central-1b",
]
}
+ filter {
+ name = "tag:Access"
+ values = [
+ "private",
]
}
+ filter {
+ name = "vpc-id"
+ values = [
+ "vpc-0e852a6f3554a8bca",
]
}
}
# aws_cloudwatch_log_group.vpc_flow_logs will be destroyed
# (because aws_cloudwatch_log_group.vpc_flow_logs is not in configuration)
- resource "aws_cloudwatch_log_group" "vpc_flow_logs" {
- arn = "arn:aws:logs:ca-central-1:957818836222:log-group:vpc_flow_logs" -> null
- id = "vpc_flow_logs" -> null
- kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d" -> null
- log_group_class = "STANDARD" -> null
- name = "vpc_flow_logs" -> null
- retention_in_days = 30 -> null
- skip_destroy = false -> null
- tags = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
}
# aws_default_network_acl.forms will be updated in-place
~ resource "aws_default_network_acl" "forms" {
id = "acl-054bdb4f6351cf6e8"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_default_security_group.default will be updated in-place
~ resource "aws_default_security_group" "default" {
id = "sg-027a790f905adbb8e"
name = "default"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_eip.forms_natgw[0] will be updated in-place
~ resource "aws_eip" "forms_natgw" {
id = "eipalloc-08d3d2a884ec58cc8"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms NAT GW 0"
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
}
# aws_eip.forms_natgw[1] will be updated in-place
~ resource "aws_eip" "forms_natgw" {
id = "eipalloc-0329d2be583e03c20"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms NAT GW 1"
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
}
# aws_eip.forms_natgw[2] will be updated in-place
~ resource "aws_eip" "forms_natgw" {
id = "eipalloc-060ce086e80bc118a"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms NAT GW 2"
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
}
# aws_flow_log.vpc_flow_logs will be updated in-place
~ resource "aws_flow_log" "vpc_flow_logs" {
id = "fl-065bf4e6e6ce5d704"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_internet_gateway.forms will be updated in-place
~ resource "aws_internet_gateway" "forms" {
id = "igw-023ce972ab41e75de"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms"
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_nat_gateway.forms[0] will be updated in-place
~ resource "aws_nat_gateway" "forms" {
id = "nat-071055050cf485fc9"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms NAT GW"
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_nat_gateway.forms[1] will be updated in-place
~ resource "aws_nat_gateway" "forms" {
id = "nat-04e2b29333e84d271"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms NAT GW"
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_nat_gateway.forms[2] will be updated in-place
~ resource "aws_nat_gateway" "forms" {
id = "nat-0adb087cdb234415e"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms NAT GW"
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_route_table.forms_private_subnet[0] will be updated in-place
~ resource "aws_route_table" "forms_private_subnet" {
id = "rtb-000360ffc3d5ded7d"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Private Subnet Route Table 0"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_route_table.forms_private_subnet[1] will be updated in-place
~ resource "aws_route_table" "forms_private_subnet" {
id = "rtb-07180f7c036aeb396"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Private Subnet Route Table 1"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_route_table.forms_private_subnet[2] will be updated in-place
~ resource "aws_route_table" "forms_private_subnet" {
id = "rtb-0670bdf15c614fd97"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Private Subnet Route Table 2"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_route_table.forms_public_subnet will be updated in-place
~ resource "aws_route_table" "forms_public_subnet" {
id = "rtb-0fc60a97f9ae525e0"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Public Subnet Route Table"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_security_group.forms will be updated in-place
~ resource "aws_security_group" "forms" {
id = "sg-0155dac5ed87643b8"
name = "forms"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_database will be updated in-place
~ resource "aws_security_group" "forms_database" {
id = "sg-0603a6edcc9e34d98"
name = "forms-database"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_egress will be updated in-place
~ resource "aws_security_group" "forms_egress" {
id = "sg-0c7360a0f85a6029d"
name = "egress-anywhere"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_load_balancer will be updated in-place
~ resource "aws_security_group" "forms_load_balancer" {
id = "sg-01b5880f792f4ec91"
name = "forms-load-balancer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_redis will be updated in-place
~ resource "aws_security_group" "forms_redis" {
id = "sg-0388290614e570375"
name = "forms-redis"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.privatelink will be updated in-place
~ resource "aws_security_group" "privatelink" {
id = "sg-0799d12ff9d17bded"
name = "privatelink"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_subnet.forms_private[0] will be updated in-place
~ resource "aws_subnet" "forms_private" {
id = "subnet-066cf27132a20a02a"
~ tags = {
"Access" = "private"
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Private Subnet 01"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_private[1] will be updated in-place
~ resource "aws_subnet" "forms_private" {
id = "subnet-05b9cd59ad60e88af"
~ tags = {
"Access" = "private"
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Private Subnet 02"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_private[2] will be updated in-place
~ resource "aws_subnet" "forms_private" {
id = "subnet-025adc92b0ee815ba"
~ tags = {
"Access" = "private"
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Private Subnet 03"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_public[0] will be updated in-place
~ resource "aws_subnet" "forms_public" {
id = "subnet-0133239e9f30e9b85"
~ tags = {
"Access" = "public"
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Public Subnet 01"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_public[1] will be updated in-place
~ resource "aws_subnet" "forms_public" {
id = "subnet-0251ed3bd219fb8e4"
~ tags = {
"Access" = "public"
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Public Subnet 02"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_public[2] will be updated in-place
~ resource "aws_subnet" "forms_public" {
id = "subnet-01cc2a8428d4971fc"
~ tags = {
"Access" = "public"
- "CostCentre" = "forms-platform-production" -> null
"Name" = "Public Subnet 03"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_vpc.forms will be updated in-place
~ resource "aws_vpc" "forms" {
id = "vpc-0e852a6f3554a8bca"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms"
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
}
# aws_vpc_endpoint.dynamodb will be updated in-place
~ resource "aws_vpc_endpoint" "dynamodb" {
id = "vpce-0a174a7ed4eb0e1df"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
}
# aws_vpc_endpoint.ecr-api will be updated in-place
~ resource "aws_vpc_endpoint" "ecr-api" {
id = "vpce-0be31e055c8632c41"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.ecr-dkr will be updated in-place
~ resource "aws_vpc_endpoint" "ecr-dkr" {
id = "vpce-0112e82a947a58d99"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.kms will be updated in-place
~ resource "aws_vpc_endpoint" "kms" {
id = "vpce-01823afab34fa01b8"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.lambda will be updated in-place
~ resource "aws_vpc_endpoint" "lambda" {
id = "vpce-09edc14f3327ad9af"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.logs will be updated in-place
~ resource "aws_vpc_endpoint" "logs" {
id = "vpce-0510598639c5d4b1e"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.monitoring will be updated in-place
~ resource "aws_vpc_endpoint" "monitoring" {
id = "vpce-0d2d7991102b71192"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.rds will be updated in-place
~ resource "aws_vpc_endpoint" "rds" {
id = "vpce-034bdcb2f931edfb6"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.s3 will be updated in-place
~ resource "aws_vpc_endpoint" "s3" {
id = "vpce-0454046d5763f35a5"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
}
# aws_vpc_endpoint.secretsmanager will be updated in-place
~ resource "aws_vpc_endpoint" "secretsmanager" {
id = "vpce-0a905000c1bcc3235"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.sqs will be updated in-place
~ resource "aws_vpc_endpoint" "sqs" {
id = "vpce-0c9ca7adb924ca99f"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 38 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_default_network_acl.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_default_security_group.default"]
WARN - plan.json - main - Missing Common Tags: ["aws_eip.forms_natgw[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_eip.forms_natgw[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_eip.forms_natgw[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_flow_log.vpc_flow_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_internet_gateway.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_nat_gateway.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_nat_gateway.forms[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_nat_gateway.forms[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_private_subnet[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_private_subnet[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_private_subnet[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_public_subnet"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_database"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_egress"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_load_balancer"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_redis"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.privatelink"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_private[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_private[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_private[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_public[0]"]
WARN - plan.json - main - Missing Common Tags:... |
Production: dynamodb✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_dynamodb_table.audit_logs will be updated in-place
~ resource "aws_dynamodb_table" "audit_logs" {
~ deletion_protection_enabled = false -> true
id = "AuditLogs"
name = "AuditLogs"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
# (7 unchanged blocks hidden)
}
# aws_dynamodb_table.reliability_queue will be updated in-place
~ resource "aws_dynamodb_table" "reliability_queue" {
~ deletion_protection_enabled = false -> true
id = "ReliabilityQueue"
name = "ReliabilityQueue"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_dynamodb_table.vault will be updated in-place
~ resource "aws_dynamodb_table" "vault" {
~ deletion_protection_enabled = false -> true
id = "Vault"
name = "Vault"
+ stream_arn = (known after apply)
~ stream_enabled = false -> true
+ stream_view_type = "NEW_AND_OLD_IMAGES"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
# (11 unchanged blocks hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
Changes to Outputs:
+ dynamodb_vault_stream_arn = (known after apply)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.reliability_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.vault"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Production: load_balancer✅ Terraform Init: Plan: 20 to add, 15 to change, 3 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
<= read (data resources)
Terraform will perform the following actions:
# data.aws_iam_policy_document.allow_cloudfront_to_access_static_website_in_s3 will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "allow_cloudfront_to_access_static_website_in_s3" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "s3:GetObject",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ principals {
+ identifiers = [
+ (known after apply),
]
+ type = "AWS"
}
}
}
# aws_acm_certificate.form_viewer will be updated in-place
~ resource "aws_acm_certificate" "form_viewer" {
id = "arn:aws:acm:ca-central-1:957818836222:certificate/71036e98-a054-4f6c-acf5-1024111a9af8"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_acm_certificate.form_viewer_maintenance_mode will be created
+ resource "aws_acm_certificate" "form_viewer_maintenance_mode" {
+ arn = (known after apply)
+ domain_name = "forms-formulaires.alpha.canada.ca"
+ domain_validation_options = [
+ {
+ domain_name = "forms-formulaires.alpha.canada.ca"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
]
+ id = (known after apply)
+ key_algorithm = (known after apply)
+ not_after = (known after apply)
+ not_before = (known after apply)
+ pending_renewal = (known after apply)
+ renewal_eligibility = (known after apply)
+ renewal_summary = (known after apply)
+ status = (known after apply)
+ subject_alternative_names = [
+ "forms-formulaires.alpha.canada.ca",
]
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ type = (known after apply)
+ validation_emails = (known after apply)
+ validation_method = "DNS"
}
# aws_acm_certificate_validation.form_viewer_maintenance_mode_cloudfront_certificate will be created
+ resource "aws_acm_certificate_validation" "form_viewer_maintenance_mode_cloudfront_certificate" {
+ certificate_arn = (known after apply)
+ id = (known after apply)
+ validation_record_fqdns = (known after apply)
}
# aws_cloudfront_distribution.maintenance_mode will be created
+ resource "aws_cloudfront_distribution" "maintenance_mode" {
+ aliases = [
+ "forms-formulaires.alpha.canada.ca",
]
+ arn = (known after apply)
+ caller_reference = (known after apply)
+ continuous_deployment_policy_id = (known after apply)
+ default_root_object = "index.html"
+ domain_name = (known after apply)
+ enabled = true
+ etag = (known after apply)
+ hosted_zone_id = (known after apply)
+ http_version = "http2"
+ id = (known after apply)
+ in_progress_validation_batches = (known after apply)
+ is_ipv6_enabled = false
+ last_modified_time = (known after apply)
+ price_class = "PriceClass_100"
+ retain_on_delete = false
+ staging = false
+ status = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ trusted_key_groups = (known after apply)
+ trusted_signers = (known after apply)
+ wait_for_deployment = true
+ web_acl_id = (known after apply)
+ default_cache_behavior {
+ allowed_methods = [
+ "GET",
+ "HEAD",
]
+ cached_methods = [
+ "GET",
+ "HEAD",
]
+ compress = true
+ default_ttl = 3600
+ max_ttl = 86400
+ min_ttl = 0
+ target_origin_id = "MaintenanceMode"
+ trusted_key_groups = (known after apply)
+ trusted_signers = (known after apply)
+ viewer_protocol_policy = "redirect-to-https"
+ forwarded_values {
+ headers = (known after apply)
+ query_string = false
+ query_string_cache_keys = (known after apply)
+ cookies {
+ forward = "none"
+ whitelisted_names = (known after apply)
}
}
}
+ origin {
+ connection_attempts = 3
+ connection_timeout = 10
+ domain_name = (known after apply)
+ origin_id = "MaintenanceMode"
+ s3_origin_config {
+ origin_access_identity = (known after apply)
}
}
+ restrictions {
+ geo_restriction {
+ locations = (known after apply)
+ restriction_type = "none"
}
}
+ viewer_certificate {
+ acm_certificate_arn = (known after apply)
+ minimum_protocol_version = "TLSv1.2_2019"
+ ssl_support_method = "sni-only"
}
}
# aws_cloudfront_origin_access_identity.maintenance_mode will be created
+ resource "aws_cloudfront_origin_access_identity" "maintenance_mode" {
+ caller_reference = (known after apply)
+ cloudfront_access_identity_path = (known after apply)
+ comment = "Access Identity for the Maintenance Website"
+ etag = (known after apply)
+ iam_arn = (known after apply)
+ id = (known after apply)
+ s3_canonical_user_id = (known after apply)
}
# aws_iam_role.firehose_waf_logs will be updated in-place
~ resource "aws_iam_role" "firehose_waf_logs" {
id = "firehose_waf_logs"
name = "firehose_waf_logs"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_kinesis_firehose_delivery_stream.firehose_waf_logs will be updated in-place
~ resource "aws_kinesis_firehose_delivery_stream" "firehose_waf_logs" {
id = "arn:aws:firehose:ca-central-1:957818836222:deliverystream/aws-waf-logs-forms"
name = "aws-waf-logs-forms"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lb.form_viewer will be updated in-place
~ resource "aws_lb" "form_viewer" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:loadbalancer/app/form-viewer/ef2ad28d416e7d87"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "form_viewer"
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (5 unchanged blocks hidden)
}
# aws_lb_listener.form_viewer_http will be updated in-place
~ resource "aws_lb_listener" "form_viewer_http" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:listener/app/form-viewer/ef2ad28d416e7d87/5a5321156d4692bb"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lb_listener.form_viewer_https will be updated in-place
~ resource "aws_lb_listener" "form_viewer_https" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:listener/app/form-viewer/ef2ad28d416e7d87/6cbbf9263c624fe9"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (7 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lb_target_group.form_viewer_1 will be updated in-place
~ resource "aws_lb_target_group" "form_viewer_1" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:targetgroup/form-viewer/8dac72758c8ecdcc"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "form_viewer_1"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
~ health_check {
~ matcher = "301,200" -> "200"
# (8 unchanged attributes hidden)
}
# (3 unchanged blocks hidden)
}
# aws_lb_target_group.form_viewer_2 will be updated in-place
~ resource "aws_lb_target_group" "form_viewer_2" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:targetgroup/form-viewer-2/a03ac97959b5fb63"
name = "form-viewer-2"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "form_viewer_2"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
~ health_check {
~ matcher = "301,200" -> "200"
# (8 unchanged attributes hidden)
}
# (3 unchanged blocks hidden)
}
# aws_route53_record.form_viewer[0] will be updated in-place
~ resource "aws_route53_record" "form_viewer" {
id = "Z1031499PBK3926Y7HKK_forms-formulaires.alpha.canada.ca_A"
name = "forms-formulaires.alpha.canada.ca"
+ set_identifier = "form_viewer_forms-formulaires.alpha.canada.ca_primary"
# (6 unchanged attributes hidden)
+ failover_routing_policy {
+ type = "PRIMARY"
}
# (1 unchanged block hidden)
}
# aws_route53_record.form_viewer[1] will be destroyed
# (because index [1] is out of range for count)
- resource "aws_route53_record" "form_viewer" {
- fqdn = "forms-formulaires.canada.ca" -> null
- id = "Z0774184336K3QX9DUJ7E_forms-formulaires.canada.ca_A" -> null
- multivalue_answer_routing_policy = false -> null
- name = "forms-formulaires.canada.ca" -> null
- records = [] -> null
- ttl = 0 -> null
- type = "A" -> null
- zone_id = "Z0774184336K3QX9DUJ7E" -> null
- alias {
- evaluate_target_health = true -> null
- name = "form-viewer-1039776084.ca-central-1.elb.amazonaws.com" -> null
- zone_id = "ZQSVJUPU6J1EY" -> null
}
}
# aws_route53_record.form_viewer_maintenance[0] will be created
+ resource "aws_route53_record" "form_viewer_maintenance" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "forms-formulaires.alpha.canada.ca"
+ set_identifier = "form_viewer_forms-formulaires.alpha.canada.ca_secondary"
+ type = "A"
+ zone_id = "Z1031499PBK3926Y7HKK"
+ alias {
+ evaluate_target_health = false
+ name = (known after apply)
+ zone_id = (known after apply)
}
+ failover_routing_policy {
+ type = "SECONDARY"
}
}
# aws_route53_record.form_viewer_maintenance_mode_certificate_validation["forms-formulaires.alpha.canada.ca"] will be created
+ resource "aws_route53_record" "form_viewer_maintenance_mode_certificate_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z1031499PBK3926Y7HKK"
}
# aws_s3_bucket.firehose_waf_logs will be destroyed
# (because aws_s3_bucket.firehose_waf_logs is not in configuration)
- resource "aws_s3_bucket" "firehose_waf_logs" {
- acl = "private" -> null
- arn = "arn:aws:s3:::forms-waf-logs" -> null
- bucket = "forms-waf-logs" -> null
- bucket_domain_name = "forms-waf-logs.s3.amazonaws.com" -> null
- bucket_regional_domain_name = "forms-waf-logs.s3.ca-central-1.amazonaws.com" -> null
- force_destroy = false -> null
- hosted_zone_id = "Z1QDHH18159H29" -> null
- id = "forms-waf-logs" -> null
- object_lock_enabled = false -> null
- region = "ca-central-1" -> null
- request_payer = "BucketOwner" -> null
- tags = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- grant {
- id = "9a5058ac2253284c428c54c019d006666ef3eb73e380322b05c715157b6c384a" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- lifecycle_rule {
- abort_incomplete_multipart_upload_days = 0 -> null
- enabled = true -> null
- id = "tf-s3-lifecycle-20211122163203859500000001" -> null
- tags = {} -> null
- expiration {
- days = 90 -> null
- expired_object_delete_marker = false -> null
}
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = false -> null
- mfa_delete = false -> null
}
}
# aws_s3_bucket.maintenance_mode will be created
+ resource "aws_s3_bucket" "maintenance_mode" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "gc-forms-production-application-maintenance-page"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
}
# aws_s3_bucket_ownership_controls.maintenance_mode will be created
+ resource "aws_s3_bucket_ownership_controls" "maintenance_mode" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_policy.allow_cloudfront_to_access_static_website_in_s3 will be created
+ resource "aws_s3_bucket_policy" "allow_cloudfront_to_access_static_website_in_s3" {
+ bucket = (known after apply)
+ id = (known after apply)
+ policy = (known after apply)
}
# aws_s3_bucket_public_access_block.firehose_waf_logs will be destroyed
# (because aws_s3_bucket_public_access_block.firehose_waf_logs is not in configuration)
- resource "aws_s3_bucket_public_access_block" "firehose_waf_logs" {
- block_public_acls = true -> null
- block_public_policy = true -> null
- bucket = "forms-waf-logs" -> null
- id = "forms-waf-logs" -> null
- ignore_public_acls = true -> null
- restrict_public_buckets = true -> null
}
# aws_s3_bucket_public_access_block.maintenance_mode will be created
+ resource "aws_s3_bucket_public_access_block" "maintenance_mode" {
+ block_public_acls = true
+ block_public_policy = true
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = true
+ restrict_public_buckets = true
}
# aws_s3_bucket_server_side_encryption_configuration.maintenance_mode will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "maintenance_mode" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_website_configuration.maintenance_mode will be created
+ resource "aws_s3_bucket_website_configuration" "maintenance_mode" {
+ bucket = (known after apply)
+ id = (known after apply)
+ routing_rules = (known after apply)
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ index_document {
+ suffix = "index.html"
}
}
# aws_s3_object.maintenance_static_page_css_files["style.css"] will be created
+ resource "aws_s3_object" "maintenance_static_page_css_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "text/css"
+ etag = "92fa1c75f720e83330756f94b06aa8bf"
+ force_destroy = false
+ id = (known after apply)
+ key = "style.css"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/style.css"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_html_files["index-fr.html"] will be created
+ resource "aws_s3_object" "maintenance_static_page_html_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "text/html"
+ etag = "5c195ef016b9e898437a543aba2301ac"
+ force_destroy = false
+ id = (known after apply)
+ key = "index-fr.html"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/index-fr.html"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_html_files["index.html"] will be created
+ resource "aws_s3_object" "maintenance_static_page_html_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "text/html"
+ etag = "f15e6aa2fd75c9b6b97d93d2b1fedfbd"
+ force_destroy = false
+ id = (known after apply)
+ key = "index.html"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/index.html"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_ico_files["favicon.ico"] will be created
+ resource "aws_s3_object" "maintenance_static_page_ico_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "image/png"
+ etag = "58bd7822fbbd5642104beae2b25a1b5b"
+ force_destroy = false
+ id = (known after apply)
+ key = "favicon.ico"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/favicon.ico"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_svg_files["site-unavailable.svg"] will be created
+ resource "aws_s3_object" "maintenance_static_page_svg_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "image/svg+xml"
+ etag = "1d263a8e324e88ea09c9b630de277c45"
+ force_destroy = false
+ id = (known after apply)
+ key = "site-unavailable.svg"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/site-unavailable.svg"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_shield_protection.alb will be updated in-place
~ resource "aws_shield_protection" "alb" {
id = "226e4196-5d94-447d-a43b-ed55167f7abb"
name = "LoadBalancer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (3 unchanged attributes hidden)
}
# aws_shield_protection.route53_hosted_zone[0] will be updated in-place
~ resource "aws_shield_protection" "route53_hosted_zone" {
id = "abb8c7ef-5e58-4b87-afe6-2eeb93734f51"
name = "Route53HostedZone"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (3 unchanged attributes hidden)
}
# aws_shield_protection.route53_hosted_zone[1] will be updated in-place
~ resource "aws_shield_protection" "route53_hosted_zone" {
id = "d363bd65-e6a1-4084-82d7-42fc99c81ad5"
name = "Route53HostedZone"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (3 unchanged attributes hidden)
}
# aws_wafv2_regex_pattern_set.cognito_login_paths will be created
+ resource "aws_wafv2_regex_pattern_set" "cognito_login_paths" {
+ arn = (known after apply)
+ description = "Regex to match the login URIs"
+ id = (known after apply)
+ lock_token = (known after apply)
+ name = "cognito_login_paths"
+ scope = "REGIONAL"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ regular_expression {
+ regex_string = "^\\/(api\\/auth\\/(signin|callback)\\/cognito)$"
}
}
# aws_wafv2_regex_pattern_set.forms_base_url will be updated in-place
~ resource "aws_wafv2_regex_pattern_set" "forms_base_url" {
id = "e1ceb832-c7e4-4b53-a818-44a55e27b3e4"
name = "forms_base_url"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
- regular_expression {
- regex_string = "^forms-formulaires.canada.ca$" -> null
}
# (1 unchanged block hidden)
}
# aws_wafv2_regex_pattern_set.valid_app_uri_paths will be updated in-place
~ resource "aws_wafv2_regex_pattern_set" "valid_app_uri_paths" {
id = "f3927a12-2101-47c6-9a47-7353ac95ba92"
name = "valid_app_uri_paths"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
# (5 unchanged blocks hidden)
}
# aws_wafv2_regex_pattern_set.valid_maintenance_mode_uri_paths will be created
+ resource "aws_wafv2_regex_pattern_set" "valid_maintenance_mode_uri_paths" {
+ arn = (known after apply)
+ description = "Regex to match the maintenance page valid URIs"
+ id = (known after apply)
+ lock_token = (known after apply)
+ name = "valid_maintenance_page_uri_paths"
+ scope = "CLOUDFRONT"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ regular_expression {
+ regex_string = "^\\/(index.html|index-fr.html|style.css|site-unavailable.svg|favicon.ico)?$"
}
}
# aws_wafv2_web_acl.forms_acl will be updated in-place
~ resource "aws_wafv2_web_acl" "forms_acl" {
id = "88f61111-f91e-442b-9a19-c57c4f43ef7a"
name = "GCForms"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
- rule {
- name =...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer_maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudfront_distribution.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_kinesis_firehose_delivery_stream.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_http"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_https"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_1"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_2"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_css_files[\"style.css\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index-fr.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_ico_files[\"favicon.ico\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_svg_files[\"site-unavailable.svg\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.alb"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.route53_hosted_zone[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.route53_hosted_zone[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.cognito_login_paths"]
WARN - plan.json - main - Missing Common Tags:... |
Production: redis✅ Terraform Init: Plan: 0 to add, 2 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_elasticache_replication_group.redis will be updated in-place
~ resource "aws_elasticache_replication_group" "redis" {
id = "gcforms-redis-rep-group"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (33 unchanged attributes hidden)
}
# aws_elasticache_subnet_group.redis will be updated in-place
~ resource "aws_elasticache_subnet_group" "redis" {
id = "redis-subnet-group"
name = "redis-subnet-group"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_elasticache_replication_group.redis"]
WARN - plan.json - main - Missing Common Tags: ["aws_elasticache_subnet_group.redis"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
Production: rds✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_rds_cluster.forms will be updated in-place
~ resource "aws_rds_cluster" "forms" {
~ copy_tags_to_snapshot = false -> true
id = "forms-db-cluster"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
"Name" = "forms-db-cluster"
- "Terraform" = "true" -> null
}
# (39 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_secretsmanager_secret.database_secret will be updated in-place
~ resource "aws_secretsmanager_secret" "database_secret" {
+ force_overwrite_replica_secret = false
id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:database-secret-RThElE"
name = "database-secret"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (2 unchanged attributes hidden)
}
# aws_secretsmanager_secret.database_url will be updated in-place
~ resource "aws_secretsmanager_secret" "database_url" {
+ force_overwrite_replica_secret = false
id = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
name = "server-database-url"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (2 unchanged attributes hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_rds_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.database_secret"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.database_url"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Production: app✅ Terraform Init: Plan: 1 to add, 14 to change, 43 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
<= read (data resources)
Terraform will perform the following actions:
# data.template_file.form_viewer_task will be read during apply
# (depends on a resource or a module with changes pending)
<= data "template_file" "form_viewer_task" {
+ id = (known after apply)
+ rendered = (known after apply)
+ template = jsonencode(
[
+ {
+ environment = [
+ {
+ name = "METRIC_PROVIDER"
+ value = "${metric_provider}"
},
+ {
+ name = "TRACER_PROVIDER"
+ value = "${tracer_provider}"
},
+ {
+ name = "NEXTAUTH_URL"
+ value = "${nextauth_url}"
},
+ {
+ name = "REDIS_URL"
+ value = "${redis_url}"
},
+ {
+ name = "RELIABILITY_FILE_STORAGE"
+ value = "${reliability_file_storage}"
},
+ {
+ name = "RECAPTCHA_V3_SITE_KEY"
+ value = "${recaptcha_public}"
},
+ {
+ name = "TEMPORARY_TOKEN_TEMPLATE_ID"
+ value = "${gc_temp_token_template_id}"
},
+ {
+ name = "TEMPLATE_ID"
+ value = "${gc_template_id}"
},
+ {
+ name = "VAULT_FILE_STORAGE"
+ value = "${vault_file_storage}"
},
+ {
+ name = "COGNITO_ENDPOINT_URL"
+ value = "${cognito_endpoint_url}"
},
+ {
+ name = "COGNITO_CLIENT_ID"
+ value = "${cognito_client_id}"
},
+ {
+ name = "EMAIL_ADDRESS_CONTACT_US"
+ value = "${email_address_contact_us}"
},
+ {
+ name = "EMAIL_ADDRESS_SUPPORT"
+ value = "${email_address_support}"
},
+ {
+ name = "REPROCESS_SUBMISSION_QUEUE_URL"
+ value = "${reprocess_submission_queue}"
},
+ {
+ name = "AUDIT_LOG_QUEUE_URL"
+ value = "${audit_log_queue_url}"
},
]
+ image = "${image}"
+ linuxParameters = {
+ capabilities = {
+ drop = [
+ "ALL",
]
}
}
+ logConfiguration = {
+ logDriver = "awslogs"
+ options = {
+ awslogs-group = "${awslogs-group}"
+ awslogs-region = "${awslogs-region}"
+ awslogs-stream-prefix = "${awslogs-stream-prefix}"
}
}
+ name = "form_viewer"
+ portMappings = [
+ {
+ containerPort = 3000
},
]
+ secrets = [
+ {
+ name = "NOTIFY_API_KEY"
+ valueFrom = "${notify_api_key}"
},
+ {
+ name = "RECAPTCHA_V3_SECRET_KEY"
+ valueFrom = "${recaptcha_secret}"
},
+ {
+ name = "DATABASE_URL"
+ valueFrom = "${database_url}"
},
+ {
+ name = "TOKEN_SECRET"
+ valueFrom = "${token_secret}"
},
+ {
+ name = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
+ valueFrom = "${gc_notify_callback_bearer_token}"
},
+ {
+ name = "FRESHDESK_API_KEY"
+ valueFrom = "${freshdesk_api_key}"
},
]
},
]
)
+ vars = {
+ "audit_log_queue_url" = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
+ "awslogs-group" = "Forms"
+ "awslogs-region" = "ca-central-1"
+ "awslogs-stream-prefix" = "ecs-form-viewer"
+ "cognito_client_id" = "5rkjd3us3ocssieiitdbtjitiv"
+ "cognito_endpoint_url" = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33"
+ "database_url" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
+ "email_address_contact_us" = "[email protected]"
+ "email_address_support" = "[email protected]"
+ "freshdesk_api_key" = (sensitive value)
+ "gc_notify_callback_bearer_token" = (sensitive value)
+ "gc_temp_token_template_id" = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422"
+ "gc_template_id" = "92096ac6-1cc5-40ae-9052-fffdb8439a90"
+ "image" = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production"
+ "metric_provider" = "stdout"
+ "nextauth_url" = "https://forms-formulaires.alpha.canada.ca"
+ "notify_api_key" = (sensitive value)
+ "recaptcha_public" = "6LfuLrQnAAAAAK9Df3gem4XLMRVY2Laq6t2fhZhZ"
+ "recaptcha_secret" = (sensitive value)
+ "redis_url" = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com"
+ "reliability_file_storage" = "forms-production-reliability-file-storage"
+ "reprocess_submission_queue" = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
+ "token_secret" = (sensitive value)
+ "tracer_provider" = "stdout"
+ "vault_file_storage" = "forms-production-vault-file-storage"
}
}
# aws_appautoscaling_target.forms[0] will be updated in-place
~ resource "aws_appautoscaling_target" "forms" {
id = "service/arn:aws:ecs:ca-central-1:957818836222:cluster/Forms/form-viewer"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (6 unchanged attributes hidden)
}
# aws_cloudwatch_event_rule.cron_2am_every_day will be destroyed
# (because aws_cloudwatch_event_rule.cron_2am_every_day is not in configuration)
- resource "aws_cloudwatch_event_rule" "cron_2am_every_day" {
- arn = "arn:aws:events:ca-central-1:957818836222:rule/every-day-at-2am" -> null
- description = "Fires every day at 2am EST" -> null
- event_bus_name = "default" -> null
- id = "every-day-at-2am" -> null
- is_enabled = true -> null
- name = "every-day-at-2am" -> null
- schedule_expression = "cron(0 7 * * ? *)" -> null
- state = "ENABLED" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_event_rule.cron_3am_every_day will be destroyed
# (because aws_cloudwatch_event_rule.cron_3am_every_day is not in configuration)
- resource "aws_cloudwatch_event_rule" "cron_3am_every_day" {
- arn = "arn:aws:events:ca-central-1:957818836222:rule/every-day-at-3am" -> null
- description = "Fires every day at 3am EST" -> null
- event_bus_name = "default" -> null
- id = "every-day-at-3am" -> null
- is_enabled = true -> null
- name = "every-day-at-3am" -> null
- schedule_expression = "cron(0 8 * * ? *)" -> null
- state = "ENABLED" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_event_rule.cron_4am_every_day will be destroyed
# (because aws_cloudwatch_event_rule.cron_4am_every_day is not in configuration)
- resource "aws_cloudwatch_event_rule" "cron_4am_every_day" {
- arn = "arn:aws:events:ca-central-1:957818836222:rule/every-day-at-4am" -> null
- description = "Fires every day at 4am EST" -> null
- event_bus_name = "default" -> null
- id = "every-day-at-4am" -> null
- is_enabled = true -> null
- name = "every-day-at-4am" -> null
- schedule_expression = "cron(0 9 * * ? *)" -> null
- state = "ENABLED" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_event_rule.cron_5am_every_business_day will be destroyed
# (because aws_cloudwatch_event_rule.cron_5am_every_business_day is not in configuration)
- resource "aws_cloudwatch_event_rule" "cron_5am_every_business_day" {
- arn = "arn:aws:events:ca-central-1:957818836222:rule/every-business-day-at-5am" -> null
- description = "Fires every business day at 5am EST" -> null
- event_bus_name = "default" -> null
- id = "every-business-day-at-5am" -> null
- is_enabled = true -> null
- name = "every-business-day-at-5am" -> null
- schedule_expression = "cron(0 10 ? * MON-FRI *)" -> null
- state = "ENABLED" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_event_target.run_archive_form_responses_lambda_every_day will be destroyed
# (because aws_cloudwatch_event_target.run_archive_form_responses_lambda_every_day is not in configuration)
- resource "aws_cloudwatch_event_target" "run_archive_form_responses_lambda_every_day" {
- arn = "arn:aws:lambda:ca-central-1:957818836222:function:Archiver" -> null
- event_bus_name = "default" -> null
- id = "every-day-at-3am-terraform-20230417142819762400000003" -> null
- rule = "every-day-at-3am" -> null
- target_id = "terraform-20230417142819762400000003" -> null
}
# aws_cloudwatch_event_target.run_archive_form_templates_lambda_every_day will be destroyed
# (because aws_cloudwatch_event_target.run_archive_form_templates_lambda_every_day is not in configuration)
- resource "aws_cloudwatch_event_target" "run_archive_form_templates_lambda_every_day" {
- arn = "arn:aws:lambda:ca-central-1:957818836222:function:ArchiveFormTemplates" -> null
- event_bus_name = "default" -> null
- id = "every-day-at-4am-terraform-20230104154840782700000005" -> null
- rule = "every-day-at-4am" -> null
- target_id = "terraform-20230104154840782700000005" -> null
}
# aws_cloudwatch_event_target.run_dead_letter_queue_consumer_lambda_every_day will be destroyed
# (because aws_cloudwatch_event_target.run_dead_letter_queue_consumer_lambda_every_day is not in configuration)
- resource "aws_cloudwatch_event_target" "run_dead_letter_queue_consumer_lambda_every_day" {
- arn = "arn:aws:lambda:ca-central-1:957818836222:function:DeadLetterQueueConsumer" -> null
- event_bus_name = "default" -> null
- id = "every-day-at-2am-terraform-20230417142807011500000002" -> null
- rule = "every-day-at-2am" -> null
- target_id = "terraform-20230417142807011500000002" -> null
}
# aws_cloudwatch_event_target.run_nagware_lambda_every_day will be destroyed
# (because aws_cloudwatch_event_target.run_nagware_lambda_every_day is not in configuration)
- resource "aws_cloudwatch_event_target" "run_nagware_lambda_every_day" {
- arn = "arn:aws:lambda:ca-central-1:957818836222:function:Nagware" -> null
- event_bus_name = "default" -> null
- id = "every-business-day-at-5am-terraform-20230417142753187400000001" -> null
- rule = "every-business-day-at-5am" -> null
- target_id = "terraform-20230417142753187400000001" -> null
}
# aws_cloudwatch_log_group.archive_form_templates will be destroyed
# (because aws_cloudwatch_log_group.archive_form_templates is not in configuration)
- resource "aws_cloudwatch_log_group" "archive_form_templates" {
- arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/ArchiveFormTemplates" -> null
- id = "/aws/lambda/ArchiveFormTemplates" -> null
- kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d" -> null
- log_group_class = "STANDARD" -> null
- name = "/aws/lambda/ArchiveFormTemplates" -> null
- retention_in_days = 90 -> null
- skip_destroy = false -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_log_group.archiver will be destroyed
# (because aws_cloudwatch_log_group.archiver is not in configuration)
- resource "aws_cloudwatch_log_group" "archiver" {
- arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/Archiver" -> null
- id = "/aws/lambda/Archiver" -> null
- kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d" -> null
- log_group_class = "STANDARD" -> null
- name = "/aws/lambda/Archiver" -> null
- retention_in_days = 90 -> null
- skip_destroy = false -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_log_group.audit_logs will be destroyed
# (because aws_cloudwatch_log_group.audit_logs is not in configuration)
- resource "aws_cloudwatch_log_group" "audit_logs" {
- arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/AuditLogs" -> null
- id = "/aws/lambda/AuditLogs" -> null
- kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d" -> null
- log_group_class = "STANDARD" -> null
- name = "/aws/lambda/AuditLogs" -> null
- retention_in_days = 90 -> null
- skip_destroy = false -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_log_group.dead_letter_queue_consumer will be destroyed
# (because aws_cloudwatch_log_group.dead_letter_queue_consumer is not in configuration)
- resource "aws_cloudwatch_log_group" "dead_letter_queue_consumer" {
- arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/DeadLetterQueueConsumer" -> null
- id = "/aws/lambda/DeadLetterQueueConsumer" -> null
- kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d" -> null
- log_group_class = "STANDARD" -> null
- name = "/aws/lambda/DeadLetterQueueConsumer" -> null
- retention_in_days = 90 -> null
- skip_destroy = false -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_cloudwatch_log_group.forms will be updated in-place
~ resource "aws_cloudwatch_log_group" "forms" {
id = "Forms"
name = "Forms"
~ retention_in_days = 90 -> 731
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_codedeploy_app.app will be updated in-place
~ resource "aws_codedeploy_app" "app" {
id = "38ffd54a-d5be-4ce4-8a02-127b6be4b444:AppECS-Forms-form-viewer"
name = "AppECS-Forms-form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_codedeploy_deployment_group.app will be updated in-place
~ resource "aws_codedeploy_deployment_group" "app" {
id = "242791d0-af89-4e05-8e16-b250dac864b9"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (10 unchanged attributes hidden)
# (5 unchanged blocks hidden)
}
# aws_ecs_cluster.forms will be updated in-place
~ resource "aws_ecs_cluster" "forms" {
id = "arn:aws:ecs:ca-central-1:957818836222:cluster/Forms"
name = "Forms"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (2 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_ecs_service.form_viewer will be updated in-place
~ resource "aws_ecs_service" "form_viewer" {
+ force_new_deployment = true
id = "arn:aws:ecs:ca-central-1:957818836222:service/Forms/form-viewer"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_ecs_task_definition.form_viewer will be created
+ resource "aws_ecs_task_definition" "form_viewer" {
+ arn = (known after apply)
+ arn_without_revision = (known after apply)
+ container_definitions = (known after apply)
+ cpu = "2048"
+ execution_role_arn = "arn:aws:iam::957818836222:role/form-viewer"
+ family = "form-viewer"
+ id = (known after apply)
+ memory = "4096"
+ network_mode = "awsvpc"
+ requires_compatibilities = [
+ "FARGATE",
]
+ revision = (known after apply)
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ task_role_arn = "arn:aws:iam::957818836222:role/form-viewer"
}
# aws_iam_policy.cognito will be updated in-place
~ resource "aws_iam_policy" "cognito" {
id = "arn:aws:iam::957818836222:policy/cognito"
name = "cognito"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.forms_dynamodb will be updated in-place
~ resource "aws_iam_policy" "forms_dynamodb" {
id = "arn:aws:iam::957818836222:policy/forms_dynamodb"
name = "forms_dynamodb"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.forms_kms will be updated in-place
~ resource "aws_iam_policy" "forms_kms" {
id = "arn:aws:iam::957818836222:policy/ecs_kms"
name = "ecs_kms"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.forms_s3 will be updated in-place
~ resource "aws_iam_policy" "forms_s3" {
id = "arn:aws:iam::957818836222:policy/formsS3Access"
name = "formsS3Access"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.forms_secrets_manager will be updated in-place
~ resource "aws_iam_policy" "forms_secrets_manager" {
id = "arn:aws:iam::957818836222:policy/formsSecretsManagerKeyRetrieval"
name = "formsSecretsManagerKeyRetrieval"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = [
# (3 unchanged elements hidden)
"arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr",
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:gc_notify_callback_bearer_token-0zuI6O",
"arn:aws:secretsmanager:ca-central-1:957818836222:secret:freshdesk_api_key-2Q118n",
+ "arn:aws:secretsmanager:ca-central-1:123456789012:secret:notify_callback_bearer_token_secret",
]
- Sid = ""
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_iam_policy.forms_sqs will be updated in-place
~ resource "aws_iam_policy" "forms_sqs" {
id = "arn:aws:iam::957818836222:policy/forms_sqs"
name = "forms_sqs"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_app_invoke will be destroyed
# (because aws_iam_policy.lambda_app_invoke is not in configuration)
- resource "aws_iam_policy" "lambda_app_invoke" {
- arn = "arn:aws:iam::957818836222:policy/lambda_app_invoke" -> null
- description = "IAM policy for allowing the Forms app to invoke Lambda functions" -> null
- id = "arn:aws:iam::957818836222:policy/lambda_app_invoke" -> null
- name = "lambda_app_invoke" -> null
- path = "/" -> null
- policy = jsonencode(
{
- Statement = [
- {
- Action = "lambda:InvokeFunction"
- Effect = "Allow"
- Resource = "arn:aws:lambda:ca-central-1:957818836222:function:Submission"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> null
- policy_id = "ANPA56ATTST7NBGPS5RMA" -> null
- tags = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
}
# aws_iam_role.codedeploy will be updated in-place
~ resource "aws_iam_role" "codedeploy" {
id = "codedeploy"
name = "codedeploy"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_iam_role.forms will be updated in-place
~ resource "aws_iam_role" "forms" {
id = "form-viewer"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lambda_event_source_mapping.audit_logs will be destroyed
# (because aws_lambda_event_source_mapping.audit_logs is not in configuration)
- resource "aws_lambda_event_source_mapping" "audit_logs" {
- batch_size = 10 -> null
- bisect_batch_on_function_error = false -> null
- enabled = true -> null
- event_source_arn = "arn:aws:sqs:ca-central-1:957818836222:audit_log_queue" -> null
- function_arn = "arn:aws:lambda:ca-central-1:957818836222:function:AuditLogs" -> null
- function_name = "arn:aws:lambda:ca-central-1:957818836222:function:AuditLogs" -> null
- function_response_types = [
- "ReportBatchItemFailures",
] -> null
- id = "619b8515-4455-4fd3-a99e-f92c2bfc73b6" -> null
- last_modified = "2023-04-17T14:27:24Z" -> null
- maximum_batching_window_in_seconds = 30 -> null
- maximum_record_age_in_seconds = 0 -> null
- maximum_retry_attempts = 0 -> null
- parallelization_factor = 0 -> null
- queues = [] -> null
- state = "Enabled" -> null
- state_transition_reason = "USER_INITIATED" -> null
- topics = [] -> null
- tumbling_window_in_seconds = 0 -> null
- uuid = "619b8515-4455-4fd3-a99e-f92c2bfc73b6" -> null
}
# aws_lambda_function.archive_form_templates will be destroyed
# (because aws_lambda_function.archive_form_templates is not in configuration)
- resource "aws_lambda_function" "archive_form_templates" {
- architectures = [
- "x86_64",
] -> null
- arn = "arn:aws:lambda:ca-central-1:957818836222:function:ArchiveFormTemplates" -> null
- filename = "/tmp/archive_form_templates_main.zip" -> null
- function_name = "ArchiveFormTemplates" -> null
- handler = "archiver.handler" -> null
- id = "ArchiveFormTemplates" -> null
- invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:ArchiveFormTemplates/invocations" -> null
- last_modified = "2023-10-25T18:12:55.000+0000" -> null
- layers = [
- "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_lib_packages:3",
- "arn:aws:lambda:ca-central-1:957818836222:layer:archive_form_templates_node_packages:6",
] -> null
- memory_size = 128 -> null
- package_type = "Zip" -> null
- publish = false -> null
- qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:ArchiveFormTemplates:$LATEST" -> null
- qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:ArchiveFormTemplates:$LATEST/invocations" -> null
- reserved_concurrent_executions = -1 -> null
- role = "arn:aws:iam::957818836222:role/iam_for_lambda" -> null
- runtime = "nodejs18.x" -> null
- skip_destroy = false -> null
- source_code_hash = "X/5IZ2OGKUQN37O1Tmg8PkYLrDM/SAqY03rH0V1L2kI=" -> null
- source_code_size = 416 -> null
- tags = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- timeout = 300 -> null
- version = "$LATEST" -> null
- environment {
- variables = {
- "DB_ARN" = "arn:aws:rds:ca-central-1:957818836222:cluster:forms-db-cluster"
- "DB_NAME" = "forms"
- "DB_SECRET" = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:database-secret-RThElE"
- "ENVIRONMENT" = "production"
...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"]
34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions
|
Staging: lambdas✅ Terraform Init: Plan: 32 to add, 14 to change, 2 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cloudwatch_event_rule.cron_2am_every_day will be updated in-place
# (imported from "every-day-at-2am")
~ resource "aws_cloudwatch_event_rule" "cron_2am_every_day" {
arn = "arn:aws:events:ca-central-1:957818836222:rule/every-day-at-2am"
description = "Fires every day at 2am EST"
event_bus_name = "default"
id = "every-day-at-2am"
is_enabled = true
name = "every-day-at-2am"
schedule_expression = "cron(0 7 * * ? *)"
state = "ENABLED"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_event_rule.cron_3am_every_day will be updated in-place
# (imported from "every-day-at-3am")
~ resource "aws_cloudwatch_event_rule" "cron_3am_every_day" {
arn = "arn:aws:events:ca-central-1:957818836222:rule/every-day-at-3am"
description = "Fires every day at 3am EST"
event_bus_name = "default"
id = "every-day-at-3am"
is_enabled = true
name = "every-day-at-3am"
schedule_expression = "cron(0 8 * * ? *)"
state = "ENABLED"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_event_rule.cron_4am_every_day will be updated in-place
# (imported from "every-day-at-4am")
~ resource "aws_cloudwatch_event_rule" "cron_4am_every_day" {
arn = "arn:aws:events:ca-central-1:957818836222:rule/every-day-at-4am"
description = "Fires every day at 4am EST"
event_bus_name = "default"
id = "every-day-at-4am"
is_enabled = true
name = "every-day-at-4am"
schedule_expression = "cron(0 9 * * ? *)"
state = "ENABLED"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_event_rule.cron_5am_every_business_day will be updated in-place
# (imported from "every-business-day-at-5am")
~ resource "aws_cloudwatch_event_rule" "cron_5am_every_business_day" {
arn = "arn:aws:events:ca-central-1:957818836222:rule/every-business-day-at-5am"
description = "Fires every business day at 5am EST"
event_bus_name = "default"
id = "every-business-day-at-5am"
is_enabled = true
name = "every-business-day-at-5am"
schedule_expression = "cron(0 10 ? * MON-FRI *)"
state = "ENABLED"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_event_target.run_archive_form_responses_lambda_every_day will be created
+ resource "aws_cloudwatch_event_target" "run_archive_form_responses_lambda_every_day" {
+ arn = (known after apply)
+ event_bus_name = "default"
+ id = (known after apply)
+ rule = "every-day-at-3am"
+ target_id = (known after apply)
}
# aws_cloudwatch_event_target.run_archive_form_templates_lambda_every_day will be created
+ resource "aws_cloudwatch_event_target" "run_archive_form_templates_lambda_every_day" {
+ arn = (known after apply)
+ event_bus_name = "default"
+ id = (known after apply)
+ rule = "every-day-at-4am"
+ target_id = (known after apply)
}
# aws_cloudwatch_event_target.run_dead_letter_queue_consumer_lambda_every_day will be created
+ resource "aws_cloudwatch_event_target" "run_dead_letter_queue_consumer_lambda_every_day" {
+ arn = (known after apply)
+ event_bus_name = "default"
+ id = (known after apply)
+ rule = "every-day-at-2am"
+ target_id = (known after apply)
}
# aws_cloudwatch_event_target.run_nagware_lambda_every_day will be created
+ resource "aws_cloudwatch_event_target" "run_nagware_lambda_every_day" {
+ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Nagware"
+ event_bus_name = "default"
+ id = (known after apply)
+ rule = "every-business-day-at-5am"
+ target_id = (known after apply)
}
# aws_cloudwatch_log_group.archive_form_templates will be created
+ resource "aws_cloudwatch_log_group" "archive_form_templates" {
+ arn = (known after apply)
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
+ log_group_class = (known after apply)
+ name = "/aws/lambda/Archive_Form_Templates"
+ name_prefix = (known after apply)
+ retention_in_days = 731
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.audit_logs will be created
+ resource "aws_cloudwatch_log_group" "audit_logs" {
+ arn = (known after apply)
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
+ log_group_class = (known after apply)
+ name = "/aws/lambda/Audit_Logs"
+ name_prefix = (known after apply)
+ retention_in_days = 731
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.dead_letter_queue_consumer will be created
+ resource "aws_cloudwatch_log_group" "dead_letter_queue_consumer" {
+ arn = (known after apply)
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
+ log_group_class = (known after apply)
+ name = "/aws/lambda/Reliability_DLQ_Consumer"
+ name_prefix = (known after apply)
+ retention_in_days = 731
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.nagware will be updated in-place
# (imported from "/aws/lambda/Nagware")
~ resource "aws_cloudwatch_log_group" "nagware" {
arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/Nagware"
id = "/aws/lambda/Nagware"
kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
log_group_class = "STANDARD"
name = "/aws/lambda/Nagware"
~ retention_in_days = 90 -> 731
skip_destroy = false
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.reliability will be updated in-place
# (imported from "/aws/lambda/Reliability")
~ resource "aws_cloudwatch_log_group" "reliability" {
arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/Reliability"
id = "/aws/lambda/Reliability"
kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
log_group_class = "STANDARD"
name = "/aws/lambda/Reliability"
~ retention_in_days = 90 -> 731
skip_destroy = false
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.response_archiver will be created
+ resource "aws_cloudwatch_log_group" "response_archiver" {
+ arn = (known after apply)
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
+ log_group_class = (known after apply)
+ name = "/aws/lambda/Response_Archiver"
+ name_prefix = (known after apply)
+ retention_in_days = 731
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.submission will be updated in-place
# (imported from "/aws/lambda/Submission")
~ resource "aws_cloudwatch_log_group" "submission" {
arn = "arn:aws:logs:ca-central-1:957818836222:log-group:/aws/lambda/Submission"
id = "/aws/lambda/Submission"
kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
log_group_class = "STANDARD"
name = "/aws/lambda/Submission"
~ retention_in_days = 90 -> 731
skip_destroy = false
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_log_group.vault_integrity will be created
+ resource "aws_cloudwatch_log_group" "vault_integrity" {
+ arn = (known after apply)
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
+ log_group_class = (known after apply)
+ name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name_prefix = (known after apply)
+ retention_in_days = 731
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_iam_policy.lambda_dynamodb will be updated in-place
# (imported from "arn:aws:iam::957818836222:policy/lambda_dynamobdb")
~ resource "aws_iam_policy" "lambda_dynamodb" {
arn = "arn:aws:iam::957818836222:policy/lambda_dynamobdb"
description = "IAM policy for storing Form responses in DynamoDB"
id = "arn:aws:iam::957818836222:policy/lambda_dynamobdb"
name = "lambda_dynamobdb"
path = "/"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Action = [
"dynamodb:UpdateItem",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:PutItem",
+ "dynamodb:ListStreams",
"dynamodb:GetShardIterator",
"dynamodb:GetRecords",
"dynamodb:GetItem",
"dynamodb:DescribeStream",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
]
Effect = "Allow"
~ Resource = [
"arn:aws:dynamodb:ca-central-1:957818836222:table/Vault/index/*",
"arn:aws:dynamodb:ca-central-1:957818836222:table/Vault",
"arn:aws:dynamodb:ca-central-1:957818836222:table/ReliabilityQueue",
"arn:aws:dynamodb:ca-central-1:957818836222:table/AuditLogs/index/*",
"arn:aws:dynamodb:ca-central-1:957818836222:table/AuditLogs",
+ "arn:aws:dynamodb:ca-central-1:123456789012:table/Vault/stream/2023-03-14T15:54:31.086",
]
- Sid = ""
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7JI63YIBQ7"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_kms will be imported
resource "aws_iam_policy" "lambda_kms" {
arn = "arn:aws:iam::957818836222:policy/lambda_kms"
description = "IAM policy for storing encrypting and decrypting data"
id = "arn:aws:iam::957818836222:policy/lambda_kms"
name = "lambda_kms"
path = "/"
policy = jsonencode(
{
Statement = [
{
Action = [
"kms:GenerateDataKey",
"kms:Encrypt",
"kms:Decrypt",
]
Effect = "Allow"
Resource = [
"arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d",
"arn:aws:kms:ca-central-1:957818836222:key/afbaea67-8277-4a4c-853e-7697dd2dade5",
]
Sid = ""
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7DAMVNIVMU"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_logging will be imported
resource "aws_iam_policy" "lambda_logging" {
arn = "arn:aws:iam::957818836222:policy/lambda_logging"
description = "IAM policy for logging from a lambda"
id = "arn:aws:iam::957818836222:policy/lambda_logging"
name = "lambda_logging"
path = "/"
policy = jsonencode(
{
Statement = [
{
Action = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
]
Effect = "Allow"
Resource = "arn:aws:logs:*:*:*"
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7DLPNBNMP7"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_rds will be updated in-place
# (imported from "arn:aws:iam::957818836222:policy/lambda_rds")
~ resource "aws_iam_policy" "lambda_rds" {
arn = "arn:aws:iam::957818836222:policy/lambda_rds"
description = "IAM policy for allowing acces to DB"
id = "arn:aws:iam::957818836222:policy/lambda_rds"
name = "lambda_rds"
path = "/"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Action = [
- "dbqms:CreateFavoriteQuery",
- "dbqms:DescribeFavoriteQueries",
+ "tag:GetResources",
+ "secretsmanager:CreateSecret",
+ "rds-data:RollbackTransaction",
+ "rds-data:ExecuteStatement",
+ "rds-data:ExecuteSql",
+ "rds-data:CommitTransaction",
+ "rds-data:BeginTransaction",
+ "rds-data:BatchExecuteStatement",
+ "dbqms:UpdateQueryHistory",
"dbqms:UpdateFavoriteQuery",
- "dbqms:DeleteFavoriteQueries",
"dbqms:GetQueryString",
- "dbqms:CreateQueryHistory",
"dbqms:DescribeQueryHistory",
- "dbqms:UpdateQueryHistory",
+ "dbqms:DescribeFavoriteQueries",
"dbqms:DeleteQueryHistory",
- "rds-data:ExecuteSql",
- "rds-data:ExecuteStatement",
- "rds-data:BatchExecuteStatement",
- "rds-data:BeginTransaction",
- "rds-data:CommitTransaction",
- "rds-data:RollbackTransaction",
- "secretsmanager:CreateSecret",
- "secretsmanager:ListSecrets",
- "secretsmanager:GetRandomPassword",
- "tag:GetResources",
+ "dbqms:DeleteFavoriteQueries",
+ "dbqms:CreateQueryHistory",
+ "dbqms:CreateFavoriteQuery",
]
Effect = "Allow"
Resource = "*"
Sid = "RDSDataServiceAccess"
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7KRZUNWE7S"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_s3 will be updated in-place
# (imported from "arn:aws:iam::957818836222:policy/lambda_s3")
~ resource "aws_iam_policy" "lambda_s3" {
arn = "arn:aws:iam::957818836222:policy/lambda_s3"
description = "IAM policy for storing files in S3"
id = "arn:aws:iam::957818836222:policy/lambda_s3"
name = "lambda_s3"
path = "/"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
Action = [
"s3:PutObject",
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
]
Effect = "Allow"
~ Resource = [
+ "arn:aws:s3:::forms-staging-lambda-code/*",
+ "arn:aws:s3:::forms-staging-lambda-code",
"arn:aws:s3:::forms-production-vault-file-storage/*",
"arn:aws:s3:::forms-production-vault-file-storage",
"arn:aws:s3:::forms-production-reliability-file-storage/*",
"arn:aws:s3:::forms-production-reliability-file-storage",
"arn:aws:s3:::forms-production-archive-storage/*",
"arn:aws:s3:::forms-production-archive-storage",
]
- Sid = ""
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7NCGZE6SVF"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_secrets will be updated in-place
# (imported from "arn:aws:iam::957818836222:policy/lambda_secrets")
~ resource "aws_iam_policy" "lambda_secrets" {
arn = "arn:aws:iam::957818836222:policy/lambda_secrets"
description = "IAM policy for accessing secret manager"
id = "arn:aws:iam::957818836222:policy/lambda_secrets"
name = "lambda_secrets"
path = "/"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
Action = "secretsmanager:GetSecretValue"
Effect = "Allow"
~ Resource = [
- "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou",
"arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr",
"arn:aws:secretsmanager:ca-central-1:957818836222:secret:database-secret-RThElE",
]
- Sid = ""
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7ITUHDHSRG"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_sns will be imported
resource "aws_iam_policy" "lambda_sns" {
arn = "arn:aws:iam::957818836222:policy/lambda_sns"
description = "IAM policy for allowing lambda to publish message in SNS for Slack notification"
id = "arn:aws:iam::957818836222:policy/lambda_sns"
name = "lambda_sns"
path = "/"
policy = jsonencode(
{
Statement = [
{
Action = "sns:Publish"
Effect = "Allow"
Resource = "arn:aws:sns:ca-central-1:957818836222:alert-critical"
Sid = ""
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7GQDHURLJZ"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_policy.lambda_sqs will be imported
resource "aws_iam_policy" "lambda_sqs" {
arn = "arn:aws:iam::957818836222:policy/lambda_sqs"
description = "IAM policy for sending messages through SQS"
id = "arn:aws:iam::957818836222:policy/lambda_sqs"
name = "lambda_sqs"
path = "/"
policy = jsonencode(
{
Statement = [
{
Action = [
"sqs:SendMessage",
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
]
Effect = "Allow"
Resource = "arn:aws:sqs:*:*:*"
},
]
Version = "2012-10-17"
}
)
policy_id = "ANPA56ATTST7CRSZB3F5K"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
}
# aws_iam_role.lambda will be imported
resource "aws_iam_role" "lambda" {
arn = "arn:aws:iam::957818836222:role/iam_for_lambda"
assume_role_policy = jsonencode(
{
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "lambda.amazonaws.com"
}
Sid = ""
},
]
Version = "2012-10-17"
}
)
create_date = "2021-03-04T19:25:30Z"
force_detach_policies = false
id = "iam_for_lambda"
managed_policy_arns = [
"arn:aws:iam::957818836222:policy/lambda_dynamobdb",
"arn:aws:iam::957818836222:policy/lambda_kms",
"arn:aws:iam::957818836222:policy/lambda_logging",
"arn:aws:iam::957818836222:policy/lambda_rds",
"arn:aws:iam::957818836222:policy/lambda_s3",
"arn:aws:iam::957818836222:policy/lambda_secrets",
"arn:aws:iam::957818836222:policy/lambda_sns",
"arn:aws:iam::957818836222:policy/lambda_sqs",
"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
]
max_session_duration = 3600
name = "iam_for_lambda"
path = "/"
tags = {}
tags_all = {
"CostCentre" = "forms-platform-production"
"Terraform" = "true"
}
unique_id = "AROA56ATTST7BVNHHGEZ3"
}
# aws_iam_role_policy_attachment.AWSLambdaVPCAccessExecutionRole will be imported
resource "aws_iam_role_policy_attachment" "AWSLambdaVPCAccessExecutionRole" {
id = "iam_for_lambda-arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_dynamodb will be imported
resource "aws_iam_role_policy_attachment" "lambda_dynamodb" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_dynamobdb"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_dynamobdb"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_kms will be imported
resource "aws_iam_role_policy_attachment" "lambda_kms" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_kms"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_kms"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_logs will be imported
resource "aws_iam_role_policy_attachment" "lambda_logs" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_logging"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_logging"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_rds will be imported
resource "aws_iam_role_policy_attachment" "lambda_rds" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_rds"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_rds"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_s3 will be imported
resource "aws_iam_role_policy_attachment" "lambda_s3" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_s3"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_s3"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_secrets will be imported
resource "aws_iam_role_policy_attachment" "lambda_secrets" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_secrets"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_secrets"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_sns will be imported
resource "aws_iam_role_policy_attachment" "lambda_sns" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_sns"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_sns"
role = "iam_for_lambda"
}
# aws_iam_role_policy_attachment.lambda_sqs will be imported
resource "aws_iam_role_policy_attachment" "lambda_sqs" {
id = "iam_for_lambda-arn:aws:iam::957818836222:policy/lambda_sqs"
policy_arn = "arn:aws:iam::957818836222:policy/lambda_sqs"
role = "iam_for_lambda"
}
# aws_lambda_code_signing_config.lambda_code_signing_config[0] will be created
+ resource "aws_lambda_code_signing_config" "lambda_code_signing_config" {
+ arn = (known after apply)
+ config_id = (known after apply)
+ id = (known after apply)
+ last_modified = (known after apply)
+ allowed_publishers {
+ signing_profile_version_arns = (known after apply)
}
+ policies {
+ untrusted_artifact_on_deployment = "Enforce"
}
}
# aws_lambda_event_source_mapping.audit_logs will be created
+ resource "aws_lambda_event_source_mapping" "audit_logs" {
+ batch_size = 10
+ enabled = true
+ event_source_arn = "arn:aws:sqs:ca-central-1:957818836222:audit_log_queue"
+ function_arn = (known after apply)
+ function_name = (known after apply)
+ function_response_types = [
+ "ReportBatchItemFailures",
]
+ id = (known after apply)
+ last_modified = (known after apply)
+ last_processing_result = (known after apply)
+ maximum_batching_window_in_seconds = 30
+ maximum_record_age_in_seconds = (known after apply)
+ maximum_retry_attempts = (known after apply)
+ parallelization_factor = (known after apply)
+ state = (known after apply)
+ state_transition_reason = (known after apply)
+ uuid ...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_2am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_3am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_4am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_5am_every_business_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.response_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.vault_integrity"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.form_archiver"]
WARN -... |
Production: alarms✅ Terraform Init: Plan: 18 to add, 19 to change, 7 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
Terraform will perform the following actions:
# aws_cloudwatch_event_rule.codedeploy_sns will be updated in-place
~ resource "aws_cloudwatch_event_rule" "codedeploy_sns" {
id = "alert-on-codedeploy-status"
name = "alert-on-codedeploy-status"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (7 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.notify_slack will be updated in-place
~ resource "aws_cloudwatch_log_group" "notify_slack" {
id = "/aws/lambda/NotifySlack"
name = "/aws/lambda/NotifySlack"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.archiver_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.archiver_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "archiver_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-2821336831" -> null
- log_group_name = "/aws/lambda/Archiver" -> null
- name = "archiver_log_stream" -> null
}
# aws_cloudwatch_log_subscription_filter.audit_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.audit_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "audit_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-1997887864" -> null
- log_group_name = "/aws/lambda/AuditLogs" -> null
- name = "audit_log_stream" -> null
}
# aws_cloudwatch_log_subscription_filter.dlq_consumer_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.dlq_consumer_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "dlq_consumer_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-3956109137" -> null
- log_group_name = "/aws/lambda/DeadLetterQueueConsumer" -> null
- name = "dql_consumer_log_stream" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_log"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/AuditLogs"
+ name = "error_detection_in_audit_log_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["dlq_consumer"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/DeadLetterQueueConsumer"
+ name = "error_detection_in_dlq_consumer_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["nagware"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Nagware"
+ name = "error_detection_in_nagware_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["reliability"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Reliability"
+ name = "error_detection_in_reliability_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["response_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Response_Archiver"
+ name = "error_detection_in_response_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["submission"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Submission"
+ name = "error_detection_in_submission_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["template_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Archive_Form_Templates"
+ name = "error_detection_in_template_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["vault_data_integrity_check"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name = "error_detection_in_vault_data_integrity_check_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_log"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/AuditLogs"
+ name = "timeout_detection_in_audit_log_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["dlq_consumer"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/DeadLetterQueueConsumer"
+ name = "timeout_detection_in_dlq_consumer_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["nagware"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Nagware"
+ name = "timeout_detection_in_nagware_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["reliability"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Reliability"
+ name = "timeout_detection_in_reliability_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["response_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Response_Archiver"
+ name = "timeout_detection_in_response_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["submission"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Submission"
+ name = "timeout_detection_in_submission_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["template_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Archive_Form_Templates"
+ name = "timeout_detection_in_template_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["vault_data_integrity_check"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name = "timeout_detection_in_vault_data_integrity_check_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.nagware_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.nagware_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "nagware_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-2378547274" -> null
- log_group_name = "/aws/lambda/Nagware" -> null
- name = "nagware_log_stream" -> null
}
# aws_cloudwatch_log_subscription_filter.reliability_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.reliability_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "reliability_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-2677299195" -> null
- log_group_name = "/aws/lambda/Reliability" -> null
- name = "reliability_log_stream" -> null
}
# aws_cloudwatch_log_subscription_filter.submission_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.submission_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "submission_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-2956744385" -> null
- log_group_name = "/aws/lambda/Submission" -> null
- name = "submission_log_stream" -> null
}
# aws_cloudwatch_log_subscription_filter.template_archiver_log_stream will be destroyed
# (because aws_cloudwatch_log_subscription_filter.template_archiver_log_stream is not in configuration)
- resource "aws_cloudwatch_log_subscription_filter" "template_archiver_log_stream" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-2480592169" -> null
- log_group_name = "/aws/lambda/ArchiveFormTemplates" -> null
- name = "template_archiver_log_stream" -> null
}
# aws_cloudwatch_metric_alarm.ELB_5xx_error_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ELB_5xx_error_warn" {
id = "HTTPCode_ELB_5XX_Count"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.alb_ddos will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "alb_ddos" {
id = "ALBDDoS"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (17 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "audit_log_dead_letter_queue_warn" {
id = "AuditLogDeadLetterQueueWarn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn will be created
+ resource "aws_cloudwatch_metric_alarm" "cognito_login_outside_canada_warn" {
+ actions_enabled = true
+ alarm_actions = [
+ "arn:aws:sns:ca-central-1:957818836222:alert-warning",
]
+ alarm_description = "Forms: A sign-in by a forms owner has been detected from outside of Canada."
+ alarm_name = "AWSCognitoLoginOutsideCanadaAlarm"
+ arn = (known after apply)
+ comparison_operator = "GreaterThanThreshold"
+ dimensions = {
+ "Region" = "ca-central-1"
+ "Rule" = "AWSCognitoLoginOutsideCanada"
+ "WebACL" = "GCForms"
}
+ evaluate_low_sample_count_percentiles = (known after apply)
+ evaluation_periods = 1
+ id = (known after apply)
+ metric_name = "CountedRequests"
+ namespace = "AWS/WAFV2"
+ period = 60
+ statistic = "SampleCount"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ threshold = 0
+ treat_missing_data = "notBreaching"
}
# aws_cloudwatch_metric_alarm.cognito_signin_exceeded will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "cognito_signin_exceeded" {
id = "CognitoSigninExceeded"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.ddos_detected_forms_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ddos_detected_forms_warn" {
id = "DDoSDetectedformsWarn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ddos_detected_route53_warn" {
id = "DDoSDetectedRoute53Warn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[1] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ddos_detected_route53_warn" {
~ dimensions = {
~ "ResourceArn" = "Z1031499PBK3926Y7HKK" -> "Z0774184336K3QX9DUJ7E"
}
id = "DDoSDetectedRoute53Warn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "forms_cpu_utilization_high_warn" {
id = "CpuUtilizationWarn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "forms_memory_utilization_high_warn" {
id = "MemoryUtilizationWarn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "reliability_dead_letter_queue_warn" {
id = "ReliabilityDeadLetterQueueWarn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_cloudwatch_metric_alarm.response_time_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "response_time_warn" {
id = "ResponseTimeWarn"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_cloudwatch_metric_alarm.route53_ddos[0] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "route53_ddos" {
id = "Route53DDoS"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (17 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.route53_ddos[1] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "route53_ddos" {
~ dimensions = {
~ "ResourceArn" = "Z1031499PBK3926Y7HKK" -> "Z0774184336K3QX9DUJ7E"
}
id = "Route53DDoS"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
# (16 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.twoFa_verification_exceeded will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "twoFa_verification_exceeded" {
id = "2FAVerificationExceeded"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age will be created
+ resource "aws_cloudwatch_metric_alarm" "vault_data_integrity_check_lambda_iterator_age" {
+ actions_enabled = true
+ alarm_actions = [
+ "arn:aws:sns:ca-central-1:957818836222:alert-warning",
]
+ alarm_description = "Warning - Vault data integrity check lambda is unable to keep up with the amount of events sent by the Vault DynamoDB stream"
+ alarm_name = "Vault data integrity check lambda iterator age"
+ arn = (known after apply)
+ comparison_operator = "GreaterThanThreshold"
+ dimensions = {
+ "FunctionName" = "Vault_Data_Integrity_Check"
+ "Resource" = "Vault_Data_Integrity_Check"
}
+ evaluate_low_sample_count_percentiles = (known after apply)
+ evaluation_periods = 2
+ id = (known after apply)
+ metric_name = "IteratorAge"
+ namespace = "AWS/Lambda"
+ ok_actions = [
+ "arn:aws:sns:ca-central-1:957818836222:alert-ok",
]
+ period = 60
+ statistic = "Average"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ threshold = 90000
+ treat_missing_data = "notBreaching"
}
# aws_iam_role.notify_slack_lambda will be updated in-place
~ resource "aws_iam_role" "notify_slack_lambda" {
id = "NotifySlackLambda"
name = "NotifySlackLambda"
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lambda_function.notify_slack will be updated in-place
~ resource "aws_lambda_function" "notify_slack" {
id = "NotifySlack"
~ last_modified = "2023-08-16T18:18:08.956+0000" -> (known after apply)
~ runtime = "nodejs14.x" -> "nodejs18.x"
~ source_code_hash = "1jhdhT6lr8Vi+fcLtGWh4KDwpLBmROfUtD6qnYTbujE=" -> "aGx6QTTnU0Sadob77F9K9cNvEB58TKpnkHqYlJvbKtI="
~ tags = {
- "CostCentre" = "forms-platform-production" -> null
- "Terraform" = "true" -> null
}
# (19 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# module.athena_bucket.aws_s3_bucket.this will be updated in-place
~ resource "aws_s3_bucket" "this" {
id = "forms-production-athena-bucket"
~ tags = {
"CostCentre" = "forms-platform-production"
+ "Critical" = "false"
"Terraform" = "true"
}
~ tags_all = {
+ "Critical" = "false"
# (2 unchanged elements hidden)
}
# (10 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
Plan: 18 to add, 19 to change, 7 to destroy.
Warning: Argument is deprecated
with module.athena_bucket.aws_s3_bucket.this,
on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
8: resource "aws_s3_bucket" "this" {
Use the aws_s3_bucket_lifecycle_configuration resource instead
(and 3 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.response_time_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.route53_ddos[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.route53_ddos[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.twoFa_verification_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_slack_lambda"]
WARN - plan.json - main - Missing... |
bryan-robitaille
approved these changes
Jan 25, 2024
This was referenced Jan 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 I have created a release beep boop
3.5.0 (2024-01-25)
Features
Bug Fixes
Miscellaneous Chores
import.tffile (#584) (9d3b92a)This PR was generated with Release Please. See documentation.