chore: AWS Provider upgrade #556
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bryan-robitaille
force-pushed
the
chore/aws_provider_upgrade
branch
from
6dbf741 to
d695f8e
Compare
Co-authored-by: Clément JANIN <clement.janin@cds-snc.ca>
craigzour
previously approved these changes
Jan 9, 2024
⚠ Terrform update availableTerragrunt: 0.54.12 (using 0.54.8) |
Staging: ecr✅ Terraform Init: Plan: 0 to add, 2 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_ecr_repository.load_test_repository[0] will be updated in-place
~ resource "aws_ecr_repository" "load_test_repository" {
id = "load_test"
name = "load_test"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_ecr_repository.viewer_repository will be updated in-place
~ resource "aws_ecr_repository" "viewer_repository" {
id = "form_viewer_staging"
name = "form_viewer_staging"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.load_test_repository[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.viewer_repository"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
Staging: hosted_zone✅ Terraform Init: Plan: 0 to add, 1 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_route53_zone.form_viewer[0] will be updated in-place
~ resource "aws_route53_zone" "form_viewer" {
id = "Z05990652HOQ0SGHD81ZC"
name = "forms-staging.cdssandbox.xyz"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.form_viewer[0]"]
20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions
|
Staging: kms✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_kms_key.cloudwatch will be updated in-place
~ resource "aws_kms_key" "cloudwatch" {
id = "c5c2a1c2-c092-4fa1-8daf-3414f3511b1d"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_kms_key.cloudwatch_us_east will be updated in-place
~ resource "aws_kms_key" "cloudwatch_us_east" {
id = "6396cc01-7a02-47de-9bc1-4f810573812b"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_kms_key.dynamo_db will be updated in-place
~ resource "aws_kms_key" "dynamo_db" {
id = "1f3edb85-9eac-4da9-8c7c-43a68e339ede"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cloudwatch"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cloudwatch_us_east"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.dynamo_db"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Staging: sqs✅ Terraform Init: Plan: 0 to add, 5 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_sqs_queue.audit_log_deadletter_queue will be updated in-place
~ resource "aws_sqs_queue" "audit_log_deadletter_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/687401027353/audit_log_deadletter_queue"
name = "audit_log_deadletter_queue"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sqs_queue.audit_log_queue will be updated in-place
~ resource "aws_sqs_queue" "audit_log_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/687401027353/audit_log_queue"
name = "audit_log_queue"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
}
# aws_sqs_queue.reliability_deadletter_queue will be updated in-place
~ resource "aws_sqs_queue" "reliability_deadletter_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/687401027353/reliability_deadletter_queue.fifo"
name = "reliability_deadletter_queue.fifo"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
}
# aws_sqs_queue.reliability_queue will be updated in-place
~ resource "aws_sqs_queue" "reliability_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/687401027353/submission_processing.fifo"
name = "submission_processing.fifo"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_sqs_queue.reprocess_submission_queue will be updated in-place
~ resource "aws_sqs_queue" "reprocess_submission_queue" {
id = "https://sqs.ca-central-1.amazonaws.com/687401027353/reprocess_submission_queue.fifo"
name = "reprocess_submission_queue.fifo"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
Plan: 0 to add, 5 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.audit_log_deadletter_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.audit_log_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.reliability_deadletter_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.reliability_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_sqs_queue.reprocess_submission_queue"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
craigzour
approved these changes
Jan 10, 2024
Staging: secrets✅ Terraform Init: Plan: 1 to add, 5 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_secretsmanager_secret.freshdesk_api_key will be updated in-place
~ resource "aws_secretsmanager_secret" "freshdesk_api_key" {
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:freshdesk_api_key-JVyxop"
name = "freshdesk_api_key"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_secretsmanager_secret.notify_api_key will be updated in-place
~ resource "aws_secretsmanager_secret" "notify_api_key" {
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_api_key-eR3nNp"
name = "notify_api_key"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_secretsmanager_secret.notify_callback_bearer_token will be updated in-place
~ resource "aws_secretsmanager_secret" "notify_callback_bearer_token" {
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_callback_bearer_token-aXJPLs"
name = "notify_callback_bearer_token"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_secretsmanager_secret.recaptcha_secret will be updated in-place
~ resource "aws_secretsmanager_secret" "recaptcha_secret" {
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:recaptcha_secret-tTjsBo"
name = "recaptcha_secret"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_secretsmanager_secret.token_secret will be updated in-place
~ resource "aws_secretsmanager_secret" "token_secret" {
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:token_secret-n5Doyu"
name = "token_secret"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_secretsmanager_secret_version.notify_callback_bearer_token must be replaced
-/+ resource "aws_secretsmanager_secret_version" "notify_callback_bearer_token" {
~ arn = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_callback_bearer_token-aXJPLs" -> (known after apply)
~ id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_callback_bearer_token-aXJPLs|4A43D97C-2937-4E91-A924-ADF60955E459" -> (known after apply)
~ secret_string = (sensitive value) # forces replacement
~ version_id = "4A43D97C-2937-4E91-A924-ADF60955E459" -> (known after apply)
~ version_stages = [
- "AWSPREVIOUS",
] -> (known after apply)
# (1 unchanged attribute hidden)
}
Plan: 1 to add, 5 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.freshdesk_api_key"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.notify_api_key"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.notify_callback_bearer_token"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.recaptcha_secret"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.token_secret"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
Staging: s3✅ Terraform Init: Plan: 15 to add, 4 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# aws_s3_bucket.archive_storage will be updated in-place
~ resource "aws_s3_bucket" "archive_storage" {
id = "forms-staging-archive-storage"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_s3_bucket.lambda_code will be updated in-place
~ resource "aws_s3_bucket" "lambda_code" {
id = "forms-staging-lambda-code"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_s3_bucket.reliability_file_storage will be updated in-place
~ resource "aws_s3_bucket" "reliability_file_storage" {
id = "forms-staging-reliability-file-storage"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_s3_bucket.vault_file_storage will be updated in-place
~ resource "aws_s3_bucket" "vault_file_storage" {
id = "forms-staging-vault-file-storage"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_s3_bucket_acl.archive_storage will be created
+ resource "aws_s3_bucket_acl" "archive_storage" {
+ acl = "private"
+ bucket = "forms-staging-archive-storage"
+ id = (known after apply)
}
# aws_s3_bucket_acl.lambda_code will be created
+ resource "aws_s3_bucket_acl" "lambda_code" {
+ acl = "private"
+ bucket = "forms-staging-lambda-code"
+ id = (known after apply)
}
# aws_s3_bucket_acl.reliability_file_storage will be created
+ resource "aws_s3_bucket_acl" "reliability_file_storage" {
+ acl = "private"
+ bucket = "forms-staging-reliability-file-storage"
+ id = (known after apply)
}
# aws_s3_bucket_acl.vault_file_storage will be created
+ resource "aws_s3_bucket_acl" "vault_file_storage" {
+ acl = "private"
+ bucket = "forms-staging-vault-file-storage"
+ id = (known after apply)
}
# aws_s3_bucket_lifecycle_configuration.archive_storage will be created
+ resource "aws_s3_bucket_lifecycle_configuration" "archive_storage" {
+ bucket = "forms-staging-archive-storage"
+ id = (known after apply)
+ rule {
+ id = "Clear Archive Storage after 30 days"
+ status = "Enabled"
+ expiration {
+ days = 30
+ expired_object_delete_marker = (known after apply)
}
}
}
# aws_s3_bucket_lifecycle_configuration.reliability_file_storage will be created
+ resource "aws_s3_bucket_lifecycle_configuration" "reliability_file_storage" {
+ bucket = "forms-staging-reliability-file-storage"
+ id = (known after apply)
+ rule {
+ id = "Clear Reliability Queue after 30 days"
+ status = "Enabled"
+ expiration {
+ days = 30
+ expired_object_delete_marker = (known after apply)
}
}
}
# aws_s3_bucket_ownership_controls.archive_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "archive_storage" {
+ bucket = "forms-staging-archive-storage"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_ownership_controls.lambda_code will be created
+ resource "aws_s3_bucket_ownership_controls" "lambda_code" {
+ bucket = "forms-staging-lambda-code"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_ownership_controls.reliability_file_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "reliability_file_storage" {
+ bucket = "forms-staging-reliability-file-storage"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_ownership_controls.vault_file_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "vault_file_storage" {
+ bucket = "forms-staging-vault-file-storage"
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_server_side_encryption_configuration.archive_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "archive_storage" {
+ bucket = "forms-staging-archive-storage"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_server_side_encryption_configuration.lambda_code will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "lambda_code" {
+ bucket = "forms-staging-lambda-code"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_server_side_encryption_configuration.reliability_file_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "reliability_file_storage" {
+ bucket = "forms-staging-reliability-file-storage"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_server_side_encryption_configuration.vault_file_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "vault_file_storage" {
+ bucket = "forms-staging-vault-file-storage"
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_versioning.lambda_code will be created
+ resource "aws_s3_bucket_versioning" "lambda_code" {
+ bucket = "forms-staging-lambda-code"
+ id = (known after apply)
+ versioning_configuration {
+ mfa_delete = (known after apply)
+ status = "Enabled"
}
}
Plan: 15 to add, 4 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.lambda_code"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.reliability_file_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.vault_file_storage"]
23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions
|
Staging: sns✅ Terraform Init: Plan: 0 to add, 5 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_sns_topic.alert_critical will be updated in-place
~ resource "aws_sns_topic" "alert_critical" {
id = "arn:aws:sns:ca-central-1:687401027353:alert-critical"
name = "alert-critical"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_ok will be updated in-place
~ resource "aws_sns_topic" "alert_ok" {
id = "arn:aws:sns:ca-central-1:687401027353:alert-ok"
name = "alert-ok"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_ok_us_east will be updated in-place
~ resource "aws_sns_topic" "alert_ok_us_east" {
id = "arn:aws:sns:us-east-1:687401027353:alert-ok"
name = "alert-ok"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_warning will be updated in-place
~ resource "aws_sns_topic" "alert_warning" {
id = "arn:aws:sns:ca-central-1:687401027353:alert-warning"
name = "alert-warning"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
# aws_sns_topic.alert_warning_us_east will be updated in-place
~ resource "aws_sns_topic" "alert_warning_us_east" {
id = "arn:aws:sns:us-east-1:687401027353:alert-warning"
name = "alert-warning"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 5 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_critical"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_ok"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_ok_us_east"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_warning"]
WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.alert_warning_us_east"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
Staging: cognito✅ Terraform Init: Plan: 2 to add, 12 to change, 3 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
<= read (data resources)
Terraform will perform the following actions:
# data.aws_iam_policy_document.cognito_lambda_kms will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "cognito_lambda_kms" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "kms:Decrypt",
+ "kms:Encrypt",
+ "kms:GenerateDataKey",
]
+ effect = "Allow"
+ resources = [
+ "arn:aws:kms:ca-central-1:687401027353:key/976bc5ab-8b78-4ee2-9b86-5fc56942233e",
]
}
}
# aws_cloudwatch_log_group.cognito_email_sender will be updated in-place
~ resource "aws_cloudwatch_log_group" "cognito_email_sender" {
id = "/aws/lambda/Cognito_Email_Sender"
name = "/aws/lambda/Cognito_Email_Sender"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.cognito_pre_sign_up will be updated in-place
~ resource "aws_cloudwatch_log_group" "cognito_pre_sign_up" {
id = "/aws/lambda/Cognito_Pre_Sign_Up"
name = "/aws/lambda/Cognito_Pre_Sign_Up"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cognito_user_pool.forms will be updated in-place
~ resource "aws_cognito_user_pool" "forms" {
id = "ca-central-1_Cguq9JNQ1"
name = "forms_user_pool"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (12 unchanged attributes hidden)
# (6 unchanged blocks hidden)
}
# aws_iam_policy.cognito_lambda_kms will be updated in-place
~ resource "aws_iam_policy" "cognito_lambda_kms" {
id = "arn:aws:iam::687401027353:policy/cognito_lambda_kms"
name = "cognito_lambda_kms"
~ policy = jsonencode(
{
- Statement = [
- {
- Action = [
- "kms:GenerateDataKey",
- "kms:Encrypt",
- "kms:Decrypt",
]
- Effect = "Allow"
- Resource = "arn:aws:kms:ca-central-1:687401027353:key/976bc5ab-8b78-4ee2-9b86-5fc56942233e"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.cognito_lambda_logging will be updated in-place
~ resource "aws_iam_policy" "cognito_lambda_logging" {
id = "arn:aws:iam::687401027353:policy/cognito_lambda_logging"
name = "cognito_lambda_logging"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.cognito_lambda_secrets will be updated in-place
~ resource "aws_iam_policy" "cognito_lambda_secrets" {
id = "arn:aws:iam::687401027353:policy/cognito_lambda_secrets"
name = "cognito_lambda_secrets"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:cognito_notify_api_key-RFNlh9" -> "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_api_key-eR3nNp"
- Sid = ""
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.cognito_userpool_import_logging will be updated in-place
~ resource "aws_iam_policy" "cognito_userpool_import_logging" {
id = "arn:aws:iam::687401027353:policy/cognito_userpool_import_logging"
name = "cognito_userpool_import_logging"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_s3 will be created
+ resource "aws_iam_policy" "lambda_s3" {
+ arn = (known after apply)
+ description = "IAM policy for storing files in S3"
+ id = (known after apply)
+ name = "lambda_s3"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "s3:PutObject",
+ "s3:ListBucket",
+ "s3:GetObject",
+ "s3:DeleteObject",
]
+ Effect = "Allow"
+ Resource = [
+ "arn:aws:s3:::forms-staging-lambda-code/*",
+ "arn:aws:s3:::forms-staging-lambda-code",
]
},
]
+ Version = "2012-10-17"
}
)
+ policy_id = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
}
# aws_iam_role.cognito_lambda will be updated in-place
~ resource "aws_iam_role" "cognito_lambda" {
id = "iam_for_cognito_lambda"
name = "iam_for_cognito_lambda"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_iam_role.cognito_userpool_import will be updated in-place
~ resource "aws_iam_role" "cognito_userpool_import" {
id = "role_for_cognito_user_pool_import"
name = "role_for_cognito_user_pool_import"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_kms_key.cognito_encryption will be updated in-place
~ resource "aws_kms_key" "cognito_encryption" {
id = "976bc5ab-8b78-4ee2-9b86-5fc56942233e"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_lambda_function.cognito_email_sender will be updated in-place
~ resource "aws_lambda_function" "cognito_email_sender" {
- filename = "/tmp/cognito_email_sender_main.zip" -> null
id = "Cognito_Email_Sender"
~ last_modified = "2023-12-07T21:21:59.000+0000" -> (known after apply)
~ layers = [
- "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages:15",
]
+ s3_bucket = "forms-staging-lambda-code"
+ s3_key = "cognito_email_sender_code"
+ s3_object_version = (known after apply)
~ source_code_hash = "Au9QF/JOavDRQ5VevDLPhwxxPe8omiNw08gEHhHx55Q=" -> "41nQbe/QQlIpDMWFvFyyYdw6y3b+Zg/PLBtYnf4qSbg="
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
~ environment {
~ variables = {
~ "NOTIFY_API_KEY" = (sensitive value)
# (3 unchanged elements hidden)
}
}
# (2 unchanged blocks hidden)
}
# aws_lambda_function.cognito_pre_sign_up will be updated in-place
~ resource "aws_lambda_function" "cognito_pre_sign_up" {
id = "Cognito_Pre_Sign_Up"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lambda_layer_version.cognito_email_sender_nodejs will be destroyed
# (because aws_lambda_layer_version.cognito_email_sender_nodejs is not in configuration)
- resource "aws_lambda_layer_version" "cognito_email_sender_nodejs" {
- arn = "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages:15" -> null
- compatible_architectures = [] -> null
- compatible_runtimes = [
- "nodejs18.x",
] -> null
- created_date = "2023-12-07T21:21:58.576+0000" -> null
- filename = "/tmp/cognito_email_sender_nodejs.zip" -> null
- id = "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages:15" -> null
- layer_arn = "arn:aws:lambda:ca-central-1:687401027353:layer:cognito_email_sender_node_packages" -> null
- layer_name = "cognito_email_sender_node_packages" -> null
- skip_destroy = false -> null
- source_code_hash = "ds9qa4ZKrb4ykZpLYXSUy9muksxn2P5zC1R84FonZQE=" -> null
- source_code_size = 4952580 -> null
- version = "15" -> null
}
# aws_s3_object.cognito_email_sender_code will be created
+ resource "aws_s3_object" "cognito_email_sender_code" {
+ acl = (known after apply)
+ bucket = "forms-staging-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = (known after apply)
+ etag = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ key = "cognito_email_sender_code"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "/tmp/cognito_email_sender.zip"
+ source_hash = "41nQbe/QQlIpDMWFvFyyYdw6y3b+Zg/PLBtYnf4qSbg="
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_secretsmanager_secret.cognito_notify_api_key will be destroyed
# (because aws_secretsmanager_secret.cognito_notify_api_key is not in configuration)
- resource "aws_secretsmanager_secret" "cognito_notify_api_key" {
- arn = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:cognito_notify_api_key-RFNlh9" -> null
- force_overwrite_replica_secret = false -> null
- id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:cognito_notify_api_key-RFNlh9" -> null
- name = "cognito_notify_api_key" -> null
- recovery_window_in_days = 0 -> null
- tags = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
}
# aws_secretsmanager_secret_version.cognito_notify_api_key will be destroyed
# (because aws_secretsmanager_secret_version.cognito_notify_api_key is not in configuration)
- resource "aws_secretsmanager_secret_version" "cognito_notify_api_key" {
- arn = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:cognito_notify_api_key-RFNlh9" -> null
- id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:cognito_notify_api_key-RFNlh9|23C81AA7-F8FF-49CC-9C61-7EE78C295BF3" -> null
- secret_id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:cognito_notify_api_key-RFNlh9" -> null
- secret_string = (sensitive value) -> null
- version_id = "23C81AA7-F8FF-49CC-9C61-7EE78C295BF3" -> null
- version_stages = [
- "AWSCURRENT",
] -> null
}
Plan: 2 to add, 12 to change, 3 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_cognito_user_pool.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_userpool_import_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_userpool_import"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cognito_encryption"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.cognito_email_sender_code"]
33 tests, 19 passed, 14 warnings, 0 failures, 0 exceptions
|
Staging: network✅ Terraform Init: Plan: 0 to add, 38 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
<= read (data resources)
Terraform will perform the following actions:
# data.aws_subnets.ecr_endpoint_available will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_subnets" "ecr_endpoint_available" {
+ id = (known after apply)
+ ids = (known after apply)
+ tags = (known after apply)
+ filter {
+ name = "availability-zone"
+ values = [
+ "ca-central-1a",
+ "ca-central-1b",
]
}
+ filter {
+ name = "tag:Access"
+ values = [
+ "private",
]
}
+ filter {
+ name = "vpc-id"
+ values = [
+ "vpc-0ad5b3739860129d0",
]
}
}
# data.aws_subnets.lambda_endpoint_available will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_subnets" "lambda_endpoint_available" {
+ id = (known after apply)
+ ids = (known after apply)
+ tags = (known after apply)
+ filter {
+ name = "availability-zone"
+ values = [
+ "ca-central-1a",
+ "ca-central-1b",
]
}
+ filter {
+ name = "tag:Access"
+ values = [
+ "private",
]
}
+ filter {
+ name = "vpc-id"
+ values = [
+ "vpc-0ad5b3739860129d0",
]
}
}
# aws_cloudwatch_log_group.vpc_flow_logs will be destroyed
# (because aws_cloudwatch_log_group.vpc_flow_logs is not in configuration)
- resource "aws_cloudwatch_log_group" "vpc_flow_logs" {
- arn = "arn:aws:logs:ca-central-1:687401027353:log-group:vpc_flow_logs" -> null
- id = "vpc_flow_logs" -> null
- kms_key_id = "arn:aws:kms:ca-central-1:687401027353:key/c5c2a1c2-c092-4fa1-8daf-3414f3511b1d" -> null
- log_group_class = "STANDARD" -> null
- name = "vpc_flow_logs" -> null
- retention_in_days = 30 -> null
- skip_destroy = false -> null
- tags = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
}
# aws_default_network_acl.forms will be updated in-place
~ resource "aws_default_network_acl" "forms" {
id = "acl-004451ef1c6e2e7b3"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_default_security_group.default will be updated in-place
~ resource "aws_default_security_group" "default" {
id = "sg-06ad51c0e76cddc4a"
name = "default"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_eip.forms_natgw[0] will be updated in-place
~ resource "aws_eip" "forms_natgw" {
id = "eipalloc-0ce0201971427c2e6"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms NAT GW 0"
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
}
# aws_eip.forms_natgw[1] will be updated in-place
~ resource "aws_eip" "forms_natgw" {
id = "eipalloc-0143a0c87b6433c89"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms NAT GW 1"
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
}
# aws_eip.forms_natgw[2] will be updated in-place
~ resource "aws_eip" "forms_natgw" {
id = "eipalloc-0e8b0be9185744553"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms NAT GW 2"
- "Terraform" = "true" -> null
}
# (12 unchanged attributes hidden)
}
# aws_flow_log.vpc_flow_logs will be updated in-place
~ resource "aws_flow_log" "vpc_flow_logs" {
id = "fl-0f9a5d10bc36116b4"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_internet_gateway.forms will be updated in-place
~ resource "aws_internet_gateway" "forms" {
id = "igw-0aca6f076a25af86f"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms"
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
# aws_nat_gateway.forms[0] will be updated in-place
~ resource "aws_nat_gateway" "forms" {
id = "nat-0bc32e0a102af6307"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms NAT GW"
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_nat_gateway.forms[1] will be updated in-place
~ resource "aws_nat_gateway" "forms" {
id = "nat-0e15bed048be78449"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms NAT GW"
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_nat_gateway.forms[2] will be updated in-place
~ resource "aws_nat_gateway" "forms" {
id = "nat-0baf8923e7bdf4142"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms NAT GW"
- "Terraform" = "true" -> null
}
# (11 unchanged attributes hidden)
}
# aws_route_table.forms_private_subnet[0] will be updated in-place
~ resource "aws_route_table" "forms_private_subnet" {
id = "rtb-0d0dcc10e0337defc"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Private Subnet Route Table 0"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_route_table.forms_private_subnet[1] will be updated in-place
~ resource "aws_route_table" "forms_private_subnet" {
id = "rtb-01369399800d358a6"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Private Subnet Route Table 1"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_route_table.forms_private_subnet[2] will be updated in-place
~ resource "aws_route_table" "forms_private_subnet" {
id = "rtb-04b278f0a8c5085e2"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Private Subnet Route Table 2"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_route_table.forms_public_subnet will be updated in-place
~ resource "aws_route_table" "forms_public_subnet" {
id = "rtb-03b4c5e3b272ae847"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Public Subnet Route Table"
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_security_group.forms will be updated in-place
~ resource "aws_security_group" "forms" {
id = "sg-0328cae235e1dce04"
name = "forms"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_database will be updated in-place
~ resource "aws_security_group" "forms_database" {
id = "sg-0b80bb714d886b8ff"
name = "forms-database"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_egress will be updated in-place
~ resource "aws_security_group" "forms_egress" {
id = "sg-06faff681ed323d48"
name = "egress-anywhere"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_load_balancer will be updated in-place
~ resource "aws_security_group" "forms_load_balancer" {
id = "sg-0c736123950cab80f"
name = "forms-load-balancer"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.forms_redis will be updated in-place
~ resource "aws_security_group" "forms_redis" {
id = "sg-092fddfbbac0e15aa"
name = "forms-redis"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_security_group.privatelink will be updated in-place
~ resource "aws_security_group" "privatelink" {
id = "sg-089a83b7d81dff031"
name = "privatelink"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (8 unchanged attributes hidden)
}
# aws_subnet.forms_private[0] will be updated in-place
~ resource "aws_subnet" "forms_private" {
id = "subnet-0af8e6e3cf80f582d"
~ tags = {
"Access" = "private"
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Private Subnet 01"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_private[1] will be updated in-place
~ resource "aws_subnet" "forms_private" {
id = "subnet-07f9debd31e48ce64"
~ tags = {
"Access" = "private"
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Private Subnet 02"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_private[2] will be updated in-place
~ resource "aws_subnet" "forms_private" {
id = "subnet-07e38df0760d389d1"
~ tags = {
"Access" = "private"
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Private Subnet 03"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_public[0] will be updated in-place
~ resource "aws_subnet" "forms_public" {
id = "subnet-04d5fe34c570252ad"
~ tags = {
"Access" = "public"
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Public Subnet 01"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_public[1] will be updated in-place
~ resource "aws_subnet" "forms_public" {
id = "subnet-02f5e1518cb9b8687"
~ tags = {
"Access" = "public"
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Public Subnet 02"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_subnet.forms_public[2] will be updated in-place
~ resource "aws_subnet" "forms_public" {
id = "subnet-0db171c9d80cdcc04"
~ tags = {
"Access" = "public"
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "Public Subnet 03"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
}
# aws_vpc.forms will be updated in-place
~ resource "aws_vpc" "forms" {
id = "vpc-0ad5b3739860129d0"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms"
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
}
# aws_vpc_endpoint.dynamodb will be updated in-place
~ resource "aws_vpc_endpoint" "dynamodb" {
id = "vpce-0e90d00c8982f3214"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
}
# aws_vpc_endpoint.ecr-api will be updated in-place
~ resource "aws_vpc_endpoint" "ecr-api" {
id = "vpce-0f8b77a6125301728"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.ecr-dkr will be updated in-place
~ resource "aws_vpc_endpoint" "ecr-dkr" {
id = "vpce-0fbeebefef817d1a0"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.kms will be updated in-place
~ resource "aws_vpc_endpoint" "kms" {
id = "vpce-0a56c61b83367ea1b"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.lambda will be updated in-place
~ resource "aws_vpc_endpoint" "lambda" {
id = "vpce-0212293ce2297685e"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.logs will be updated in-place
~ resource "aws_vpc_endpoint" "logs" {
id = "vpce-0fa2ded3f95d2f4f3"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.monitoring will be updated in-place
~ resource "aws_vpc_endpoint" "monitoring" {
id = "vpce-094a12a5fda8108b7"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.rds will be updated in-place
~ resource "aws_vpc_endpoint" "rds" {
id = "vpce-088d1dcbaa25a6ae9"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.s3 will be updated in-place
~ resource "aws_vpc_endpoint" "s3" {
id = "vpce-09c5d010a62ee38bc"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
}
# aws_vpc_endpoint.secretsmanager will be updated in-place
~ resource "aws_vpc_endpoint" "secretsmanager" {
id = "vpce-0c55ab19810ed3c1b"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_vpc_endpoint.sqs will be updated in-place
~ resource "aws_vpc_endpoint" "sqs" {
id = "vpce-087b7c5387d508856"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 38 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_default_network_acl.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_default_security_group.default"]
WARN - plan.json - main - Missing Common Tags: ["aws_eip.forms_natgw[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_eip.forms_natgw[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_eip.forms_natgw[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_flow_log.vpc_flow_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_internet_gateway.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_nat_gateway.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_nat_gateway.forms[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_nat_gateway.forms[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_private_subnet[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_private_subnet[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_private_subnet[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_route_table.forms_public_subnet"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_database"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_egress"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_load_balancer"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.forms_redis"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.privatelink"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_private[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_private[1]"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_private[2]"]
WARN - plan.json - main - Missing Common Tags: ["aws_subnet.forms_public[0]"]
WARN - plan.json - main - Missing Common Tags:... |
Staging: dynamodb✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_dynamodb_table.audit_logs will be updated in-place
~ resource "aws_dynamodb_table" "audit_logs" {
id = "AuditLogs"
name = "AuditLogs"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
# (7 unchanged blocks hidden)
}
# aws_dynamodb_table.reliability_queue will be updated in-place
~ resource "aws_dynamodb_table" "reliability_queue" {
id = "ReliabilityQueue"
name = "ReliabilityQueue"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_dynamodb_table.vault will be updated in-place
~ resource "aws_dynamodb_table" "vault" {
id = "Vault"
name = "Vault"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (13 unchanged attributes hidden)
# (11 unchanged blocks hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.reliability_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.vault"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Staging: load_balancer✅ Terraform Init: Plan: 12 to add, 18 to change, 13 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
# data.aws_iam_policy_document.allow_cloudfront_to_access_static_website_in_s3 will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "allow_cloudfront_to_access_static_website_in_s3" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "s3:GetObject",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ principals {
+ identifiers = [
+ "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2PGE1KRH6OS33",
]
+ type = "AWS"
}
}
}
# aws_acm_certificate.form_viewer will be updated in-place
~ resource "aws_acm_certificate" "form_viewer" {
id = "arn:aws:acm:ca-central-1:687401027353:certificate/e0d9fd55-738a-4ab6-bfda-1ecacec99b06"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_acm_certificate.form_viewer_maintenance_mode will be updated in-place
~ resource "aws_acm_certificate" "form_viewer_maintenance_mode" {
id = "arn:aws:acm:us-east-1:687401027353:certificate/477e3f0d-675e-4c4b-822e-866d482d4928"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_cloudfront_distribution.maintenance_mode will be updated in-place
~ resource "aws_cloudfront_distribution" "maintenance_mode" {
id = "E2NX6QAIR13JTM"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (21 unchanged attributes hidden)
- origin {
- connection_attempts = 3 -> null
- connection_timeout = 10 -> null
- domain_name = "gc-forms-application-maintenance-page.s3.ca-central-1.amazonaws.com" -> null
- origin_id = "MaintenanceMode" -> null
- s3_origin_config {
- origin_access_identity = "origin-access-identity/cloudfront/E2PGE1KRH6OS33" -> null
}
}
+ origin {
+ connection_attempts = 3
+ connection_timeout = 10
+ domain_name = (known after apply)
+ origin_id = "MaintenanceMode"
+ s3_origin_config {
+ origin_access_identity = "origin-access-identity/cloudfront/E2PGE1KRH6OS33"
}
}
# (3 unchanged blocks hidden)
}
# aws_iam_role.firehose_waf_logs will be updated in-place
~ resource "aws_iam_role" "firehose_waf_logs" {
id = "firehose_waf_logs"
name = "firehose_waf_logs"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_kinesis_firehose_delivery_stream.firehose_waf_logs will be updated in-place
~ resource "aws_kinesis_firehose_delivery_stream" "firehose_waf_logs" {
id = "arn:aws:firehose:ca-central-1:687401027353:deliverystream/aws-waf-logs-forms"
name = "aws-waf-logs-forms"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lb.form_viewer will be updated in-place
~ resource "aws_lb" "form_viewer" {
id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:loadbalancer/app/form-viewer/5e6bc2d9ab810b68"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "form_viewer"
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (5 unchanged blocks hidden)
}
# aws_lb_listener.form_viewer_http will be updated in-place
~ resource "aws_lb_listener" "form_viewer_http" {
id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:listener/app/form-viewer/5e6bc2d9ab810b68/d6a2d118e3e0e216"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lb_listener.form_viewer_https will be updated in-place
~ resource "aws_lb_listener" "form_viewer_https" {
id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:listener/app/form-viewer/5e6bc2d9ab810b68/028e8eeeed9c3a34"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (7 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lb_target_group.form_viewer_1 will be updated in-place
~ resource "aws_lb_target_group" "form_viewer_1" {
id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:targetgroup/form-viewer/decb39cad732d3d4"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "form_viewer_1"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_lb_target_group.form_viewer_2 will be updated in-place
~ resource "aws_lb_target_group" "form_viewer_2" {
id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:targetgroup/form-viewer-2/9cd62fabd5d34460"
name = "form-viewer-2"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "form_viewer_2"
- "Terraform" = "true" -> null
}
# (16 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_s3_bucket.firehose_waf_logs will be destroyed
# (because aws_s3_bucket.firehose_waf_logs is not in configuration)
- resource "aws_s3_bucket" "firehose_waf_logs" {
- acl = "private" -> null
- arn = "arn:aws:s3:::forms-staging-terraform-waf-logs" -> null
- bucket = "forms-staging-terraform-waf-logs" -> null
- bucket_domain_name = "forms-staging-terraform-waf-logs.s3.amazonaws.com" -> null
- bucket_regional_domain_name = "forms-staging-terraform-waf-logs.s3.ca-central-1.amazonaws.com" -> null
- force_destroy = false -> null
- hosted_zone_id = "Z1QDHH18159H29" -> null
- id = "forms-staging-terraform-waf-logs" -> null
- object_lock_enabled = false -> null
- region = "ca-central-1" -> null
- request_payer = "BucketOwner" -> null
- tags = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
- grant {
- id = "8ee828b5522b38b6797b8f886ed0b30f039d4eaa7ea331fa60669a6e0352d7e5" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- lifecycle_rule {
- abort_incomplete_multipart_upload_days = 0 -> null
- enabled = true -> null
- id = "tf-s3-lifecycle-20211112190024126200000001" -> null
- tags = {} -> null
- expiration {
- days = 90 -> null
- expired_object_delete_marker = false -> null
}
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = false -> null
- mfa_delete = false -> null
}
}
# aws_s3_bucket.maintenance_mode must be replaced
-/+ resource "aws_s3_bucket" "maintenance_mode" {
+ acceleration_status = (known after apply)
~ acl = "private" -> (known after apply)
~ arn = "arn:aws:s3:::gc-forms-application-maintenance-page" -> (known after apply)
~ bucket = "gc-forms-application-maintenance-page" -> "gc-forms-staging-application-maintenance-page" # forces replacement
~ bucket_domain_name = "gc-forms-application-maintenance-page.s3.amazonaws.com" -> (known after apply)
+ bucket_prefix = (known after apply)
~ bucket_regional_domain_name = "gc-forms-application-maintenance-page.s3.ca-central-1.amazonaws.com" -> (known after apply)
~ hosted_zone_id = "Z1QDHH18159H29" -> (known after apply)
~ id = "gc-forms-application-maintenance-page" -> (known after apply)
~ object_lock_enabled = false -> (known after apply)
~ policy = jsonencode(
{
- Statement = [
- {
- Action = "s3:GetObject"
- Effect = "Allow"
- Principal = {
- AWS = "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2PGE1KRH6OS33"
}
- Resource = "arn:aws:s3:::gc-forms-application-maintenance-page/*"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
~ region = "ca-central-1" -> (known after apply)
~ request_payer = "BucketOwner" -> (known after apply)
- tags = {
- "CostCentre" = "forms-platform-staging"
- "Terraform" = "true"
} -> null
~ website_domain = "s3-website.ca-central-1.amazonaws.com" -> (known after apply)
~ website_endpoint = "gc-forms-application-maintenance-page.s3-website.ca-central-1.amazonaws.com" -> (known after apply)
# (2 unchanged attributes hidden)
- grant {
- id = "8ee828b5522b38b6797b8f886ed0b30f039d4eaa7ea331fa60669a6e0352d7e5" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = false -> null
- mfa_delete = false -> null
}
- website {
- index_document = "index.html" -> null
}
}
# aws_s3_bucket_acl.maintenance_mode must be replaced
-/+ resource "aws_s3_bucket_acl" "maintenance_mode" {
~ bucket = "gc-forms-application-maintenance-page" # forces replacement -> (known after apply) # forces replacement
~ id = "gc-forms-application-maintenance-page,private" -> (known after apply)
# (1 unchanged attribute hidden)
- access_control_policy {
- grant {
- permission = "FULL_CONTROL" -> null
- grantee {
- id = "8ee828b5522b38b6797b8f886ed0b30f039d4eaa7ea331fa60669a6e0352d7e5" -> null
- type = "CanonicalUser" -> null
}
}
- owner {
- id = "8ee828b5522b38b6797b8f886ed0b30f039d4eaa7ea331fa60669a6e0352d7e5" -> null
}
}
}
# aws_s3_bucket_object.maintenance_static_page_css_files["style.css"] will be destroyed
# (because aws_s3_bucket_object.maintenance_static_page_css_files is not in configuration)
- resource "aws_s3_bucket_object" "maintenance_static_page_css_files" {
- acl = "private" -> null
- bucket = "gc-forms-application-maintenance-page" -> null
- bucket_key_enabled = false -> null
- content_type = "text/css" -> null
- etag = "92fa1c75f720e83330756f94b06aa8bf" -> null
- force_destroy = false -> null
- id = "style.css" -> null
- key = "style.css" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "./static_website/style.css" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_s3_bucket_object.maintenance_static_page_html_files["index-fr.html"] will be destroyed
# (because aws_s3_bucket_object.maintenance_static_page_html_files is not in configuration)
- resource "aws_s3_bucket_object" "maintenance_static_page_html_files" {
- acl = "private" -> null
- bucket = "gc-forms-application-maintenance-page" -> null
- bucket_key_enabled = false -> null
- content_type = "text/html" -> null
- etag = "5c195ef016b9e898437a543aba2301ac" -> null
- force_destroy = false -> null
- id = "index-fr.html" -> null
- key = "index-fr.html" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "./static_website/index-fr.html" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_s3_bucket_object.maintenance_static_page_html_files["index.html"] will be destroyed
# (because aws_s3_bucket_object.maintenance_static_page_html_files is not in configuration)
- resource "aws_s3_bucket_object" "maintenance_static_page_html_files" {
- acl = "private" -> null
- bucket = "gc-forms-application-maintenance-page" -> null
- bucket_key_enabled = false -> null
- content_type = "text/html" -> null
- etag = "f15e6aa2fd75c9b6b97d93d2b1fedfbd" -> null
- force_destroy = false -> null
- id = "index.html" -> null
- key = "index.html" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "./static_website/index.html" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_s3_bucket_object.maintenance_static_page_ico_files["favicon.ico"] will be destroyed
# (because aws_s3_bucket_object.maintenance_static_page_ico_files is not in configuration)
- resource "aws_s3_bucket_object" "maintenance_static_page_ico_files" {
- acl = "private" -> null
- bucket = "gc-forms-application-maintenance-page" -> null
- bucket_key_enabled = false -> null
- content_type = "image/png" -> null
- etag = "58bd7822fbbd5642104beae2b25a1b5b" -> null
- force_destroy = false -> null
- id = "favicon.ico" -> null
- key = "favicon.ico" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "./static_website/favicon.ico" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_s3_bucket_object.maintenance_static_page_svg_files["site-unavailable.svg"] will be destroyed
# (because aws_s3_bucket_object.maintenance_static_page_svg_files is not in configuration)
- resource "aws_s3_bucket_object" "maintenance_static_page_svg_files" {
- acl = "private" -> null
- bucket = "gc-forms-application-maintenance-page" -> null
- bucket_key_enabled = false -> null
- content_type = "image/svg+xml" -> null
- etag = "1d263a8e324e88ea09c9b630de277c45" -> null
- force_destroy = false -> null
- id = "site-unavailable.svg" -> null
- key = "site-unavailable.svg" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "./static_website/site-unavailable.svg" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_s3_bucket_ownership_controls.maintenance_mode will be created
+ resource "aws_s3_bucket_ownership_controls" "maintenance_mode" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_policy.allow_cloudfront_to_access_static_website_in_s3 must be replaced
-/+ resource "aws_s3_bucket_policy" "allow_cloudfront_to_access_static_website_in_s3" {
~ bucket = "gc-forms-application-maintenance-page" # forces replacement -> (known after apply) # forces replacement
~ id = "gc-forms-application-maintenance-page" -> (known after apply)
~ policy = jsonencode(
{
- Statement = [
- {
- Action = "s3:GetObject"
- Effect = "Allow"
- Principal = {
- AWS = "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2PGE1KRH6OS33"
}
- Resource = "arn:aws:s3:::gc-forms-application-maintenance-page/*"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
}
# aws_s3_bucket_public_access_block.firehose_waf_logs will be destroyed
# (because aws_s3_bucket_public_access_block.firehose_waf_logs is not in configuration)
- resource "aws_s3_bucket_public_access_block" "firehose_waf_logs" {
- block_public_acls = true -> null
- block_public_policy = true -> null
- bucket = "forms-staging-terraform-waf-logs" -> null
- id = "forms-staging-terraform-waf-logs" -> null
- ignore_public_acls = true -> null
- restrict_public_buckets = true -> null
}
# aws_s3_bucket_public_access_block.maintenance_mode must be replaced
-/+ resource "aws_s3_bucket_public_access_block" "maintenance_mode" {
~ bucket = "gc-forms-application-maintenance-page" # forces replacement -> (known after apply) # forces replacement
~ id = "gc-forms-application-maintenance-page" -> (known after apply)
# (4 unchanged attributes hidden)
}
# aws_s3_bucket_server_side_encryption_configuration.maintenance_mode must be replaced
-/+ resource "aws_s3_bucket_server_side_encryption_configuration" "maintenance_mode" {
~ bucket = "gc-forms-application-maintenance-page" # forces replacement -> (known after apply) # forces replacement
~ id = "gc-forms-application-maintenance-page" -> (known after apply)
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# aws_s3_bucket_website_configuration.maintenance_mode must be replaced
-/+ resource "aws_s3_bucket_website_configuration" "maintenance_mode" {
~ bucket = "gc-forms-application-maintenance-page" # forces replacement -> (known after apply) # forces replacement
~ id = "gc-forms-application-maintenance-page" -> (known after apply)
+ routing_rules = (known after apply)
~ website_domain = "s3-website.ca-central-1.amazonaws.com" -> (known after apply)
~ website_endpoint = "gc-forms-application-maintenance-page.s3-website.ca-central-1.amazonaws.com" -> (known after apply)
# (1 unchanged block hidden)
}
# aws_s3_object.maintenance_static_page_css_files["style.css"] will be created
+ resource "aws_s3_object" "maintenance_static_page_css_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "text/css"
+ etag = "92fa1c75f720e83330756f94b06aa8bf"
+ force_destroy = false
+ id = (known after apply)
+ key = "style.css"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/style.css"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_html_files["index-fr.html"] will be created
+ resource "aws_s3_object" "maintenance_static_page_html_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "text/html"
+ etag = "5c195ef016b9e898437a543aba2301ac"
+ force_destroy = false
+ id = (known after apply)
+ key = "index-fr.html"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/index-fr.html"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_html_files["index.html"] will be created
+ resource "aws_s3_object" "maintenance_static_page_html_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "text/html"
+ etag = "f15e6aa2fd75c9b6b97d93d2b1fedfbd"
+ force_destroy = false
+ id = (known after apply)
+ key = "index.html"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/index.html"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_ico_files["favicon.ico"] will be created
+ resource "aws_s3_object" "maintenance_static_page_ico_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "image/png"
+ etag = "58bd7822fbbd5642104beae2b25a1b5b"
+ force_destroy = false
+ id = (known after apply)
+ key = "favicon.ico"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/favicon.ico"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.maintenance_static_page_svg_files["site-unavailable.svg"] will be created
+ resource "aws_s3_object" "maintenance_static_page_svg_files" {
+ acl = (known after apply)
+ bucket = (known after apply)
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = "image/svg+xml"
+ etag = "1d263a8e324e88ea09c9b630de277c45"
+ force_destroy = false
+ id = (known after apply)
+ key = "site-unavailable.svg"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "./static_website/site-unavailable.svg"
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_shield_protection.alb will be updated in-place
~ resource "aws_shield_protection" "alb" {
id = "0cca3ef1-8edc-4180-8740-febba699a5b2"
name = "LoadBalancer"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (3 unchanged attributes hidden)
}
# aws_shield_protection.route53_hosted_zone[0] will be updated in-place
~ resource "aws_shield_protection" "route53_hosted_zone" {
id = "84aef9e9-74ea-4dfc-bc40-ff3f3ca3700c"
name = "Route53HostedZone"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (3 unchanged attributes hidden)
}
# aws_wafv2_regex_pattern_set.cognito_login_paths will be updated in-place
~ resource "aws_wafv2_regex_pattern_set" "cognito_login_paths" {
id = "06fb5625-dab4-4133-ab2d-2e618dd01c47"
name = "cognito_login_paths"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_wafv2_regex_pattern_set.forms_base_url will be updated in-place
~ resource "aws_wafv2_regex_pattern_set" "forms_base_url" {
id = "92da9411-8b49-4c9e-b80f-ac7ea482f3d1"
name = "forms_base_url"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_wafv2_regex_pattern_set.valid_app_uri_paths will be updated in-place
~ resource "aws_wafv2_regex_pattern_set"...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer_maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudfront_distribution.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_kinesis_firehose_delivery_stream.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_http"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_https"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_1"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_2"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_css_files[\"style.css\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index-fr.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_ico_files[\"favicon.ico\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_svg_files[\"site-unavailable.svg\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.alb"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.route53_hosted_zone[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.cognito_login_paths"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.forms_base_url"]
WARN - plan.json - main - Missing Common Tags:... |
Staging: redis✅ Terraform Init: Plan: 0 to add, 2 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_elasticache_replication_group.redis will be updated in-place
~ resource "aws_elasticache_replication_group" "redis" {
id = "gcforms-redis-rep-group"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (33 unchanged attributes hidden)
}
# aws_elasticache_subnet_group.redis will be updated in-place
~ resource "aws_elasticache_subnet_group" "redis" {
id = "redis-subnet-group"
name = "redis-subnet-group"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (4 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_elasticache_replication_group.redis"]
WARN - plan.json - main - Missing Common Tags: ["aws_elasticache_subnet_group.redis"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
Staging: rds✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_rds_cluster.forms will be updated in-place
~ resource "aws_rds_cluster" "forms" {
~ copy_tags_to_snapshot = false -> true
id = "forms-staging-db-cluster"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
"Name" = "forms-staging-db-cluster"
- "Terraform" = "true" -> null
}
# (39 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_secretsmanager_secret.database_secret will be updated in-place
~ resource "aws_secretsmanager_secret" "database_secret" {
+ force_overwrite_replica_secret = false
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:database-secret-vHJuTe"
name = "database-secret"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (2 unchanged attributes hidden)
}
# aws_secretsmanager_secret.database_url will be updated in-place
~ resource "aws_secretsmanager_secret" "database_url" {
+ force_overwrite_replica_secret = false
id = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:server-database-url-0PSpE3"
name = "server-database-url"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (2 unchanged attributes hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_rds_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.database_secret"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.database_url"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Staging: app✅ Terraform Init: Plan: 1 to add, 14 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# data.template_file.form_viewer_task will be read during apply
# (depends on a resource or a module with changes pending)
<= data "template_file" "form_viewer_task" {
+ id = (known after apply)
+ rendered = (known after apply)
+ template = jsonencode(
[
+ {
+ environment = [
+ {
+ name = "METRIC_PROVIDER"
+ value = "${metric_provider}"
},
+ {
+ name = "TRACER_PROVIDER"
+ value = "${tracer_provider}"
},
+ {
+ name = "NEXTAUTH_URL"
+ value = "${nextauth_url}"
},
+ {
+ name = "REDIS_URL"
+ value = "${redis_url}"
},
+ {
+ name = "RELIABILITY_FILE_STORAGE"
+ value = "${reliability_file_storage}"
},
+ {
+ name = "RECAPTCHA_V3_SITE_KEY"
+ value = "${recaptcha_public}"
},
+ {
+ name = "TEMPORARY_TOKEN_TEMPLATE_ID"
+ value = "${gc_temp_token_template_id}"
},
+ {
+ name = "TEMPLATE_ID"
+ value = "${gc_template_id}"
},
+ {
+ name = "VAULT_FILE_STORAGE"
+ value = "${vault_file_storage}"
},
+ {
+ name = "COGNITO_ENDPOINT_URL"
+ value = "${cognito_endpoint_url}"
},
+ {
+ name = "COGNITO_CLIENT_ID"
+ value = "${cognito_client_id}"
},
+ {
+ name = "EMAIL_ADDRESS_CONTACT_US"
+ value = "${email_address_contact_us}"
},
+ {
+ name = "EMAIL_ADDRESS_SUPPORT"
+ value = "${email_address_support}"
},
+ {
+ name = "REPROCESS_SUBMISSION_QUEUE_URL"
+ value = "${reprocess_submission_queue}"
},
+ {
+ name = "AUDIT_LOG_QUEUE_URL"
+ value = "${audit_log_queue_url}"
},
]
+ image = "${image}"
+ linuxParameters = {
+ capabilities = {
+ drop = [
+ "ALL",
]
}
}
+ logConfiguration = {
+ logDriver = "awslogs"
+ options = {
+ awslogs-group = "${awslogs-group}"
+ awslogs-region = "${awslogs-region}"
+ awslogs-stream-prefix = "${awslogs-stream-prefix}"
}
}
+ name = "form_viewer"
+ portMappings = [
+ {
+ containerPort = 3000
},
]
+ secrets = [
+ {
+ name = "NOTIFY_API_KEY"
+ valueFrom = "${notify_api_key}"
},
+ {
+ name = "RECAPTCHA_V3_SECRET_KEY"
+ valueFrom = "${recaptcha_secret}"
},
+ {
+ name = "DATABASE_URL"
+ valueFrom = "${database_url}"
},
+ {
+ name = "TOKEN_SECRET"
+ valueFrom = "${token_secret}"
},
+ {
+ name = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
+ valueFrom = "${gc_notify_callback_bearer_token}"
},
+ {
+ name = "FRESHDESK_API_KEY"
+ valueFrom = "${freshdesk_api_key}"
},
]
},
]
)
+ vars = {
+ "audit_log_queue_url" = "https://sqs.ca-central-1.amazonaws.com/687401027353/audit_log_queue"
+ "awslogs-group" = "Forms"
+ "awslogs-region" = "ca-central-1"
+ "awslogs-stream-prefix" = "ecs-form-viewer"
+ "cognito_client_id" = "17bsg3b2b7q5snon007rru264u"
+ "cognito_endpoint_url" = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_Cguq9JNQ1"
+ "database_url" = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:server-database-url-0PSpE3"
+ "email_address_contact_us" = "assistance+forms-formulaires@cds-snc.ca"
+ "email_address_support" = "assistance+forms-formulaires@cds-snc.ca"
+ "freshdesk_api_key" = (sensitive value)
+ "gc_notify_callback_bearer_token" = (sensitive value)
+ "gc_temp_token_template_id" = "b6885d06-d10a-422a-973f-05e274d9aa86"
+ "gc_template_id" = "8d597a1b-a1d6-4e3c-8421-042a2b4158b7"
+ "image" = "687401027353.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_staging"
+ "metric_provider" = "stdout"
+ "nextauth_url" = "https://forms-staging.cdssandbox.xyz"
+ "notify_api_key" = (sensitive value)
+ "recaptcha_public" = "6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY"
+ "recaptcha_secret" = (sensitive value)
+ "redis_url" = "gcforms-redis-rep-group.uwpetx.ng.0001.cac1.cache.amazonaws.com"
+ "reliability_file_storage" = "forms-staging-reliability-file-storage"
+ "reprocess_submission_queue" = "https://sqs.ca-central-1.amazonaws.com/687401027353/reprocess_submission_queue.fifo"
+ "token_secret" = (sensitive value)
+ "tracer_provider" = "stdout"
+ "vault_file_storage" = "forms-staging-vault-file-storage"
}
}
# aws_appautoscaling_target.forms[0] will be updated in-place
~ resource "aws_appautoscaling_target" "forms" {
id = "service/arn:aws:ecs:ca-central-1:687401027353:cluster/Forms/form-viewer"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (6 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.forms will be updated in-place
~ resource "aws_cloudwatch_log_group" "forms" {
id = "Forms"
name = "Forms"
~ retention_in_days = 90 -> 731
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_codedeploy_app.app will be updated in-place
~ resource "aws_codedeploy_app" "app" {
id = "0f72daa1-71c1-447c-8688-f0bce16d40d5:AppECS-Forms-form-viewer"
name = "AppECS-Forms-form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_codedeploy_deployment_group.app will be updated in-place
~ resource "aws_codedeploy_deployment_group" "app" {
id = "65eae5e8-0f0d-46c8-8f2b-712fa56ecd0a"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (10 unchanged attributes hidden)
# (5 unchanged blocks hidden)
}
# aws_ecs_cluster.forms will be updated in-place
~ resource "aws_ecs_cluster" "forms" {
id = "arn:aws:ecs:ca-central-1:687401027353:cluster/Forms"
name = "Forms"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (2 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_ecs_service.form_viewer will be updated in-place
~ resource "aws_ecs_service" "form_viewer" {
id = "arn:aws:ecs:ca-central-1:687401027353:service/Forms/form-viewer"
name = "form-viewer"
~ platform_version = "1.4.0" -> "LATEST"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_ecs_task_definition.form_viewer will be created
+ resource "aws_ecs_task_definition" "form_viewer" {
+ arn = (known after apply)
+ arn_without_revision = (known after apply)
+ container_definitions = (known after apply)
+ cpu = "2048"
+ execution_role_arn = "arn:aws:iam::687401027353:role/form-viewer"
+ family = "form-viewer"
+ id = (known after apply)
+ memory = "4096"
+ network_mode = "awsvpc"
+ requires_compatibilities = [
+ "FARGATE",
]
+ revision = (known after apply)
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ task_role_arn = "arn:aws:iam::687401027353:role/form-viewer"
}
# aws_iam_policy.cognito will be updated in-place
~ resource "aws_iam_policy" "cognito" {
id = "arn:aws:iam::687401027353:policy/cognito"
name = "cognito"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.forms_dynamodb will be updated in-place
~ resource "aws_iam_policy" "forms_dynamodb" {
id = "arn:aws:iam::687401027353:policy/forms_dynamodb"
name = "forms_dynamodb"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.forms_kms will be updated in-place
~ resource "aws_iam_policy" "forms_kms" {
id = "arn:aws:iam::687401027353:policy/ecs_kms"
name = "ecs_kms"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.forms_s3 will be updated in-place
~ resource "aws_iam_policy" "forms_s3" {
id = "arn:aws:iam::687401027353:policy/formsS3Access"
name = "formsS3Access"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.forms_secrets_manager will be updated in-place
~ resource "aws_iam_policy" "forms_secrets_manager" {
id = "arn:aws:iam::687401027353:policy/formsSecretsManagerKeyRetrieval"
name = "formsSecretsManagerKeyRetrieval"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.forms_sqs will be updated in-place
~ resource "aws_iam_policy" "forms_sqs" {
id = "arn:aws:iam::687401027353:policy/forms_sqs"
name = "forms_sqs"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_role.codedeploy will be updated in-place
~ resource "aws_iam_role" "codedeploy" {
id = "codedeploy"
name = "codedeploy"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_iam_role.forms will be updated in-place
~ resource "aws_iam_role" "forms" {
id = "form-viewer"
name = "form-viewer"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 1 to add, 14 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"]
34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions
|
Staging: lambdas✅ Terraform Init: Plan: 9 to add, 30 to change, 9 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cloudwatch_event_rule.cron_2am_every_day will be updated in-place
~ resource "aws_cloudwatch_event_rule" "cron_2am_every_day" {
id = "every-day-at-2am"
name = "every-day-at-2am"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (6 unchanged attributes hidden)
}
# aws_cloudwatch_event_rule.cron_3am_every_day will be updated in-place
~ resource "aws_cloudwatch_event_rule" "cron_3am_every_day" {
id = "every-day-at-3am"
name = "every-day-at-3am"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (6 unchanged attributes hidden)
}
# aws_cloudwatch_event_rule.cron_4am_every_day will be updated in-place
~ resource "aws_cloudwatch_event_rule" "cron_4am_every_day" {
id = "every-day-at-4am"
name = "every-day-at-4am"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (6 unchanged attributes hidden)
}
# aws_cloudwatch_event_rule.cron_5am_every_business_day will be updated in-place
~ resource "aws_cloudwatch_event_rule" "cron_5am_every_business_day" {
id = "every-business-day-at-5am"
name = "every-business-day-at-5am"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (6 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.archive_form_templates will be updated in-place
~ resource "aws_cloudwatch_log_group" "archive_form_templates" {
id = "/aws/lambda/Archive_Form_Templates"
name = "/aws/lambda/Archive_Form_Templates"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.audit_logs will be updated in-place
~ resource "aws_cloudwatch_log_group" "audit_logs" {
id = "/aws/lambda/Audit_Logs"
name = "/aws/lambda/Audit_Logs"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.dead_letter_queue_consumer will be updated in-place
~ resource "aws_cloudwatch_log_group" "dead_letter_queue_consumer" {
id = "/aws/lambda/Reliability_DLQ_Consumer"
name = "/aws/lambda/Reliability_DLQ_Consumer"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.nagware will be updated in-place
~ resource "aws_cloudwatch_log_group" "nagware" {
id = "/aws/lambda/Nagware"
name = "/aws/lambda/Nagware"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.reliability will be updated in-place
~ resource "aws_cloudwatch_log_group" "reliability" {
id = "/aws/lambda/Reliability"
name = "/aws/lambda/Reliability"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.response_archiver will be updated in-place
~ resource "aws_cloudwatch_log_group" "response_archiver" {
id = "/aws/lambda/Response_Archiver"
name = "/aws/lambda/Response_Archiver"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.submission will be updated in-place
~ resource "aws_cloudwatch_log_group" "submission" {
id = "/aws/lambda/Submission"
name = "/aws/lambda/Submission"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.vault_integrity will be updated in-place
~ resource "aws_cloudwatch_log_group" "vault_integrity" {
id = "/aws/lambda/Vault_Data_Integrity_Check"
name = "/aws/lambda/Vault_Data_Integrity_Check"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_iam_policy.lambda_dynamodb will be updated in-place
~ resource "aws_iam_policy" "lambda_dynamodb" {
id = "arn:aws:iam::687401027353:policy/lambda_dynamobdb"
name = "lambda_dynamobdb"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_kms will be updated in-place
~ resource "aws_iam_policy" "lambda_kms" {
id = "arn:aws:iam::687401027353:policy/lambda_kms"
name = "lambda_kms"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_logging will be updated in-place
~ resource "aws_iam_policy" "lambda_logging" {
id = "arn:aws:iam::687401027353:policy/lambda_logging"
name = "lambda_logging"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_rds will be updated in-place
~ resource "aws_iam_policy" "lambda_rds" {
id = "arn:aws:iam::687401027353:policy/lambda_rds"
name = "lambda_rds"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Action = [
"tag:GetResources",
- "secretsmanager:ListSecrets",
- "secretsmanager:GetRandomPassword",
"secretsmanager:CreateSecret",
# (15 unchanged elements hidden)
]
# (3 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.lambda_s3 will be updated in-place
~ resource "aws_iam_policy" "lambda_s3" {
id = "arn:aws:iam::687401027353:policy/lambda_s3"
name = "lambda_s3"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_secrets will be updated in-place
~ resource "aws_iam_policy" "lambda_secrets" {
id = "arn:aws:iam::687401027353:policy/lambda_secrets"
name = "lambda_secrets"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:database-secret-vHJuTe" -> [
+ "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_api_key-eR3nNp",
+ "arn:aws:secretsmanager:ca-central-1:687401027353:secret:database-secret-vHJuTe",
]
- Sid = ""
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_policy.lambda_sns will be updated in-place
~ resource "aws_iam_policy" "lambda_sns" {
id = "arn:aws:iam::687401027353:policy/lambda_sns"
name = "lambda_sns"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_policy.lambda_sqs will be updated in-place
~ resource "aws_iam_policy" "lambda_sqs" {
id = "arn:aws:iam::687401027353:policy/lambda_sqs"
name = "lambda_sqs"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (6 unchanged attributes hidden)
}
# aws_iam_role.lambda will be updated in-place
~ resource "aws_iam_role" "lambda" {
id = "iam_for_lambda"
name = "iam_for_lambda"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lambda_function.audit_logs will be updated in-place
~ resource "aws_lambda_function" "audit_logs" {
id = "Audit_Logs"
~ last_modified = "2023-12-08T15:00:33.000+0000" -> (known after apply)
~ s3_object_version = "iMfvFxLKoRigCnZVFaJuLTUsn_6RFOu5" -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.form_archiver will be updated in-place
~ resource "aws_lambda_function" "form_archiver" {
id = "Archive_Form_Templates"
~ last_modified = "2023-12-08T15:00:33.000+0000" -> (known after apply)
~ s3_object_version = "j94rcpwyFRwAA7JXRDCDafL85O6hDx2J" -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.nagware will be updated in-place
~ resource "aws_lambda_function" "nagware" {
id = "Nagware"
~ last_modified = "2023-12-14T16:47:42.000+0000" -> (known after apply)
~ s3_object_version = "TvJ2N1_.VVw5oGteCmT4AbDx3ioM1jrD" -> (known after apply)
~ source_code_hash = "OcLo5We0JHv2naLzzmmeTs5+2hTEVT1bAlfB7LuxJFs=" -> "ha3DW+JncgRLWftdc/8u3wFhtA4VJoyDjmcvk7N5xxE="
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (21 unchanged attributes hidden)
~ environment {
~ variables = {
~ "NOTIFY_API_KEY" = (sensitive value)
# (10 unchanged elements hidden)
}
}
# (2 unchanged blocks hidden)
}
# aws_lambda_function.reliability will be updated in-place
~ resource "aws_lambda_function" "reliability" {
id = "Reliability"
~ last_modified = "2023-12-13T19:30:42.000+0000" -> (known after apply)
~ s3_object_version = "4Om4TGyikL91F7nkKFedil3uV.tyzsU6" -> (known after apply)
~ source_code_hash = "nf3YFotstkw84Smj5lGE5Dft0jWhLgYZGsp2crPVU6Q=" -> "5yVvgyeNDmi8msn9POHnQ6b5nDF62voAtX4qAtAeW9Y="
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (21 unchanged attributes hidden)
~ environment {
~ variables = {
~ "NOTIFY_API_KEY" = (sensitive value)
# (7 unchanged elements hidden)
}
}
# (2 unchanged blocks hidden)
}
# aws_lambda_function.reliability_dlq_consumer will be updated in-place
~ resource "aws_lambda_function" "reliability_dlq_consumer" {
id = "Reliability_DLQ_Consumer"
~ last_modified = "2023-12-08T15:00:33.000+0000" -> (known after apply)
~ s3_object_version = "cRf.Dj.LTDhuOUv.k5w6JGkAehmjZ9Ji" -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.response_archiver will be updated in-place
~ resource "aws_lambda_function" "response_archiver" {
id = "Response_Archiver"
~ last_modified = "2024-01-09T15:57:14.000+0000" -> (known after apply)
~ s3_object_version = "FlkRJWeQrrZC4lwjiEbKG4vPnw__MBWu" -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.submission will be updated in-place
~ resource "aws_lambda_function" "submission" {
id = "Submission"
~ last_modified = "2023-12-08T15:00:34.000+0000" -> (known after apply)
~ s3_object_version = "klyLdBblY5xlz0rQhwFtMCYOIZaIxbHS" -> (known after apply)
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.vault_integrity will be updated in-place
~ resource "aws_lambda_function" "vault_integrity" {
id = "Vault_Data_Integrity_Check"
~ last_modified = "2023-12-27T15:41:05.000+0000" -> (known after apply)
~ s3_bucket = "forms-staging-lambda-code" -> (known after apply)
~ s3_key = "signed/5fb02f2a-e7d7-43c0-bb98-aeaf9f2a6f24" -> (known after apply)
~ source_code_hash = "9opCvMNrZA+BCLvHUGkHDweCXfVwLgP5jcHfkTPLySc=" -> "TowbMcppnki+0a5fq50Oral3CqleiwGw7U1igvFz0Ws="
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_s3_bucket_object.audit_logs_code will be destroyed
# (because aws_s3_bucket_object.audit_logs_code is not in configuration)
- resource "aws_s3_bucket_object" "audit_logs_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "5449eb3d251eb9da4bed4cc4d9dbaefb" -> null
- force_destroy = false -> null
- id = "audit_logs_code" -> null
- key = "audit_logs_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/audit_logs_code.zip" -> null
- source_hash = "Buwqu7thcIBHaO7og80TTG/nf0wASM21hynA9WhHPz0=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "iMfvFxLKoRigCnZVFaJuLTUsn_6RFOu5" -> null
}
# aws_s3_bucket_object.form_archiver_code will be destroyed
# (because aws_s3_bucket_object.form_archiver_code is not in configuration)
- resource "aws_s3_bucket_object" "form_archiver_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "32a053b83abef39244ef777907685f12" -> null
- force_destroy = false -> null
- id = "form_archiver_code" -> null
- key = "form_archiver_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/form_archiver_code.zip" -> null
- source_hash = "Az0liG599yfRg7cqDAtpcwSYHtgtsQI2m7K2x/krsxY=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "j94rcpwyFRwAA7JXRDCDafL85O6hDx2J" -> null
}
# aws_s3_bucket_object.nagware_code will be destroyed
# (because aws_s3_bucket_object.nagware_code is not in configuration)
- resource "aws_s3_bucket_object" "nagware_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "0720e067d02d67a7316c76293828208e-2" -> null
- force_destroy = false -> null
- id = "nagware_code" -> null
- key = "nagware_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/nagware_code.zip" -> null
- source_hash = "OcLo5We0JHv2naLzzmmeTs5+2hTEVT1bAlfB7LuxJFs=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "TvJ2N1_.VVw5oGteCmT4AbDx3ioM1jrD" -> null
}
# aws_s3_bucket_object.reliability_code will be destroyed
# (because aws_s3_bucket_object.reliability_code is not in configuration)
- resource "aws_s3_bucket_object" "reliability_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "6eee2a95108e6849a4d8d54f7de2cce4-2" -> null
- force_destroy = false -> null
- id = "reliability_code" -> null
- key = "reliability_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/reliability_code.zip" -> null
- source_hash = "nf3YFotstkw84Smj5lGE5Dft0jWhLgYZGsp2crPVU6Q=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "4Om4TGyikL91F7nkKFedil3uV.tyzsU6" -> null
}
# aws_s3_bucket_object.reliability_dlq_consumer_code will be destroyed
# (because aws_s3_bucket_object.reliability_dlq_consumer_code is not in configuration)
- resource "aws_s3_bucket_object" "reliability_dlq_consumer_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "4505a631fc6a071f64f549b91eaf725a" -> null
- force_destroy = false -> null
- id = "reliability_dlq_consumer_code" -> null
- key = "reliability_dlq_consumer_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/reliability_dlq_consumer_code.zip" -> null
- source_hash = "F7WbeUnrxxXYZkj7tkJyJcFV6inBl3QWsV9AzLcvfB4=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "cRf.Dj.LTDhuOUv.k5w6JGkAehmjZ9Ji" -> null
}
# aws_s3_bucket_object.response_archiver_code will be destroyed
# (because aws_s3_bucket_object.response_archiver_code is not in configuration)
- resource "aws_s3_bucket_object" "response_archiver_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "f10c294a1ed067cf983e8c9cd497d37e-2" -> null
- force_destroy = false -> null
- id = "response_archiver_code" -> null
- key = "response_archiver_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/response_archiver_code.zip" -> null
- source_hash = "HlOcaGXKLFMSZO3DF101vb5Af5YWWPGBw6Z16Zu9hVI=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "FlkRJWeQrrZC4lwjiEbKG4vPnw__MBWu" -> null
}
# aws_s3_bucket_object.submission_code will be destroyed
# (because aws_s3_bucket_object.submission_code is not in configuration)
- resource "aws_s3_bucket_object" "submission_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "6f15df036a513bfaca7fcea4d4b1fb78-2" -> null
- force_destroy = false -> null
- id = "submission_code" -> null
- key = "submission_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/submission_code.zip" -> null
- source_hash = "upOHVsX4QZQdq2GJDkBlWCCQTia0Q0WdEVP2ZbhUGXk=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "klyLdBblY5xlz0rQhwFtMCYOIZaIxbHS" -> null
}
# aws_s3_bucket_object.vault_integrity_code will be destroyed
# (because aws_s3_bucket_object.vault_integrity_code is not in configuration)
- resource "aws_s3_bucket_object" "vault_integrity_code" {
- acl = "private" -> null
- bucket = "forms-staging-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "71c195eb45edc2203396a57fd03b5884-2" -> null
- force_destroy = false -> null
- id = "vault_integrity_code" -> null
- key = "vault_integrity_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/vault_integrity_code.zip" -> null
- source_hash = "TowbMcppnki+0a5fq50Oral3CqleiwGw7U1igvFz0Ws=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {} -> null
- version_id = "sQTR1bM5TctBB1gnxGI5GNQx3fnc7zbN" -> null
}
# aws_s3_object.audit_logs_code will be created
+ resource "aws_s3_object" "audit_logs_code" {
+ acl = (known after apply)
+ bucket = "forms-staging-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = (known after apply)
+ etag = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ key = "audit_logs_code"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "/tmp/audit_logs_code.zip"
+ source_hash = "Buwqu7thcIBHaO7og80TTG/nf0wASM21hynA9WhHPz0="
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.form_archiver_code will be created
+ resource "aws_s3_object" "form_archiver_code" {
+ acl = (known after apply)
+ bucket = "forms-staging-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = (known after apply)
+ etag = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ key = "form_archiver_code"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "/tmp/form_archiver_code.zip"
+ source_hash = "Az0liG599yfRg7cqDAtpcwSYHtgtsQI2m7K2x/krsxY="
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.nagware_code will be created
+ resource "aws_s3_object" "nagware_code" {
+ acl = (known after apply)
+ bucket = "forms-staging-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = (known after apply)
+ etag = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ key = "nagware_code"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "/tmp/nagware_code.zip"
+ source_hash = "ha3DW+JncgRLWftdc/8u3wFhtA4VJoyDjmcvk7N5xxE="
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.reliability_code will be created
+ resource "aws_s3_object" "reliability_code" {
+ acl = (known after apply)
+ bucket = "forms-staging-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_2am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_3am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_4am_every_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.cron_5am_every_business_day"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.response_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.vault_integrity"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.form_archiver"]
WARN -... |
Staging: alarms✅ Terraform Init: Plan: 0 to add, 19 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_cloudwatch_event_rule.codedeploy_sns will be updated in-place
~ resource "aws_cloudwatch_event_rule" "codedeploy_sns" {
id = "alert-on-codedeploy-status"
name = "alert-on-codedeploy-status"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (7 unchanged attributes hidden)
}
# aws_cloudwatch_log_group.notify_slack will be updated in-place
~ resource "aws_cloudwatch_log_group" "notify_slack" {
id = "/aws/lambda/NotifySlack"
name = "/aws/lambda/NotifySlack"
~ retention_in_days = 90 -> 731
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (4 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.ELB_5xx_error_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ELB_5xx_error_warn" {
id = "HTTPCode_ELB_5XX_Count"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.alb_ddos will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "alb_ddos" {
id = "ALBDDoS"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (17 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "audit_log_dead_letter_queue_warn" {
id = "AuditLogDeadLetterQueueWarn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "cognito_login_outside_canada_warn" {
id = "AWSCognitoLoginOutsideCanadaAlarm"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (17 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.cognito_signin_exceeded will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "cognito_signin_exceeded" {
id = "CognitoSigninExceeded"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.ddos_detected_forms_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ddos_detected_forms_warn" {
id = "DDoSDetectedformsWarn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "ddos_detected_route53_warn" {
id = "DDoSDetectedRoute53Warn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "forms_cpu_utilization_high_warn" {
id = "CpuUtilizationWarn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "forms_memory_utilization_high_warn" {
id = "MemoryUtilizationWarn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "reliability_dead_letter_queue_warn" {
id = "ReliabilityDeadLetterQueueWarn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_cloudwatch_metric_alarm.response_time_warn will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "response_time_warn" {
id = "ResponseTimeWarn"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (15 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_cloudwatch_metric_alarm.route53_ddos[0] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "route53_ddos" {
id = "Route53DDoS"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (17 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.twoFa_verification_exceeded will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "twoFa_verification_exceeded" {
id = "2FAVerificationExceeded"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "vault_data_integrity_check_lambda_iterator_age" {
id = "Vault data integrity check lambda iterator age"
tags = {}
~ tags_all = {
+ "CostCentre" = "forms-platform-staging"
+ "Terraform" = "true"
}
# (17 unchanged attributes hidden)
}
# aws_iam_role.notify_slack_lambda will be updated in-place
~ resource "aws_iam_role" "notify_slack_lambda" {
id = "NotifySlackLambda"
name = "NotifySlackLambda"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lambda_function.notify_slack will be updated in-place
~ resource "aws_lambda_function" "notify_slack" {
id = "NotifySlack"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (22 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# module.athena_bucket.aws_s3_bucket.this will be updated in-place
~ resource "aws_s3_bucket" "this" {
id = "forms-staging-athena-bucket"
~ tags = {
"CostCentre" = "forms-platform-staging"
+ "Critical" = "false"
"Terraform" = "true"
}
~ tags_all = {
+ "Critical" = "false"
# (2 unchanged elements hidden)
}
# (10 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
Plan: 0 to add, 19 to change, 0 to destroy.
Warning: Argument is deprecated
with module.athena_bucket.aws_s3_bucket.this,
on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
8: resource "aws_s3_bucket" "this" {
Use the aws_s3_bucket_server_side_encryption_configuration resource instead
(and 3 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.response_time_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.route53_ddos[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.twoFa_verification_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_slack_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.notify_slack"]
37 tests, 19 passed, 18 warnings, 0 failures, 0 exceptions
|
Staging: load_testing✅ Terraform Init: Plan: 0 to add, 2 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_iam_role.load_test_lambda will be updated in-place
~ resource "aws_iam_role" "load_test_lambda" {
id = "LoadTestLambda"
name = "LoadTestLambda"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_lambda_function.load_testing will be updated in-place
~ resource "aws_lambda_function" "load_testing" {
id = "LoadTesting"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (21 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_iam_role.load_test_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.load_testing"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
Staging: pr_review✅ Terraform Init: Plan: 0 to add, 4 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_ecr_repository.pr_review_repository[0] will be updated in-place
~ resource "aws_ecr_repository" "pr_review_repository" {
id = "pr_review"
name = "pr_review"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_iam_policy.forms_lambda_parameter_store[0] will be updated in-place
~ resource "aws_iam_policy" "forms_lambda_parameter_store" {
id = "arn:aws:iam::687401027353:policy/formsLambdaParameterStoreRetrieval"
name = "formsLambdaParameterStoreRetrieval"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (5 unchanged attributes hidden)
}
# aws_iam_role.forms_lambda_client[0] will be updated in-place
~ resource "aws_iam_role" "forms_lambda_client" {
id = "forms-lambda-client"
name = "forms-lambda-client"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
- "Terraform" = "true" -> null
}
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_security_group.lambda_client_pr_review[0] will be updated in-place
~ resource "aws_security_group" "lambda_client_pr_review" {
id = "sg-0554e1d0a9da92168"
name = "lambda-admin-pr-review"
~ tags = {
- "CostCentre" = "forms-platform-staging" -> null
}
~ tags_all = {
+ "Terraform" = "true"
# (1 unchanged element hidden)
}
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 4 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.pr_review_repository[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_lambda_parameter_store[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms_lambda_client[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_security_group.lambda_client_pr_review[0]"]
23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary | Résumé
Upgrades AWS Provider