data.github_repository.pathogen["ncov"]: Reading... data.github_repository.pathogen["forecasts-ncov"]: Reading... data.github_repository.pathogen["mpox"]: Reading... data.github_repository.pathogen["dengue"]: Reading... data.github_repository.pathogen["rsv"]: Reading... data.github_repository.pathogen["zika"]: Reading... data.github_repository.pathogen["ncov-ingest"]: Reading... data.github_repository.pathogen["seasonal-flu"]: Reading... data.github_repository.pathogen["measles"]: Reading... aws_iam_policy.AllowEditingOfNextstrainStagingBucket: Refreshing state... [id=arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainStagingBucket] data.github_repository.pathogen["rsv"]: Read complete after 0s [id=rsv] aws_iam_policy.AllowEditingOfNextstrainNcovPrivateBucket: Refreshing state... [id=arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainNcovPrivateBucket] data.github_repository.pathogen["zika"]: Read complete after 0s [id=zika] aws_iam_policy.AllowEditingOfNextstrainDataBucket: Refreshing state... [id=arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainDataBucket] aws_iam_policy.AllowEditingOfNextstrainDataPrivateBucket: Refreshing state... [id=arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainDataPrivateBucket] aws_iam_policy.NextstrainJobsAccessToBatch: Refreshing state... [id=arn:aws:iam::827581582529:policy/NextstrainJobsAccessToBatch] aws_iam_policy.NextstrainJobsAccessToBucket: Refreshing state... [id=arn:aws:iam::827581582529:policy/NextstrainJobsAccessToBucket] data.github_repository.pathogen["dengue"]: Read complete after 1s [id=dengue] aws_iam_openid_connect_provider.github-actions: Refreshing state... [id=arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com] aws_iam_policy.NextstrainJobsAccessToLogs: Refreshing state... [id=arn:aws:iam::827581582529:policy/NextstrainJobsAccessToLogs] aws_iam_role.GitHubActionsRoleNextstrainTmpBucket: Refreshing state... [id=GitHubActionsRoleNextstrainTmpBucket] aws_iam_role.GitHubActionsRoleNextstrainBatchJobs: Refreshing state... [id=GitHubActionsRoleNextstrainBatchJobs] data.github_repository.pathogen["seasonal-flu"]: Read complete after 1s [id=seasonal-flu] data.github_repository.pathogen["measles"]: Read complete after 2s [id=measles] data.github_repository.pathogen["forecasts-ncov"]: Read complete after 2s [id=forecasts-ncov] data.github_repository.pathogen["mpox"]: Read complete after 2s [id=mpox] data.github_repository.pathogen["ncov-ingest"]: Read complete after 2s [id=ncov-ingest] data.github_repository.pathogen["ncov"]: Read complete after 2s [id=ncov] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create - destroy Terraform will perform the following actions: # aws_iam_policy.AllowEditingOfNextstrainDataBucket will be destroyed # (because aws_iam_policy.AllowEditingOfNextstrainDataBucket is not in configuration) - resource "aws_iam_policy" "AllowEditingOfNextstrainDataBucket" { - arn = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainDataBucket" -> null - id = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainDataBucket" -> null - name = "AllowEditingOfNextstrainDataBucket" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = "s3:ListAllMyBuckets" - Effect = "Allow" - Resource = "*" }, - { - Action = [ - "s3:ListBucket", - "s3:ListBucketVersions", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-data" }, - { - Action = [ - "s3:PutObject", - "s3:PutObjectTagging", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:GetObjectVersionTagging", - "s3:DeleteObject", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-data/*" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPAJSOJLAMZG4KVWQMY6" -> null - tags = {} -> null - tags_all = {} -> null } # aws_iam_policy.AllowEditingOfNextstrainDataPrivateBucket will be destroyed # (because aws_iam_policy.AllowEditingOfNextstrainDataPrivateBucket is not in configuration) - resource "aws_iam_policy" "AllowEditingOfNextstrainDataPrivateBucket" { - arn = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainDataPrivateBucket" -> null - id = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainDataPrivateBucket" -> null - name = "AllowEditingOfNextstrainDataPrivateBucket" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = "s3:ListAllMyBuckets" - Effect = "Allow" - Resource = "*" }, - { - Action = [ - "s3:ListBucket", - "s3:ListBucketVersions", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-data-private" }, - { - Action = [ - "s3:PutObject", - "s3:PutObjectTagging", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:GetObjectVersionTagging", - "s3:DeleteObject", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-data-private/*" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPA4BL5UZTAQLZJXJARE" -> null - tags = {} -> null - tags_all = {} -> null } # aws_iam_policy.AllowEditingOfNextstrainNcovPrivateBucket will be destroyed # (because aws_iam_policy.AllowEditingOfNextstrainNcovPrivateBucket is not in configuration) - resource "aws_iam_policy" "AllowEditingOfNextstrainNcovPrivateBucket" { - arn = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainNcovPrivateBucket" -> null - id = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainNcovPrivateBucket" -> null - name = "AllowEditingOfNextstrainNcovPrivateBucket" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = "s3:ListAllMyBuckets" - Effect = "Allow" - Resource = "*" }, - { - Action = [ - "s3:ListBucket", - "s3:ListBucketVersions", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-ncov-private" }, - { - Action = [ - "s3:PutObject", - "s3:PutObjectTagging", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:GetObjectVersionTagging", - "s3:DeleteObject", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-ncov-private/*" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPA4BL5UZTAQJO5WFTCM" -> null - tags = {} -> null - tags_all = {} -> null } # aws_iam_policy.AllowEditingOfNextstrainStagingBucket will be destroyed # (because aws_iam_policy.AllowEditingOfNextstrainStagingBucket is not in configuration) - resource "aws_iam_policy" "AllowEditingOfNextstrainStagingBucket" { - arn = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainStagingBucket" -> null - id = "arn:aws:iam::827581582529:policy/AllowEditingOfNextstrainStagingBucket" -> null - name = "AllowEditingOfNextstrainStagingBucket" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = "s3:ListAllMyBuckets" - Effect = "Allow" - Resource = "arn:aws:s3:::*" }, - { - Action = [ - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-staging" }, - { - Action = [ - "s3:PutObject", - "s3:PutObjectTagging", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:GetObjectVersionTagging", - "s3:DeleteObject", ] - Effect = "Allow" - Resource = "arn:aws:s3:::nextstrain-staging/*" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPAJSXGDIKS5AUJ6UVZ4" -> null - tags = {} -> null - tags_all = {} -> null } # aws_iam_policy.NextstrainPathogen["dengue"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@dengue" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "dengue.json", + "dengue_*.json", + "files/workflows/dengue/*", + "files/datasets/dengue/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/dengue.json", + "arn:aws:s3:::nextstrain-data/dengue_*.json", + "arn:aws:s3:::nextstrain-staging/dengue.json", + "arn:aws:s3:::nextstrain-staging/dengue_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_dengue.json", + "arn:aws:s3:::nextstrain-staging/trial_*_dengue_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/dengue/*", + "arn:aws:s3:::nextstrain-data/files/datasets/dengue/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/dengue/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/dengue/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/dengue/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/dengue/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["forecasts-ncov"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@forecasts-ncov" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "forecasts-ncov.json", + "forecasts-ncov_*.json", + "files/workflows/forecasts-ncov/*", + "files/datasets/forecasts-ncov/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/forecasts-ncov.json", + "arn:aws:s3:::nextstrain-data/forecasts-ncov_*.json", + "arn:aws:s3:::nextstrain-staging/forecasts-ncov.json", + "arn:aws:s3:::nextstrain-staging/forecasts-ncov_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_forecasts-ncov.json", + "arn:aws:s3:::nextstrain-staging/trial_*_forecasts-ncov_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/forecasts-ncov/*", + "arn:aws:s3:::nextstrain-data/files/datasets/forecasts-ncov/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/forecasts-ncov/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/forecasts-ncov/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/forecasts-ncov/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/forecasts-ncov/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["measles"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@measles" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "measles.json", + "measles_*.json", + "files/workflows/measles/*", + "files/datasets/measles/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/measles.json", + "arn:aws:s3:::nextstrain-data/measles_*.json", + "arn:aws:s3:::nextstrain-staging/measles.json", + "arn:aws:s3:::nextstrain-staging/measles_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_measles.json", + "arn:aws:s3:::nextstrain-staging/trial_*_measles_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/measles/*", + "arn:aws:s3:::nextstrain-data/files/datasets/measles/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/measles/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/measles/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/measles/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/measles/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["mpox"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@mpox" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "mpox.json", + "mpox_*.json", + "files/workflows/mpox/*", + "files/datasets/mpox/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/mpox.json", + "arn:aws:s3:::nextstrain-data/mpox_*.json", + "arn:aws:s3:::nextstrain-staging/mpox.json", + "arn:aws:s3:::nextstrain-staging/mpox_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_mpox.json", + "arn:aws:s3:::nextstrain-staging/trial_*_mpox_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/mpox/*", + "arn:aws:s3:::nextstrain-data/files/datasets/mpox/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/mpox/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/mpox/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/mpox/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/mpox/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["ncov"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@ncov" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "ncov.json", + "ncov_*.json", + "files/workflows/ncov/*", + "files/datasets/ncov/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/ncov.json", + "arn:aws:s3:::nextstrain-data/ncov_*.json", + "arn:aws:s3:::nextstrain-staging/ncov.json", + "arn:aws:s3:::nextstrain-staging/ncov_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_ncov.json", + "arn:aws:s3:::nextstrain-staging/trial_*_ncov_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/ncov/*", + "arn:aws:s3:::nextstrain-data/files/datasets/ncov/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/ncov/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/ncov/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/ncov/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/ncov/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["rsv"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@rsv" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "rsv.json", + "rsv_*.json", + "files/workflows/rsv/*", + "files/datasets/rsv/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/rsv.json", + "arn:aws:s3:::nextstrain-data/rsv_*.json", + "arn:aws:s3:::nextstrain-staging/rsv.json", + "arn:aws:s3:::nextstrain-staging/rsv_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_rsv.json", + "arn:aws:s3:::nextstrain-staging/trial_*_rsv_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/rsv/*", + "arn:aws:s3:::nextstrain-data/files/datasets/rsv/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/rsv/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/rsv/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/rsv/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/rsv/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["seasonal-flu"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@seasonal-flu" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "seasonal-flu.json", + "seasonal-flu_*.json", + "files/workflows/seasonal-flu/*", + "files/datasets/seasonal-flu/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/seasonal-flu.json", + "arn:aws:s3:::nextstrain-data/seasonal-flu_*.json", + "arn:aws:s3:::nextstrain-staging/seasonal-flu.json", + "arn:aws:s3:::nextstrain-staging/seasonal-flu_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_seasonal-flu.json", + "arn:aws:s3:::nextstrain-staging/trial_*_seasonal-flu_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/seasonal-flu/*", + "arn:aws:s3:::nextstrain-data/files/datasets/seasonal-flu/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/seasonal-flu/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/seasonal-flu/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/seasonal-flu/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/seasonal-flu/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogen["zika"] will be created + resource "aws_iam_policy" "NextstrainPathogen" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen" + id = (known after apply) + name = "NextstrainPathogen@zika" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Condition = { + StringLike = { + "s3:prefix" = [ + "zika.json", + "zika_*.json", + "files/workflows/zika/*", + "files/datasets/zika/*", ] } } + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data", + "arn:aws:s3:::nextstrain-data-private", + "arn:aws:s3:::nextstrain-staging", ] + Sid = "List" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-data/zika.json", + "arn:aws:s3:::nextstrain-data/zika_*.json", + "arn:aws:s3:::nextstrain-staging/zika.json", + "arn:aws:s3:::nextstrain-staging/zika_*.json", + "arn:aws:s3:::nextstrain-staging/trial_*_zika.json", + "arn:aws:s3:::nextstrain-staging/trial_*_zika_*.json", + "arn:aws:s3:::nextstrain-data/files/workflows/zika/*", + "arn:aws:s3:::nextstrain-data/files/datasets/zika/*", + "arn:aws:s3:::nextstrain-data-private/files/workflows/zika/*", + "arn:aws:s3:::nextstrain-data-private/files/datasets/zika/*", + "arn:aws:s3:::nextstrain-staging/files/workflows/zika/*", + "arn:aws:s3:::nextstrain-staging/files/datasets/zika/*", ] + Sid = "ReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_policy.NextstrainPathogenNcovPrivate will be created + resource "aws_iam_policy" "NextstrainPathogenNcovPrivate" { + arn = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. to the ncov-private bucket for the Nextstrain ncov pathogen" + id = (known after apply) + name = "NextstrainPathogen@ncov+private" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-ncov-private", ] + Sid = "NcovPrivateList" }, + { + Action = [ + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionTagging", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", ] + Effect = "Allow" + Resource = [ + "arn:aws:s3:::nextstrain-ncov-private/*", ] + Sid = "NcovPrivateReadWrite" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_role.GitHubActionsRoleNextstrainRepo[".github"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/.github:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = [ + "arn:aws:iam::827581582529:policy/NextstrainJobsAccessToBucket", ] + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@.github" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["dengue"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/dengue:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@dengue" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["forecasts-ncov"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/forecasts-ncov:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@forecasts-ncov" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["measles"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/measles:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@measles" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["mpox"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/mpox:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@mpox" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["ncov"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/ncov:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@ncov" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["ncov-ingest"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/ncov-ingest:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@ncov-ingest" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["rsv"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/rsv:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@rsv" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["seasonal-flu"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/seasonal-flu:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@seasonal-flu" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # aws_iam_role.GitHubActionsRoleNextstrainRepo["zika"] will be created + resource "aws_iam_role" "GitHubActionsRoleNextstrainRepo" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringLike = { + "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com" + "token.actions.githubusercontent.com:sub" = "repo:nextstrain/zika:*:job_workflow_ref:nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@*" } } + Effect = "Allow" + Principal = { + Federated = "arn:aws:iam::827581582529:oidc-provider/token.actions.githubusercontent.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "Provides permissions to upload datasets, workflow files, etc. for a Nextstrain pathogen to select repos and select GitHub Actions OIDC workflows." + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 43200 + name = "GitHubActionsRoleNextstrainRepo@zika" + name_prefix = (known after apply) + path = "/" + role_last_used = (known after apply) + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy {} } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain[".github"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = ".github" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["dengue"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "dengue" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["forecasts-ncov"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "forecasts-ncov" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["measles"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "measles" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["mpox"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "mpox" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["ncov"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "ncov" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["ncov-ingest"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "ncov-ingest" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["rsv"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "rsv" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["seasonal-flu"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "seasonal-flu" + use_default = false } # github_actions_repository_oidc_subject_claim_customization_template.nextstrain["zika"] will be created + resource "github_actions_repository_oidc_subject_claim_customization_template" "nextstrain" { + id = (known after apply) + include_claim_keys = [ + "repo", + "context", + "job_workflow_ref", ] + repository = "zika" + use_default = false } # github_repository_topics.pathogen["dengue"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "dengue" + topics = [ + "nextstrain", + "pathogen", ] } # github_repository_topics.pathogen["forecasts-ncov"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "forecasts-ncov" + topics = [ + "bioinformatics", + "forecasts", + "nextstrain", + "pango-lineages", + "pathogen", + "sars-cov-2", + "sars-cov-2-variants", ] } # github_repository_topics.pathogen["measles"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "measles" + topics = [ + "nextstrain", + "pathogen", ] } # github_repository_topics.pathogen["mpox"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "mpox" + topics = [ + "augur", + "auspice", + "bioinformatics", + "genbank", + "genomic-epidemiology", + "metadata", + "monkeypox", + "mpox", + "nextstrain", + "pathogen", + "phylogenetics", + "pipeline", + "virus-evolution", ] } # github_repository_topics.pathogen["ncov"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "ncov" + topics = [ + "ncov", + "nextstrain", + "pathogen", + "sars-cov-2", ] } # github_repository_topics.pathogen["ncov-ingest"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "ncov-ingest" + topics = [ + "bash", + "genbank", + "gisaid", + "ncov", + "nextstrain", + "pathogen", + "python", + "sars-cov-2", ] } # github_repository_topics.pathogen["rsv"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "rsv" + topics = [ + "nextstrain", + "pathogen", ] } # github_repository_topics.pathogen["seasonal-flu"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "seasonal-flu" + topics = [ + "nextstrain", + "pathogen", ] } # github_repository_topics.pathogen["zika"] will be created + resource "github_repository_topics" "pathogen" { + id = (known after apply) + repository = "zika" + topics = [ + "nextstrain", + "pathogen", ] } Plan: 38 to add, 0 to change, 4 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan To perform exactly these actions, run the following command to apply: terraform apply "plan" Releasing state lock. This may take a few moments...