-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: GCForms release v3.6.0 #598
Conversation
51cce4d
to
bc08a15
Compare
This pull request includes the new Audit logs archiver feature. We will have to run a migration script once it is released in production. |
bc08a15
to
f710aaf
Compare
f710aaf
to
b302428
Compare
Production: s3✅ Terraform Init: Plan: 5 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.audit_logs_archive_storage will be created
+ resource "aws_s3_bucket" "audit_logs_archive_storage" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "forms-production-audit-logs-archive-storage"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
}
# aws_s3_bucket_lifecycle_configuration.audit_logs_archive_storage will be created
+ resource "aws_s3_bucket_lifecycle_configuration" "audit_logs_archive_storage" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ id = "Clear Audit Logs Archive Storage after 1 year and 11 months"
+ status = "Enabled"
+ expiration {
+ days = 700
+ expired_object_delete_marker = (known after apply)
}
}
}
# aws_s3_bucket_ownership_controls.audit_logs_archive_storage will be created
+ resource "aws_s3_bucket_ownership_controls" "audit_logs_archive_storage" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ object_ownership = "BucketOwnerEnforced"
}
}
# aws_s3_bucket_public_access_block.audit_logs_archive_storage will be created
+ resource "aws_s3_bucket_public_access_block" "audit_logs_archive_storage" {
+ block_public_acls = true
+ block_public_policy = true
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = true
+ restrict_public_buckets = true
}
# aws_s3_bucket_server_side_encryption_configuration.audit_logs_archive_storage will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "audit_logs_archive_storage" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
Plan: 5 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ audit_logs_archive_storage_arn = (known after apply)
+ audit_logs_archive_storage_id = (known after apply)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.audit_logs_archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.lambda_code"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.reliability_file_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.vault_file_storage"]
24 tests, 19 passed, 5 warnings, 0 failures, 0 exceptions
|
Production: dynamodb✅ Terraform Init: Plan: 0 to add, 1 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_dynamodb_table.audit_logs will be updated in-place
~ resource "aws_dynamodb_table" "audit_logs" {
id = "AuditLogs"
name = "AuditLogs"
~ stream_arn = "arn:aws:dynamodb:ca-central-1:957818836222:table/AuditLogs/stream/2023-04-17T14:24:26.127" -> (known after apply)
~ stream_enabled = true -> false
tags = {}
# (11 unchanged attributes hidden)
+ attribute {
+ name = "Status"
+ type = "S"
}
- global_secondary_index {
- hash_key = "UserID" -> null
- name = "UserByTime" -> null
- non_key_attributes = [] -> null
- projection_type = "KEYS_ONLY" -> null
- range_key = "TimeStamp" -> null
- read_capacity = 0 -> null
- write_capacity = 0 -> null
}
+ global_secondary_index {
+ hash_key = "Status"
+ name = "StatusByTimestamp"
+ non_key_attributes = []
+ projection_type = "ALL"
+ range_key = "TimeStamp"
}
+ global_secondary_index {
+ hash_key = "UserID"
+ name = "UserByTime"
+ non_key_attributes = []
+ projection_type = "KEYS_ONLY"
+ range_key = "TimeStamp"
}
# (6 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.reliability_queue"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.vault"]
22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions
|
Production: app✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_ecs_task_definition.form_viewer will be created
+ resource "aws_ecs_task_definition" "form_viewer" {
+ arn = (known after apply)
+ arn_without_revision = (known after apply)
+ container_definitions = jsonencode(
[
+ {
+ environment = [
+ {
+ name = "AUDIT_LOG_QUEUE_URL"
+ value = "https://sqs.ca-central-1.amazonaws.com/957818836222/audit_log_queue"
},
+ {
+ name = "COGNITO_CLIENT_ID"
+ value = "5rkjd3us3ocssieiitdbtjitiv"
},
+ {
+ name = "COGNITO_ENDPOINT_URL"
+ value = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_eSTGTCw33"
},
+ {
+ name = "EMAIL_ADDRESS_CONTACT_US"
+ value = "assistance+forms-formulaires@cds-snc.ca"
},
+ {
+ name = "EMAIL_ADDRESS_SUPPORT"
+ value = "assistance+forms-formulaires@cds-snc.ca"
},
+ {
+ name = "METRIC_PROVIDER"
+ value = "stdout"
},
+ {
+ name = "NEXTAUTH_URL"
+ value = "https://forms-formulaires.alpha.canada.ca"
},
+ {
+ name = "RECAPTCHA_V3_SITE_KEY"
+ value = "6LfuLrQnAAAAAK9Df3gem4XLMRVY2Laq6t2fhZhZ"
},
+ {
+ name = "REDIS_URL"
+ value = "gcforms-redis-rep-group.iyrckm.ng.0001.cac1.cache.amazonaws.com"
},
+ {
+ name = "RELIABILITY_FILE_STORAGE"
+ value = "forms-production-reliability-file-storage"
},
+ {
+ name = "REPROCESS_SUBMISSION_QUEUE_URL"
+ value = "https://sqs.ca-central-1.amazonaws.com/957818836222/reprocess_submission_queue.fifo"
},
+ {
+ name = "TEMPLATE_ID"
+ value = "92096ac6-1cc5-40ae-9052-fffdb8439a90"
},
+ {
+ name = "TEMPORARY_TOKEN_TEMPLATE_ID"
+ value = "61cec9c4-64ca-4e4d-b4d2-a0e931c44422"
},
+ {
+ name = "TRACER_PROVIDER"
+ value = "stdout"
},
+ {
+ name = "VAULT_FILE_STORAGE"
+ value = "forms-production-vault-file-storage"
},
]
+ image = "957818836222.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_production"
+ linuxParameters = {
+ capabilities = {
+ drop = [
+ "ALL",
]
}
}
+ logConfiguration = {
+ logDriver = "awslogs"
+ options = {
+ awslogs-group = "Forms"
+ awslogs-region = "ca-central-1"
+ awslogs-stream-prefix = "ecs-form-viewer"
}
}
+ name = "form_viewer"
+ portMappings = [
+ {
+ containerPort = 3000
},
]
+ secrets = [
+ {
+ name = "NOTIFY_API_KEY"
+ valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_api_key-sLtddr"
},
+ {
+ name = "RECAPTCHA_V3_SECRET_KEY"
+ valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:recaptcha_secret-LxfCjN"
},
+ {
+ name = "DATABASE_URL"
+ valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:server-database-url-jVtWGE"
},
+ {
+ name = "TOKEN_SECRET"
+ valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:token_secret-jw4Dou"
},
+ {
+ name = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
+ valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:notify_callback_bearer_token-sWF9yQ"
},
+ {
+ name = "FRESHDESK_API_KEY"
+ valueFrom = "arn:aws:secretsmanager:ca-central-1:957818836222:secret:freshdesk_api_key-2Q118n"
},
]
},
]
)
+ cpu = "2048"
+ execution_role_arn = "arn:aws:iam::957818836222:role/form-viewer"
+ family = "form-viewer"
+ id = (known after apply)
+ memory = "4096"
+ network_mode = "awsvpc"
+ requires_compatibilities = [
+ "FARGATE",
]
+ revision = (known after apply)
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ task_role_arn = "arn:aws:iam::957818836222:role/form-viewer"
}
Plan: 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"]
34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions
|
Production: lambdas✅ Terraform Init: Plan: 6 to add, 6 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# aws_cloudwatch_event_rule.audit_logs_archiver_lambda_trigger will be created
+ resource "aws_cloudwatch_event_rule" "audit_logs_archiver_lambda_trigger" {
+ arn = (known after apply)
+ description = "Fires every day at 1am EST"
+ event_bus_name = "default"
+ id = (known after apply)
+ name = "audit-logs-archiver-lambda-trigger"
+ name_prefix = (known after apply)
+ schedule_expression = "cron(0 6 * * ? *)"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_cloudwatch_event_target.audit_logs_archiver_lambda_trigger will be created
+ resource "aws_cloudwatch_event_target" "audit_logs_archiver_lambda_trigger" {
+ arn = (known after apply)
+ event_bus_name = "default"
+ id = (known after apply)
+ rule = "audit-logs-archiver-lambda-trigger"
+ target_id = (known after apply)
}
# aws_cloudwatch_log_group.audit_logs_archiver will be created
+ resource "aws_cloudwatch_log_group" "audit_logs_archiver" {
+ arn = (known after apply)
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:ca-central-1:957818836222:key/b5973af1-3114-4808-9455-57441c35854d"
+ log_group_class = (known after apply)
+ name = "/aws/lambda/Audit_Logs_Archiver"
+ name_prefix = (known after apply)
+ retention_in_days = 731
+ skip_destroy = false
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
}
# aws_iam_policy.lambda_s3 will be updated in-place
~ resource "aws_iam_policy" "lambda_s3" {
id = "arn:aws:iam::957818836222:policy/lambda_s3"
name = "lambda_s3"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = [
+ "arn:aws:s3:::forms-staging-audit-logs-archive-storage/*",
+ "arn:aws:s3:::forms-staging-audit-logs-archive-storage",
"arn:aws:s3:::forms-production-vault-file-storage/*",
# (7 unchanged elements hidden)
]
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
tags = {}
# (5 unchanged attributes hidden)
}
# aws_lambda_function.audit_logs will be updated in-place
~ resource "aws_lambda_function" "audit_logs" {
id = "Audit_Logs"
~ last_modified = "2024-01-25T16:19:37.000+0000" -> (known after apply)
~ s3_object_version = "3hlR1o6WdUP0F5ZluvO1LG85o.p7NIiO" -> (known after apply)
~ source_code_hash = "Buwqu7thcIBHaO7og80TTG/nf0wASM21hynA9WhHPz0=" -> "uJgR/UkrTb9d9cw3c7/M14DNOgixZp33RJLBUZP3LQ0="
tags = {}
# (21 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.audit_logs_archiver will be created
+ resource "aws_lambda_function" "audit_logs_archiver" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ function_name = "Audit_Logs_Archiver"
+ handler = "audit_logs_archiver.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 128
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = "arn:aws:iam::957818836222:role/iam_for_lambda"
+ runtime = "nodejs18.x"
+ s3_bucket = "forms-production-lambda-code"
+ s3_key = "audit_logs_archiver_code"
+ s3_object_version = (known after apply)
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = "j21QkAUTlKxkmkad5xW89Zgl6fwIQ54MWvLhLAnhwdI="
+ source_code_size = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "AUDIT_LOGS_ARCHIVE_STORAGE_S3_BUCKET" = "forms-staging-audit-logs-archive-storage"
+ "AUDIT_LOGS_DYNAMODB_TABLE_NAME" = "AuditLogs"
+ "LOCALSTACK" = "false"
+ "REGION" = "ca-central-1"
}
}
+ tracing_config {
+ mode = "PassThrough"
}
}
# aws_lambda_function.submission will be updated in-place
~ resource "aws_lambda_function" "submission" {
id = "Submission"
~ last_modified = "2024-01-25T16:19:37.000+0000" -> (known after apply)
~ s3_object_version = "bBzd3fM7fzihAZKRcPh2x2Eom92FQGQs" -> (known after apply)
~ source_code_hash = "upOHVsX4QZQdq2GJDkBlWCCQTia0Q0WdEVP2ZbhUGXk=" -> "MUixujtBoNJnnkSJ7B6Vthx0gUQCXxS8qA23h6mRcC8="
tags = {}
# (21 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.vault_integrity will be updated in-place
~ resource "aws_lambda_function" "vault_integrity" {
id = "Vault_Data_Integrity_Check"
~ last_modified = "2024-02-13T15:11:44.000+0000" -> (known after apply)
~ source_code_hash = "9lDCUtEgnDGaN0b7aU2yhDlM0DDumsUYZhbUsYDuAF4=" -> "TowbMcppnki+0a5fq50Oral3CqleiwGw7U1igvFz0Ws="
tags = {}
# (24 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_permission.audit_logs_archiver will be created
+ resource "aws_lambda_permission" "audit_logs_archiver" {
+ action = "lambda:InvokeFunction"
+ function_name = "Audit_Logs_Archiver"
+ id = (known after apply)
+ principal = "events.amazonaws.com"
+ source_arn = (known after apply)
+ statement_id = "AllowExecutionFromCloudWatch"
+ statement_id_prefix = (known after apply)
}
# aws_s3_object.audit_logs_archiver_code will be created
+ resource "aws_s3_object" "audit_logs_archiver_code" {
+ acl = (known after apply)
+ bucket = "forms-production-lambda-code"
+ bucket_key_enabled = (known after apply)
+ checksum_crc32 = (known after apply)
+ checksum_crc32c = (known after apply)
+ checksum_sha1 = (known after apply)
+ checksum_sha256 = (known after apply)
+ content_type = (known after apply)
+ etag = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ key = "audit_logs_archiver_code"
+ kms_key_id = (known after apply)
+ server_side_encryption = (known after apply)
+ source = "/tmp/audit_logs_archiver_code.zip"
+ source_hash = "j21QkAUTlKxkmkad5xW89Zgl6fwIQ54MWvLhLAnhwdI="
+ storage_class = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ version_id = (known after apply)
}
# aws_s3_object.audit_logs_code will be updated in-place
~ resource "aws_s3_object" "audit_logs_code" {
id = "audit_logs_code"
~ source_hash = "Buwqu7thcIBHaO7og80TTG/nf0wASM21hynA9WhHPz0=" -> "uJgR/UkrTb9d9cw3c7/M14DNOgixZp33RJLBUZP3LQ0="
tags = {}
~ version_id = "3hlR1o6WdUP0F5ZluvO1LG85o.p7NIiO" -> (known after apply)
# (11 unchanged attributes hidden)
}
# aws_s3_object.submission_code will be updated in-place
~ resource "aws_s3_object" "submission_code" {
id = "submission_code"
~ source_hash = "upOHVsX4QZQdq2GJDkBlWCCQTia0Q0WdEVP2ZbhUGXk=" -> "MUixujtBoNJnnkSJ7B6Vthx0gUQCXxS8qA23h6mRcC8="
tags = {}
~ version_id = "bBzd3fM7fzihAZKRcPh2x2Eom92FQGQs" -> (known after apply)
# (11 unchanged attributes hidden)
}
Plan: 6 to add, 6 to change, 0 to destroy.
Changes to Outputs:
+ lambda_audit_logs_archiver_group_name = "/aws/lambda/Audit_Logs_Archiver"
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.audit_logs_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.form_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.nagware_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.reliability_dlq_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.response_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.response_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.vault_integrity"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sqs"]
WARN -... |
Production: alarms✅ Terraform Init: Plan: 3 to add, 1 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_logs_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Audit_Logs_Archiver"
+ name = "error_detection_in_audit_logs_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_logs_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack"
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Audit_Logs_Archiver"
+ name = "timeout_detection_in_audit_logs_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_metric_alarm.UnHealthyHostCount will be created
+ resource "aws_cloudwatch_metric_alarm" "UnHealthyHostCount" {
+ actions_enabled = true
+ alarm_actions = [
+ "arn:aws:sns:ca-central-1:957818836222:alert-critical",
]
+ alarm_description = "ELB Health Check - UnHealthyHostCount exceed threshold."
+ alarm_name = "UnHealthyHostCount-SEV1"
+ arn = (known after apply)
+ comparison_operator = "GreaterThanThreshold"
+ evaluate_low_sample_count_percentiles = (known after apply)
+ evaluation_periods = 1
+ id = (known after apply)
+ metric_name = "HTTPCode_ELB_5XX_Count"
+ namespace = "AWS/ApplicationELB"
+ period = 60
+ statistic = "SampleCount"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ threshold = 1
+ treat_missing_data = "notBreaching"
}
# aws_lambda_function.notify_slack will be updated in-place
~ resource "aws_lambda_function" "notify_slack" {
id = "NotifySlack"
~ last_modified = "2024-01-25T16:21:41.000+0000" -> (known after apply)
~ source_code_hash = "aGx6QTTnU0Sadob77F9K9cNvEB58TKpnkHqYlJvbKtI=" -> "xsBes0R4ZOY7o2StbXMBaVtoT0FDHuA4M3s/XvSuvlo="
tags = {}
# (20 unchanged attributes hidden)
~ environment {
~ variables = {
+ "OPSGENIE_API_KEY" = (sensitive value)
# (2 unchanged elements hidden)
}
}
# (2 unchanged blocks hidden)
}
Plan: 3 to add, 1 to change, 0 to destroy.
Warning: Argument is deprecated
with module.athena_bucket.aws_s3_bucket.this,
on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
8: resource "aws_s3_bucket" "this" {
Use the aws_s3_bucket_lifecycle_configuration resource instead
(and 3 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.response_time_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.route53_ddos[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.twoFa_verification_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_slack_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.notify_slack"]
38 tests, 19 passed, 19 warnings, 0 failures, 0 exceptions
|
🤖 Release is at https://github.com/cds-snc/forms-terraform/releases/tag/v3.6.0 🌻 |
🤖 I have created a release beep boop
3.6.0 (2024-02-27)
Features
Bug Fixes
This PR was generated with Release Please. See documentation.