harness demo #184

tphoney · 2024-11-07T10:55:14Z

No description provided.

github-actions · 2024-11-07T10:56:46Z

Expected Changes

ecs-task-definition › facial-recognition-terraform-example

--- current
+++ planned
@@ -1,26 +1,26 @@
-arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:5
-arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+arn: (known after apply)
+arn_without_revision: (known after apply)
+container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":8080}],"volumesFrom":[]}]'
 cpu: "1024"
 ephemeral_storage: []
-execution_role_arn: ""
+execution_role_arn: null
 family: facial-recognition-terraform-example
-id: facial-recognition-terraform-example
+id: (known after apply)
 inference_accelerator: []
-ipc_mode: ""
+ipc_mode: null
 memory: "2048"
 network_mode: awsvpc
-pid_mode: ""
+pid_mode: null
 placement_constraints: []
 proxy_configuration: []
 requires_compatibilities:
     - FARGATE
-revision: 5
+revision: (known after apply)
 runtime_platform: []
 skip_destroy: false
-tags: {}
-tags_all: {}
-task_role_arn: ""
+tags: null
+tags_all: (known after apply)
+task_role_arn: null
 terraform_address: module.scenarios[0].aws_ecs_task_definition.face
 terraform_name: module.scenarios[0].aws_ecs_task_definition.face
 track_latest: false

ec2-instance › i-0a525744b5dac529d

--- current
+++ planned
@@ -1,90 +1,63 @@
-ami: ami-0a2b52b696339c85d
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0a525744b5dac529d
+ami: ami-00d2f0339a1fdfef6
+arn: (known after apply)
 associate_public_ip_address: true
-availability_zone: eu-west-2b
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+availability_zone: (known after apply)
+capacity_reservation_specification: (known after apply)
+cpu_core_count: (known after apply)
+cpu_options: (known after apply)
+cpu_threads_per_core: (known after apply)
+credit_specification: []
+disable_api_stop: (known after apply)
+disable_api_termination: (known after apply)
+ebs_block_device: (known after apply)
+ebs_optimized: (known after apply)
+enclave_options: (known after apply)
+ephemeral_block_device: (known after apply)
 get_password_data: false
-hibernation: false
-host_id: ""
-host_resource_group_arn: null
-iam_instance_profile: ""
-id: i-0a525744b5dac529d
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
+hibernation: null
+host_id: (known after apply)
+host_resource_group_arn: (known after apply)
+iam_instance_profile: (known after apply)
+id: (known after apply)
+instance_initiated_shutdown_behavior: (known after apply)
+instance_lifecycle: (known after apply)
+instance_market_options: (known after apply)
+instance_state: (known after apply)
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
+ipv6_address_count: (known after apply)
+ipv6_addresses: (known after apply)
 key_name: Demo Key Pair
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-052b9ce8c42900c07
-private_dns: ip-10-0-10-86.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 10.0.10.86
-public_dns: ec2-18-175-243-185.eu-west-2.compute.amazonaws.com
-public_ip: 18.175.243.185
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-087349579eb65ac71
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups: []
+maintenance_options: (known after apply)
+metadata_options: (known after apply)
+monitoring: (known after apply)
+network_interface: (known after apply)
+outpost_arn: (known after apply)
+password_data: (known after apply)
+placement_group: (known after apply)
+placement_partition_number: (known after apply)
+primary_network_interface_id: (known after apply)
+private_dns: (known after apply)
+private_dns_name_options: (known after apply)
+private_ip: (known after apply)
+public_dns: (known after apply)
+public_ip: (known after apply)
+root_block_device: (known after apply)
+secondary_private_ips: (known after apply)
+security_groups: (known after apply)
 source_dest_check: true
-spot_instance_request_id: ""
+spot_instance_request_id: (known after apply)
 subnet_id: subnet-036704734045071f9
 tags:
     Name: App Server
 tags_all:
     Name: App Server
-tenancy: default
+tenancy: (known after apply)
 terraform_address: module.scenarios[0].aws_instance.app_server
 terraform_name: module.scenarios[0].aws_instance.app_server
 timeouts: null
-user_data: null
-user_data_base64: null
+user_data: (known after apply)
+user_data_base64: (known after apply)
 user_data_replace_on_change: false
 volume_tags: null
 vpc_security_group_ids:

ec2-instance › i-05bccc870971a2004

--- current
+++ planned
@@ -1,90 +1,63 @@
-ami: ami-0a2b52b696339c85d
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-05bccc870971a2004
+ami: ami-00d2f0339a1fdfef6
+arn: (known after apply)
 associate_public_ip_address: true
-availability_zone: eu-west-2a
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+availability_zone: (known after apply)
+capacity_reservation_specification: (known after apply)
+cpu_core_count: (known after apply)
+cpu_options: (known after apply)
+cpu_threads_per_core: (known after apply)
+credit_specification: []
+disable_api_stop: (known after apply)
+disable_api_termination: (known after apply)
+ebs_block_device: (known after apply)
+ebs_optimized: (known after apply)
+enclave_options: (known after apply)
+ephemeral_block_device: (known after apply)
 get_password_data: false
-hibernation: false
-host_id: ""
-host_resource_group_arn: null
-iam_instance_profile: ""
-id: i-05bccc870971a2004
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
+hibernation: null
+host_id: (known after apply)
+host_resource_group_arn: (known after apply)
+iam_instance_profile: (known after apply)
+id: (known after apply)
+instance_initiated_shutdown_behavior: (known after apply)
+instance_lifecycle: (known after apply)
+instance_market_options: (known after apply)
+instance_state: (known after apply)
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
+ipv6_address_count: (known after apply)
+ipv6_addresses: (known after apply)
 key_name: Demo Key Pair
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-05a61fe5efd2c3a26
-private_dns: ip-10-0-9-45.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 10.0.9.45
-public_dns: ec2-13-40-131-98.eu-west-2.compute.amazonaws.com
-public_ip: 13.40.131.98
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-04ea3f96ac619251d
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups: []
+maintenance_options: (known after apply)
+metadata_options: (known after apply)
+monitoring: (known after apply)
+network_interface: (known after apply)
+outpost_arn: (known after apply)
+password_data: (known after apply)
+placement_group: (known after apply)
+placement_partition_number: (known after apply)
+primary_network_interface_id: (known after apply)
+private_dns: (known after apply)
+private_dns_name_options: (known after apply)
+private_ip: (known after apply)
+public_dns: (known after apply)
+public_ip: (known after apply)
+root_block_device: (known after apply)
+secondary_private_ips: (known after apply)
+security_groups: (known after apply)
 source_dest_check: true
-spot_instance_request_id: ""
+spot_instance_request_id: (known after apply)
 subnet_id: subnet-06302fc5a50644cd9
 tags:
     Name: Webserver
 tags_all:
     Name: Webserver
-tenancy: default
+tenancy: (known after apply)
 terraform_address: module.scenarios[0].aws_instance.webserver
 terraform_name: module.scenarios[0].aws_instance.webserver
 timeouts: null
-user_data: null
-user_data_base64: null
+user_data: (known after apply)
+user_data_base64: (known after apply)
 user_data_replace_on_change: false
 volume_tags: null
 vpc_security_group_ids:

ec2-launch-template › lt-0731f767e6be2ab94

--- current
+++ planned
@@ -14,14 +14,14 @@
 hibernation_options: []
 iam_instance_profile: []
 id: lt-0731f767e6be2ab94
-image_id: ami-0a2b52b696339c85d
+image_id: ami-00d2f0339a1fdfef6
 instance_initiated_shutdown_behavior: ""
 instance_market_options: []
 instance_requirements: []
 instance_type: t3.micro
 kernel_id: ""
 key_name: ""
-latest_version: 2
+latest_version: (known after apply)
 license_specification: []
 maintenance_options: []
 metadata_options: []

elbv2-target-group › facerec-terraform-example

--- current
+++ planned
@@ -1,53 +1,38 @@
-arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/facerec-terraform-example/303eb9c3e6a1bb3a
-arn_suffix: targetgroup/facerec-terraform-example/303eb9c3e6a1bb3a
-connection_termination: null
+arn: (known after apply)
+arn_suffix: (known after apply)
+connection_termination: (known after apply)
 deregistration_delay: "300"
 health_check:
     - enabled: true
       healthy_threshold: 2
       interval: 40
-      matcher: "200"
-      path: /
+      matcher: (known after apply)
+      path: (known after apply)
       port: traffic-port
       protocol: HTTP
       timeout: 30
       unhealthy_threshold: 3
-id: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/facerec-terraform-example/303eb9c3e6a1bb3a
-ip_address_type: ipv4
+id: (known after apply)
+ip_address_type: (known after apply)
 lambda_multi_value_headers_enabled: false
-load_balancer_arns:
-    - arn:aws:elasticloadbalancing:eu-west-2:540044833068:loadbalancer/app/terraform-example/bf6a3b2ff7f6855b
-load_balancing_algorithm_type: round_robin
-load_balancing_anomaly_mitigation: "off"
-load_balancing_cross_zone_enabled: use_load_balancer_configuration
+load_balancer_arns: (known after apply)
+load_balancing_algorithm_type: (known after apply)
+load_balancing_anomaly_mitigation: (known after apply)
+load_balancing_cross_zone_enabled: (known after apply)
 name: facerec-terraform-example
-name_prefix: ""
-port: 1234
-preserve_client_ip: null
+name_prefix: (known after apply)
+port: 8080
+preserve_client_ip: (known after apply)
 protocol: HTTP
-protocol_version: HTTP1
+protocol_version: (known after apply)
 proxy_protocol_v2: false
 slow_start: 0
-stickiness:
-    - cookie_duration: 86400
-      cookie_name: ""
-      enabled: false
-      type: lb_cookie
-tags: {}
-tags_all: {}
-target_failover:
-    - on_deregistration: null
-      on_unhealthy: null
-target_group_health:
-    - dns_failover:
-        - minimum_healthy_targets_count: "1"
-          minimum_healthy_targets_percentage: "off"
-      unhealthy_state_routing:
-        - minimum_healthy_targets_count: 1
-          minimum_healthy_targets_percentage: "off"
-target_health_state:
-    - enable_unhealthy_connection_termination: null
-      unhealthy_draining_interval: null
+stickiness: (known after apply)
+tags: null
+tags_all: (known after apply)
+target_failover: (known after apply)
+target_group_health: (known after apply)
+target_health_state: (known after apply)
 target_type: ip
 terraform_address: module.scenarios[0].aws_lb_target_group.face
 terraform_name: module.scenarios[0].aws_lb_target_group.face

Unmapped Changes

Note

These changes couldn't be mapped to a discoverable cloud resource and therefore won't be included in the blast radius calculation.

aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ planned
@@ -22,9 +22,9 @@
 launch_type: ""
 load_balancer:
     - container_name: facial-recognition
-      container_port: 1234
+      container_port: 8080
       elb_name: ""
-      target_group_arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/facerec-terraform-example/303eb9c3e6a1bb3a
+      target_group_arn: (known after apply)
 name: facial-recognition
 network_configuration:
     - assign_public_ip: false
@@ -42,7 +41,7 @@
 service_registries: []
 tags: {}
 tags_all: {}
-task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:5
+task_definition: (known after apply)
 terraform_address: module.scenarios[0].aws_ecs_service.face
 terraform_name: module.scenarios[0].aws_ecs_service.face
 timeouts: null

elbv2-rule › module.scenarios[0].aws_lb_listener_rule.face

--- current
+++ planned
@@ -5,7 +5,7 @@
       forward: []
       order: 1
       redirect: []
-      target_group_arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/facerec-terraform-example/303eb9c3e6a1bb3a
+      target_group_arn: (known after apply)
       type: forward
 arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:listener-rule/app/terraform-example/bf6a3b2ff7f6855b/976e92c108b4b457/a38981e3cf5f0ea2
 condition:

Blast Radius

Items	Edges
46	66

Open in Overmind

Risks

Potential Risk in ECS Task Definition Update - Health Check and Port Mismatch [High]

The proposed change modifies the health check port from 1234 to 8080 in the ECS task definition for the facial-recognition-terraform-example. This change may introduce connectivity issues with existing configurations if they rely specifically on the health check port 1234. Ensure that the ECS service and the related ELB/target group configurations are correctly aligned with the new port setting, as any mismatch could lead to health check failures and subsequent application downtime. Validation Steps: 1. Confirm the ELB in the load balancer is properly configured to use port 8080 for health checks. 2. Verify that any security group attached allows traffic on the new port if it was previously restricted. 3. Ensure that any applications dependent on the previous health check port 1234 are updated to reflect the change to 8080.

harness demo

2b20a07

Update loom.tf with better target group

13a3634

tphoney closed this Nov 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

harness demo #184

harness demo #184

tphoney commented Nov 7, 2024

github-actions bot commented Nov 7, 2024 •

edited

Loading

harness demo #184

harness demo #184

Conversation

tphoney commented Nov 7, 2024

github-actions bot commented Nov 7, 2024 • edited Loading

Expected Changes

Unmapped Changes

Blast Radius

Risks

Potential Risk in ECS Task Definition Update - Health Check and Port Mismatch [High]

github-actions bot commented Nov 7, 2024 •

edited

Loading