chore: GCForms release v3.9.0 #644
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![sre-read-write[bot]](https://avatars.githubusercontent.com/in/146819?s=60&v=4){kind=small}
sre-read-write
bot
requested review from
dsamojlenko,
timarney and
craigzour
as code owners
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
10 times, most recently
from
2a0b9f3 to
57041d6
Compare
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
3 times, most recently
from
f5b76c9 to
2ce5007
Compare
sre-read-write
bot
changed the title
sre-read-write
bot
force-pushed
the
release-please--branches--develop
branch
from
2ce5007 to
95fe326
Compare
Production: ecr✅ Terraform Init: Plan: 27 to add, 0 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_ecr_lifecycle_policy.form_viewer_policy must be replaced
-/+ resource "aws_ecr_lifecycle_policy" "form_viewer_policy" {
~ id = "form_viewer_production" -> (known after apply)
~ policy = jsonencode(
~ {
~ rules = [
~ {
~ selection = {
- tagPrefixList = [
- "v",
]
~ tagStatus = "tagged" -> "any"
# (2 unchanged attributes hidden)
}
# (3 unchanged attributes hidden)
},
]
} # forces replacement
)
~ registry_id = "957818836222" -> (known after apply)
# (1 unchanged attribute hidden)
}
# aws_ecr_lifecycle_policy.lambda["audit-logs-archiver-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "audit-logs-archiver-lambda"
}
# aws_ecr_lifecycle_policy.lambda["audit-logs-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "audit-logs-lambda"
}
# aws_ecr_lifecycle_policy.lambda["cognito-email-sender-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "cognito-email-sender-lambda"
}
# aws_ecr_lifecycle_policy.lambda["cognito-pre-sign-up-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "cognito-pre-sign-up-lambda"
}
# aws_ecr_lifecycle_policy.lambda["form-archiver-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "form-archiver-lambda"
}
# aws_ecr_lifecycle_policy.lambda["load-testing-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "load-testing-lambda"
}
# aws_ecr_lifecycle_policy.lambda["nagware-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "nagware-lambda"
}
# aws_ecr_lifecycle_policy.lambda["notify-slack-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "notify-slack-lambda"
}
# aws_ecr_lifecycle_policy.lambda["reliability-dlq-consumer-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "reliability-dlq-consumer-lambda"
}
# aws_ecr_lifecycle_policy.lambda["reliability-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "reliability-lambda"
}
# aws_ecr_lifecycle_policy.lambda["response-archiver-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "response-archiver-lambda"
}
# aws_ecr_lifecycle_policy.lambda["submission-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "submission-lambda"
}
# aws_ecr_lifecycle_policy.lambda["vault-integrity-lambda"] will be created
+ resource "aws_ecr_lifecycle_policy" "lambda" {
+ id = (known after apply)
+ policy = jsonencode(
{
+ rules = [
+ {
+ action = {
+ type = "expire"
}
+ description = "Keep last 10 images"
+ rulePriority = 1
+ selection = {
+ countNumber = 10
+ countType = "imageCountMoreThan"
+ tagStatus = "any"
}
},
]
}
)
+ registry_id = (known after apply)
+ repository = "vault-integrity-lambda"
}
# aws_ecr_repository.lambda["audit-logs-archiver-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "audit-logs-archiver-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["audit-logs-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "audit-logs-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["cognito-email-sender-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "cognito-email-sender-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["cognito-pre-sign-up-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "cognito-pre-sign-up-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["form-archiver-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "form-archiver-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["load-testing-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "load-testing-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["nagware-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "nagware-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["notify-slack-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "notify-slack-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["reliability-dlq-consumer-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "reliability-dlq-consumer-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["reliability-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "reliability-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["response-archiver-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "response-archiver-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["submission-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "submission-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
# aws_ecr_repository.lambda["vault-integrity-lambda"] will be created
+ resource "aws_ecr_repository" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ image_tag_mutability = "MUTABLE"
+ name = "vault-integrity-lambda"
+ registry_id = (known after apply)
+ repository_url = (known after apply)
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ image_scanning_configuration {
+ scan_on_push = true
}
}
Plan: 27 to add, 0 to change, 1 to destroy.
Changes to Outputs:
+ ecr_repository_url_audit_logs_archiver_lambda = (known after apply)
+ ecr_repository_url_audit_logs_lambda = (known after apply)
+ ecr_repository_url_cognito_email_sender_lambda = (known after apply)
+ ecr_repository_url_cognito_pre_sign_up_lambda = (known after apply)
+ ecr_repository_url_form_archiver_lambda = (known after apply)
- ecr_repository_url_load_test = "" -> null
+ ecr_repository_url_load_testing_lambda = (known after apply)
+ ecr_repository_url_nagware_lambda = (known after apply)
+ ecr_repository_url_notify_slack_lambda = (known after apply)
+ ecr_repository_url_reliability_dlq_consumer_lambda = (known after apply)
+ ecr_repository_url_reliability_lambda = (known after apply)
+ ecr_repository_url_response_archiver_lambda = (known after apply)
+ ecr_repository_url_submission_lambda = (known after apply)
+ ecr_repository_url_vault_integrity_lambda = (known after apply)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"audit-logs-archiver-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"audit-logs-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"cognito-email-sender-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"cognito-pre-sign-up-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"form-archiver-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"load-testing-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"nagware-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"notify-slack-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"reliability-dlq-consumer-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"reliability-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"response-archiver-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"submission-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.lambda[\"vault-integrity-lambda\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.viewer_repository"]
33 tests, 19 passed, 14 warnings, 0 failures, 0 exceptions
|
Production: s3✅ Terraform Init: Plan: 0 to add, 0 to change, 5 to destroyShow summary
Show planResource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_s3_bucket.lambda_code will be destroyed
# (because aws_s3_bucket.lambda_code is not in configuration)
- resource "aws_s3_bucket" "lambda_code" {
- arn = "arn:aws:s3:::forms-production-lambda-code" -> null
- bucket = "forms-production-lambda-code" -> null
- bucket_domain_name = "forms-production-lambda-code.s3.amazonaws.com" -> null
- bucket_regional_domain_name = "forms-production-lambda-code.s3.ca-central-1.amazonaws.com" -> null
- force_destroy = true -> null
- hosted_zone_id = "Z1QDHH18159H29" -> null
- id = "forms-production-lambda-code" -> null
- object_lock_enabled = false -> null
- region = "ca-central-1" -> null
- request_payer = "BucketOwner" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- grant {
- id = "9a5058ac2253284c428c54c019d006666ef3eb73e380322b05c715157b6c384a" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = true -> null
- mfa_delete = false -> null
}
}
# aws_s3_bucket_ownership_controls.lambda_code will be destroyed
# (because aws_s3_bucket_ownership_controls.lambda_code is not in configuration)
- resource "aws_s3_bucket_ownership_controls" "lambda_code" {
- bucket = "forms-production-lambda-code" -> null
- id = "forms-production-lambda-code" -> null
- rule {
- object_ownership = "BucketOwnerEnforced" -> null
}
}
# aws_s3_bucket_public_access_block.lambda_code will be destroyed
# (because aws_s3_bucket_public_access_block.lambda_code is not in configuration)
- resource "aws_s3_bucket_public_access_block" "lambda_code" {
- block_public_acls = true -> null
- block_public_policy = true -> null
- bucket = "forms-production-lambda-code" -> null
- id = "forms-production-lambda-code" -> null
- ignore_public_acls = true -> null
- restrict_public_buckets = true -> null
}
# aws_s3_bucket_server_side_encryption_configuration.lambda_code will be destroyed
# (because aws_s3_bucket_server_side_encryption_configuration.lambda_code is not in configuration)
- resource "aws_s3_bucket_server_side_encryption_configuration" "lambda_code" {
- bucket = "forms-production-lambda-code" -> null
- id = "forms-production-lambda-code" -> null
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
# aws_s3_bucket_versioning.lambda_code will be destroyed
# (because aws_s3_bucket_versioning.lambda_code is not in configuration)
- resource "aws_s3_bucket_versioning" "lambda_code" {
- bucket = "forms-production-lambda-code" -> null
- id = "forms-production-lambda-code" -> null
- versioning_configuration {
- status = "Enabled" -> null
}
}
Plan: 0 to add, 0 to change, 5 to destroy.
Changes to Outputs:
- lambda_code_arn = "arn:aws:s3:::forms-production-lambda-code" -> null
- lambda_code_id = "forms-production-lambda-code" -> null
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.audit_logs_archive_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.reliability_file_storage"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.vault_file_storage"]
23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions
|
Production: cognito✅ Terraform Init: Plan: 4 to add, 1 to change, 6 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cognito_user_pool.forms will be updated in-place
~ resource "aws_cognito_user_pool" "forms" {
id = "ca-central-1_eSTGTCw33"
name = "forms_user_pool"
tags = {}
# (11 unchanged attributes hidden)
~ lambda_config {
~ pre_sign_up = "arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Pre_Sign_Up" -> (known after apply)
# (1 unchanged attribute hidden)
~ custom_email_sender {
~ lambda_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Email_Sender" -> (known after apply)
# (1 unchanged attribute hidden)
}
}
# (5 unchanged blocks hidden)
}
# aws_iam_policy.lambda_s3 will be destroyed
# (because aws_iam_policy.lambda_s3 is not in configuration)
- resource "aws_iam_policy" "lambda_s3" {
- arn = "arn:aws:iam::957818836222:policy/cognito_lambda_s3" -> null
- description = "IAM policy for storing files in S3" -> null
- id = "arn:aws:iam::957818836222:policy/cognito_lambda_s3" -> null
- name = "cognito_lambda_s3" -> null
- path = "/" -> null
- policy = jsonencode(
{
- Statement = [
- {
- Action = [
- "s3:PutObject",
- "s3:ListBucket",
- "s3:GetObject",
- "s3:DeleteObject",
]
- Effect = "Allow"
- Resource = [
- "arn:aws:s3:::forms-production-lambda-code/*",
- "arn:aws:s3:::forms-production-lambda-code",
]
},
]
- Version = "2012-10-17"
}
) -> null
- policy_id = "ANPA56ATTST7GETOCTMRQ" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
}
# aws_lambda_function.cognito_email_sender must be replaced
-/+ resource "aws_lambda_function" "cognito_email_sender" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Email_Sender" -> (known after apply)
~ function_name = "Cognito_Email_Sender" -> "cognito-email-sender" # forces replacement
- handler = "cognito_email_sender.handler" -> null
~ id = "Cognito_Email_Sender" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Email_Sender/invocations" -> (known after apply)
~ last_modified = "2024-01-25T15:02:50.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Email_Sender:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Email_Sender:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "cognito_email_sender_code" -> null
- s3_object_version = "aLrLBKxnFPKm62yxAOX6kAYx_4l.n1T3" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "JQU+xOvCFaZHW/kdM3TnHxkFnJXz/ytxiRXLMJzpxF0=" -> (known after apply)
~ source_code_size = 5346786 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.cognito_pre_sign_up must be replaced
-/+ resource "aws_lambda_function" "cognito_pre_sign_up" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Pre_Sign_Up" -> (known after apply)
- filename = "/tmp/pre_sign_up_main.zip" -> null
~ function_name = "Cognito_Pre_Sign_Up" -> "cognito-pre-sign-up" # forces replacement
- handler = "pre_sign_up.handler" -> null
~ id = "Cognito_Pre_Sign_Up" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Pre_Sign_Up/invocations" -> (known after apply)
~ last_modified = "2024-01-25T15:02:44.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Pre_Sign_Up:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Cognito_Pre_Sign_Up:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "QTDI90Q+x/QfDnbowk26CzT+EGf4lzBQCRoJniGB88s=" -> (known after apply)
~ source_code_size = 326 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (2 unchanged blocks hidden)
}
# aws_lambda_permission.allow_cognito_to_call_cognito_email_sender_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cognito_to_call_cognito_email_sender_lambda" {
~ function_name = "Cognito_Email_Sender" -> "cognito-email-sender" # forces replacement
~ id = "terraform-20230619152749482600000002" -> (known after apply)
~ statement_id = "terraform-20230619152749482600000002" -> (known after apply)
~ statement_id_prefix = "terraform-" -> (known after apply)
# (3 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cognito_to_call_cognito_pre_sign_up_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cognito_to_call_cognito_pre_sign_up_lambda" {
~ function_name = "Cognito_Pre_Sign_Up" -> "cognito-pre-sign-up" # forces replacement
~ id = "terraform-20230619152749480500000001" -> (known after apply)
~ statement_id = "terraform-20230619152749480500000001" -> (known after apply)
~ statement_id_prefix = "terraform-" -> (known after apply)
# (3 unchanged attributes hidden)
}
# aws_s3_object.cognito_email_sender_code will be destroyed
# (because aws_s3_object.cognito_email_sender_code is not in configuration)
- resource "aws_s3_object" "cognito_email_sender_code" {
- bucket = "forms-production-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "binary/octet-stream" -> null
- etag = "77b6abfcc32504965c9f28128c3bece9-2" -> null
- force_destroy = false -> null
- id = "cognito_email_sender_code" -> null
- key = "cognito_email_sender_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/cognito_email_sender.zip" -> null
- source_hash = "JQU+xOvCFaZHW/kdM3TnHxkFnJXz/ytxiRXLMJzpxF0=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- version_id = "aLrLBKxnFPKm62yxAOX6kAYx_4l.n1T3" -> null
}
Plan: 4 to add, 1 to change, 6 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.cognito_pre_sign_up"]
WARN - plan.json - main - Missing Common Tags: ["aws_cognito_user_pool.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito_userpool_import_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.cognito_userpool_import"]
WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.cognito_encryption"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_email_sender"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.cognito_pre_sign_up"]
31 tests, 19 passed, 12 warnings, 0 failures, 0 exceptions
|
Production: load_balancer✅ Terraform Init: Plan: 1 to add, 5 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# aws_lb_target_group.form_viewer_1 will be updated in-place
~ resource "aws_lb_target_group" "form_viewer_1" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:targetgroup/form-viewer/8dac72758c8ecdcc"
name = "form-viewer"
tags = {
"Name" = "form_viewer_1"
}
# (17 unchanged attributes hidden)
~ health_check {
~ path = "/form-builder/edit" -> "/en/form-builder"
# (8 unchanged attributes hidden)
}
# (3 unchanged blocks hidden)
}
# aws_lb_target_group.form_viewer_2 will be updated in-place
~ resource "aws_lb_target_group" "form_viewer_2" {
id = "arn:aws:elasticloadbalancing:ca-central-1:957818836222:targetgroup/form-viewer-2/a03ac97959b5fb63"
name = "form-viewer-2"
tags = {
"Name" = "form_viewer_2"
}
# (17 unchanged attributes hidden)
~ health_check {
~ path = "/form-builder/edit" -> "/en/form-builder"
# (8 unchanged attributes hidden)
}
# (3 unchanged blocks hidden)
}
# aws_wafv2_regex_pattern_set.cognito_login_paths will be updated in-place
~ resource "aws_wafv2_regex_pattern_set" "cognito_login_paths" {
id = "a810cde4-c807-4b63-9b86-33be80670eae"
name = "cognito_login_paths"
tags = {}
# (5 unchanged attributes hidden)
+ regular_expression {
+ regex_string = "^\\/(?:en|fr)?\\/auth\\/mfa$"
}
+ regular_expression {
+ regex_string = "^\\/(api\\/auth\\/csrf)$"
}
# (1 unchanged block hidden)
}
# aws_wafv2_regex_pattern_set.valid_app_uri_paths will be updated in-place
~ resource "aws_wafv2_regex_pattern_set" "valid_app_uri_paths" {
id = "f3927a12-2101-47c6-9a47-7353ac95ba92"
name = "valid_app_uri_paths"
tags = {}
# (5 unchanged attributes hidden)
- regular_expression {
- regex_string = "^\\/(?:en|fr)?\\/?(?:(admin|id|api|auth|#|profile|forms|unsupported-browser|terms-of-use|404)(?:\\/[\\w-]+)?)(?:\\/.*)?$" -> null
}
+ regular_expression {
+ regex_string = "^\\/(?:en|fr)?\\/?(?:(admin|id|api|auth|#|profile|forms|unsupported-browser|terms-of-use|contact|support|404)(?:\\/[\\w-]+)?)(?:\\/.*)?$"
}
# (4 unchanged blocks hidden)
}
# aws_wafv2_rule_group.rate_limiters_group will be created
+ resource "aws_wafv2_rule_group" "rate_limiters_group" {
+ arn = (known after apply)
+ capacity = 32
+ id = (known after apply)
+ lock_token = (known after apply)
+ name = "RateLimitersGroup"
+ name_prefix = (known after apply)
+ scope = "REGIONAL"
+ tags_all = {
+ "CostCentre" = "forms-platform-production"
+ "Terraform" = "true"
}
+ rule {
+ name = "BlanketRequestLimit"
+ priority = 1
+ action {
+ block {
}
}
+ statement {
+ rate_based_statement {
+ aggregate_key_type = "IP"
+ limit = 2000
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "BlanketRequestLimit"
+ sampled_requests_enabled = true
}
}
+ rule {
+ name = "PostRequestLimit"
+ priority = 2
+ action {
+ block {
}
}
+ statement {
+ rate_based_statement {
+ aggregate_key_type = "IP"
+ limit = 100
+ scope_down_statement {
+ byte_match_statement {
+ positional_constraint = "EXACTLY"
+ search_string = "post"
+ field_to_match {
+ method {}
}
+ text_transformation {
+ priority = 1
+ type = "LOWERCASE"
}
}
}
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "PostRequestRateLimit"
+ sampled_requests_enabled = true
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "RateLimitersGroup"
+ sampled_requests_enabled = false
}
}
# aws_wafv2_web_acl.forms_acl will be updated in-place
~ resource "aws_wafv2_web_acl" "forms_acl" {
id = "88f61111-f91e-442b-9a19-c57c4f43ef7a"
name = "GCForms"
tags = {}
# (6 unchanged attributes hidden)
- rule {
- name = "PostRequestLimit" -> null
- priority = 2 -> null
- action {
- block {
}
}
- statement {
- rate_based_statement {
- aggregate_key_type = "IP" -> null
- limit = 100 -> null
- scope_down_statement {
- byte_match_statement {
- positional_constraint = "EXACTLY" -> null
- search_string = "post" -> null
- field_to_match {
- method {}
}
- text_transformation {
- priority = 1 -> null
- type = "LOWERCASE" -> null
}
}
}
}
}
- visibility_config {
- cloudwatch_metrics_enabled = true -> null
- metric_name = "PostRequestRateLimit" -> null
- sampled_requests_enabled = true -> null
}
}
- rule {
- name = "AWSManagedRulesAmazonIpReputationList" -> null
- priority = 1 -> null
- override_action {
- none {}
}
- statement {
- managed_rule_group_statement {
- name = "AWSManagedRulesAmazonIpReputationList" -> null
- vendor_name = "AWS" -> null
}
}
- visibility_config {
- cloudwatch_metrics_enabled = true -> null
- metric_name = "AWSManagedRulesAmazonIpReputationList" -> null
- sampled_requests_enabled = true -> null
}
}
- rule {
- name = "AWSManagedRulesKnownBadInputsRuleSet" -> null
- priority = 6 -> null
- override_action {
- none {}
}
- statement {
- managed_rule_group_statement {
- name = "AWSManagedRulesKnownBadInputsRuleSet" -> null
- vendor_name = "AWS" -> null
}
}
- visibility_config {
- cloudwatch_metrics_enabled = true -> null
- metric_name = "AWSManagedRulesKnownBadInputsRuleSet" -> null
- sampled_requests_enabled = true -> null
}
}
- rule {
- name = "AWSManagedRulesLinuxRuleSet" -> null
- priority = 7 -> null
- override_action {
- none {}
}
- statement {
- managed_rule_group_statement {
- name = "AWSManagedRulesLinuxRuleSet" -> null
- vendor_name = "AWS" -> null
}
}
- visibility_config {
- cloudwatch_metrics_enabled = true -> null
- metric_name = "AWSManagedRulesLinuxRuleSet" -> null
- sampled_requests_enabled = true -> null
}
}
+ rule {
+ name = "AWSManagedRulesAmazonIpReputationList"
+ priority = 1
+ override_action {
+ none {}
}
+ statement {
+ managed_rule_group_statement {
+ name = "AWSManagedRulesAmazonIpReputationList"
+ vendor_name = "AWS"
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "AWSManagedRulesAmazonIpReputationList"
+ sampled_requests_enabled = true
}
}
+ rule {
+ name = "AWSManagedRulesKnownBadInputsRuleSet"
+ priority = 6
+ override_action {
+ none {}
}
+ statement {
+ managed_rule_group_statement {
+ name = "AWSManagedRulesKnownBadInputsRuleSet"
+ vendor_name = "AWS"
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "AWSManagedRulesKnownBadInputsRuleSet"
+ sampled_requests_enabled = true
}
}
+ rule {
+ name = "AWSManagedRulesLinuxRuleSet"
+ priority = 7
+ override_action {
+ none {}
}
+ statement {
+ managed_rule_group_statement {
+ name = "AWSManagedRulesLinuxRuleSet"
+ vendor_name = "AWS"
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "AWSManagedRulesLinuxRuleSet"
+ sampled_requests_enabled = true
}
}
+ rule {
+ name = "RateLimitersRuleGroup"
+ priority = 2
+ override_action {
+ none {}
}
+ statement {
+ rule_group_reference_statement {
+ arn = (known after apply)
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "rate_limiters_rule_group"
+ sampled_requests_enabled = false
}
}
# (6 unchanged blocks hidden)
}
Plan: 1 to add, 5 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer_maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudfront_distribution.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_kinesis_firehose_delivery_stream.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_http"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_https"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_1"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_2"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_css_files[\"style.css\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index-fr.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_ico_files[\"favicon.ico\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_svg_files[\"site-unavailable.svg\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.alb"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.route53_hosted_zone[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.cognito_login_paths"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.forms_base_url"]
WARN - plan.json - main - Missing Common Tags:... |
Production: app✅ Terraform Init: Plan: 1 to add, 0 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_ecs_task_definition.form_viewer must be replaced
-/+ resource "aws_ecs_task_definition" "form_viewer" {
~ arn = "arn:aws:ecs:ca-central-1:957818836222:task-definition/form-viewer:65" -> (known after apply)
~ arn_without_revision = "arn:aws:ecs:ca-central-1:957818836222:task-definition/form-viewer" -> (known after apply)
~ container_definitions = jsonencode(
~ [
~ {
- cpu = 0
- essential = true
~ linuxParameters = {
~ capabilities = {
- add = []
# (1 unchanged attribute hidden)
}
}
- mountPoints = []
name = "form_viewer"
~ portMappings = [
~ {
- hostPort = 3000
- protocol = "tcp"
# (1 unchanged attribute hidden)
},
]
- systemControls = []
- volumesFrom = []
# (4 unchanged attributes hidden)
},
] # forces replacement
)
~ id = "form-viewer" -> (known after apply)
~ revision = 65 -> (known after apply)
- tags = {} -> null
# (9 unchanged attributes hidden)
}
Plan: 1 to add, 0 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"]
34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions
|
Production: lambdas✅ Terraform Init: Plan: 14 to add, 10 to change, 26 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cloudwatch_event_target.audit_logs_archiver_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "audit_logs_archiver_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs_Archiver" -> (known after apply)
id = "audit-logs-archiver-lambda-trigger-terraform-20240227164709957300000001"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.form_archiver_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "form_archiver_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Archive_Form_Templates" -> (known after apply)
id = "form-archiver-lambda-trigger-terraform-20240213151144091000000003"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.nagware_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "nagware_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Nagware" -> (known after apply)
id = "nagware-lambda-trigger-terraform-20240213151155623500000004"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.reliability_dlq_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "reliability_dlq_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability_DLQ_Consumer" -> (known after apply)
id = "reliability-dlq-lambda-trigger-terraform-20240213151144080500000001"
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_event_target.response_archiver_lambda_trigger will be updated in-place
~ resource "aws_cloudwatch_event_target" "response_archiver_lambda_trigger" {
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Response_Archiver" -> (known after apply)
id = "response-archiver-lambda-trigger-terraform-20240213151144087800000002"
# (3 unchanged attributes hidden)
}
# aws_iam_policy.lambda_s3 will be updated in-place
~ resource "aws_iam_policy" "lambda_s3" {
id = "arn:aws:iam::957818836222:policy/lambda_s3"
name = "lambda_s3"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Resource = [
# (3 unchanged elements hidden)
"arn:aws:s3:::forms-production-reliability-file-storage",
- "arn:aws:s3:::forms-production-lambda-code/*",
- "arn:aws:s3:::forms-production-lambda-code",
"arn:aws:s3:::forms-production-audit-logs-archive-storage/*",
# (3 unchanged elements hidden)
]
# (2 unchanged attributes hidden)
},
]
# (1 unchanged attribute hidden)
}
)
tags = {}
# (5 unchanged attributes hidden)
}
# aws_lambda_code_signing_config.lambda_code_signing_config[0] will be destroyed
# (because aws_lambda_code_signing_config.lambda_code_signing_config is not in configuration)
- resource "aws_lambda_code_signing_config" "lambda_code_signing_config" {
- arn = "arn:aws:lambda:ca-central-1:957818836222:code-signing-config:csc-0ea61cbb9c887afee" -> null
- config_id = "csc-0ea61cbb9c887afee" -> null
- id = "arn:aws:lambda:ca-central-1:957818836222:code-signing-config:csc-0ea61cbb9c887afee" -> null
- last_modified = "2024-01-25T16:10:17.108835Z" -> null
- allowed_publishers {
- signing_profile_version_arns = [
- "arn:aws:signer:ca-central-1:957818836222:/signing-profiles/lambda_signing_profile_20240125160945309900000001/qlihrOkB2U",
] -> null
}
- policies {
- untrusted_artifact_on_deployment = "Enforce" -> null
}
}
# aws_lambda_event_source_mapping.audit_logs will be updated in-place
~ resource "aws_lambda_event_source_mapping" "audit_logs" {
~ function_name = "arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs" -> (known after apply)
id = "46934244-6fab-43a6-9280-8c8309c0d6b8"
# (17 unchanged attributes hidden)
}
# aws_lambda_event_source_mapping.reliability will be updated in-place
~ resource "aws_lambda_event_source_mapping" "reliability" {
~ function_name = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability" -> (known after apply)
id = "2f994c5c-aeea-4d98-a56a-cd857e06ac89"
# (17 unchanged attributes hidden)
}
# aws_lambda_event_source_mapping.reprocess_submission will be updated in-place
~ resource "aws_lambda_event_source_mapping" "reprocess_submission" {
~ function_name = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability" -> (known after apply)
id = "da835a8c-6843-42f8-8509-6955dab673f1"
# (17 unchanged attributes hidden)
}
# aws_lambda_event_source_mapping.vault_updated_item_stream will be updated in-place
~ resource "aws_lambda_event_source_mapping" "vault_updated_item_stream" {
~ function_name = "arn:aws:lambda:ca-central-1:957818836222:function:Vault_Data_Integrity_Check" -> (known after apply)
id = "8ea9dcb0-b362-47a1-8174-88f364ff034a"
# (19 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# aws_lambda_function.audit_logs must be replaced
-/+ resource "aws_lambda_function" "audit_logs" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs" -> (known after apply)
~ function_name = "Audit_Logs" -> "audit-logs" # forces replacement
- handler = "audit_logs.handler" -> null
~ id = "Audit_Logs" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs/invocations" -> (known after apply)
~ last_modified = "2024-03-19T14:40:47.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "audit_logs_code" -> null
- s3_object_version = "f_BzlZGp3EIHK9A_wAhInHPwzcXp2YLb" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "8XJrXQPGK78QNXqkYizyGlH5uM+xYA/x57QzSc/sbKw=" -> (known after apply)
~ source_code_size = 4114773 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.audit_logs_archiver must be replaced
-/+ resource "aws_lambda_function" "audit_logs_archiver" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs_Archiver" -> (known after apply)
~ function_name = "Audit_Logs_Archiver" -> "audit-logs-archiver" # forces replacement
- handler = "audit_logs_archiver.handler" -> null
~ id = "Audit_Logs_Archiver" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs_Archiver/invocations" -> (known after apply)
~ last_modified = "2024-02-27T16:47:10.032+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs_Archiver:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Audit_Logs_Archiver:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "audit_logs_archiver_code" -> null
- s3_object_version = "DhF3gQ_URRoNmSMI2xUH2ZMEKTiFYs8d" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "j21QkAUTlKxkmkad5xW89Zgl6fwIQ54MWvLhLAnhwdI=" -> (known after apply)
~ source_code_size = 4774980 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.form_archiver must be replaced
-/+ resource "aws_lambda_function" "form_archiver" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Archive_Form_Templates" -> (known after apply)
~ function_name = "Archive_Form_Templates" -> "form-archiver" # forces replacement
- handler = "form_archiver.handler" -> null
~ id = "Archive_Form_Templates" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Archive_Form_Templates/invocations" -> (known after apply)
~ last_modified = "2024-04-16T14:11:54.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Archive_Form_Templates:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Archive_Form_Templates:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "form_archiver_code" -> null
- s3_object_version = "OXu4Z6SwziptV7LIM00eSMf_PIkNEqik" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "tZom8NvYkLTCiFBHAx0p97qloJ1ZcMMumoKxxhc4SWc=" -> (known after apply)
~ source_code_size = 4485536 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.nagware must be replaced
-/+ resource "aws_lambda_function" "nagware" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Nagware" -> (known after apply)
~ function_name = "Nagware" -> "nagware" # forces replacement
- handler = "nagware.handler" -> null
~ id = "Nagware" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Nagware/invocations" -> (known after apply)
~ last_modified = "2024-04-16T14:11:49.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Nagware:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Nagware:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "nagware_code" -> null
- s3_object_version = "8IGUIN3KdmHILOgdapJHBBoyjC6WHrhZ" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "ewsERJHdgUqXPuAunXW9Djvue3VCJbRmdbJySbEUXMY=" -> (known after apply)
~ source_code_size = 10578943 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.reliability must be replaced
-/+ resource "aws_lambda_function" "reliability" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability" -> (known after apply)
~ function_name = "Reliability" -> "reliability" # forces replacement
- handler = "reliability.handler" -> null
~ id = "Reliability" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Reliability/invocations" -> (known after apply)
~ last_modified = "2024-04-23T14:47:55.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Reliability:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "reliability_code" -> null
- s3_object_version = "z3oy_T8ai487X.40NWODpN1ewcjAymmN" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "gyCSkTbBtROZbqEOQMsEWTd3X+JXF91xF4ufJrDBrys=" -> (known after apply)
~ source_code_size = 11933697 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.reliability_dlq_consumer must be replaced
-/+ resource "aws_lambda_function" "reliability_dlq_consumer" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability_DLQ_Consumer" -> (known after apply)
~ function_name = "Reliability_DLQ_Consumer" -> "reliability-dlq-consumer" # forces replacement
- handler = "dead_letter_queue_consumer.handler" -> null
~ id = "Reliability_DLQ_Consumer" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Reliability_DLQ_Consumer/invocations" -> (known after apply)
~ last_modified = "2024-02-13T15:11:44.105+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Reliability_DLQ_Consumer:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Reliability_DLQ_Consumer:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "reliability_dlq_consumer_code" -> null
- s3_object_version = "2eQTRAlARSviv5DKxSJvaPNpvg0ZmKwm" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "F7WbeUnrxxXYZkj7tkJyJcFV6inBl3QWsV9AzLcvfB4=" -> (known after apply)
~ source_code_size = 4641394 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.response_archiver must be replaced
-/+ resource "aws_lambda_function" "response_archiver" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Response_Archiver" -> (known after apply)
~ function_name = "Response_Archiver" -> "response-archiver" # forces replacement
- handler = "response_archiver.handler" -> null
~ id = "Response_Archiver" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Response_Archiver/invocations" -> (known after apply)
~ last_modified = "2024-02-13T15:11:44.124+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Response_Archiver:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Response_Archiver:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "response_archiver_code" -> null
- s3_object_version = "Qo0cmKhunoREYbSMy1NrRUGXqm20PLeB" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "iCOPYEkuyPrXdcFRLr6qL6swUo/kXiUZTdHb0tWWuOE=" -> (known after apply)
~ source_code_size = 5847434 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.submission must be replaced
-/+ resource "aws_lambda_function" "submission" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Submission" -> (known after apply)
- handler = "submission.handler" -> null
~ id = "Submission" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Submission/invocations" -> (known after apply)
~ last_modified = "2024-03-19T14:40:49.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Submission:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Submission:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "submission_code" -> null
- s3_object_version = "Ki9.vSqhDu3OCBabYVJPzhbPTfYOlE1T" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "DJVk2STondW1jm6Vj61kIHKK8sQw/oCC/75SlBdG3b8=" -> (known after apply)
~ source_code_size = 5435903 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (8 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_function.vault_integrity must be replaced
-/+ resource "aws_lambda_function" "vault_integrity" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:Vault_Data_Integrity_Check" -> (known after apply)
- code_signing_config_arn = "arn:aws:lambda:ca-central-1:957818836222:code-signing-config:csc-0ea61cbb9c887afee" -> null
~ function_name = "Vault_Data_Integrity_Check" -> "vault-integrity" # forces replacement
- handler = "vault_data_integrity_check.handler" -> null
~ id = "Vault_Data_Integrity_Check" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Vault_Data_Integrity_Check/invocations" -> (known after apply)
~ last_modified = "2024-04-30T18:40:25.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:Vault_Data_Integrity_Check:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:Vault_Data_Integrity_Check:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "signed/9379790a-421e-415a-9c93-647db5900668" -> null
~ signing_job_arn = "arn:aws:signer:ca-central-1:957818836222:/signing-jobs/9379790a-421e-415a-9c93-647db5900668" -> (known after apply)
~ signing_profile_version_arn = "arn:aws:signer:ca-central-1:957818836222:/signing-profiles/lambda_signing_profile_20240125160945309900000001/qlihrOkB2U" -> (known after apply)
~ source_code_hash = "9lDCUtEgnDGaN0b7aU2yhDlM0DDumsUYZhbUsYDuAF4=" -> (known after apply)
~ source_code_size = 8238441 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- environment {
- variables = {
- "LOCALSTACK" = "false"
} -> null
}
- ephemeral_storage {
- size = 512 -> null
}
# (2 unchanged blocks hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_archive_form_responses_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_archive_form_responses_lambda" {
~ function_name = "Response_Archiver" -> "response-archiver" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_dead_letter_queue_consumer_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_dead_letter_queue_consumer_lambda" {
~ function_name = "Reliability_DLQ_Consumer" -> "reliability-dlq-consumer" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_form_archiver_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_form_archiver_lambda" {
~ function_name = "Archive_Form_Templates" -> "form-archiver" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_nagware_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_nagware_lambda" {
~ function_name = "Nagware" -> "nagware" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.audit_logs_archiver must be replaced
-/+ resource "aws_lambda_permission" "audit_logs_archiver" {
~ function_name = "Audit_Logs_Archiver" -> "audit-logs-archiver" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_s3_object.audit_logs_archiver_code will be destroyed
# (because aws_s3_object.audit_logs_archiver_code is not in configuration)
- resource "aws_s3_object" "audit_logs_archiver_code" {
- bucket = "forms-production-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "application/octet-stream" -> null
- etag ...Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.audit_logs_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.form_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.nagware_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.reliability_dlq_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.response_archiver_lambda_trigger"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.archive_form_templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.audit_logs_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.dead_letter_queue_consumer"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.nagware"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.reliability"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.response_archiver"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.submission"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.vault_integrity"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_logging"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_secrets"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.lambda_sqs"]
WARN -... |
Production: alarms✅ Terraform Init: Plan: 32 to add, 1 to change, 33 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_cloudwatch_log_subscription_filter.forms_app_log_stream must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "forms_app_log_stream" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-3008753258" -> (known after apply)
name = "forms_app_log_stream"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.forms_unhandled_error_steam must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "forms_unhandled_error_steam" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-3008753258" -> (known after apply)
name = "forms_unhandled_error_stream"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_log"] will be destroyed
# (because key ["audit_log"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-821307863" -> null
- log_group_name = "/aws/lambda/Audit_Logs" -> null
- name = "error_detection_in_audit_log_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_logs"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Audit_Logs"
+ name = "error_detection_in_audit_logs_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["audit_logs_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2742612913" -> (known after apply)
name = "error_detection_in_audit_logs_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["dlq_consumer"] will be destroyed
# (because key ["dlq_consumer"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-125968559" -> null
- log_group_name = "/aws/lambda/Reliability_DLQ_Consumer" -> null
- name = "error_detection_in_dlq_consumer_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["form_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Archive_Form_Templates"
+ name = "error_detection_in_form_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["nagware"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2378547274" -> (known after apply)
name = "error_detection_in_nagware_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["reliability"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2677299195" -> (known after apply)
name = "error_detection_in_reliability_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["reliability_dlq_consumer"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Reliability_DLQ_Consumer"
+ name = "error_detection_in_reliability_dlq_consumer_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["response_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-1985583210" -> (known after apply)
name = "error_detection_in_response_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["submission"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2956744385" -> (known after apply)
name = "error_detection_in_submission_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["template_archiver"] will be destroyed
# (because key ["template_archiver"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-4036201582" -> null
- log_group_name = "/aws/lambda/Archive_Form_Templates" -> null
- name = "error_detection_in_template_archiver_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["vault_data_integrity_check"] will be destroyed
# (because key ["vault_data_integrity_check"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}" -> null
- id = "cwlsf-125604783" -> null
- log_group_name = "/aws/lambda/Vault_Data_Integrity_Check" -> null
- name = "error_detection_in_vault_data_integrity_check_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_error_detection["vault_integrity"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_error_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "{($.level = \"warn\") || ($.level = \"error\")}"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name = "error_detection_in_vault_integrity_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_log"] will be destroyed
# (because key ["audit_log"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-821307863" -> null
- log_group_name = "/aws/lambda/Audit_Logs" -> null
- name = "timeout_detection_in_audit_log_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_logs"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Audit_Logs"
+ name = "timeout_detection_in_audit_logs_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["audit_logs_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2742612913" -> (known after apply)
name = "timeout_detection_in_audit_logs_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["dlq_consumer"] will be destroyed
# (because key ["dlq_consumer"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-125968559" -> null
- log_group_name = "/aws/lambda/Reliability_DLQ_Consumer" -> null
- name = "timeout_detection_in_dlq_consumer_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["form_archiver"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Archive_Form_Templates"
+ name = "timeout_detection_in_form_archiver_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["nagware"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2378547274" -> (known after apply)
name = "timeout_detection_in_nagware_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["reliability"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2677299195" -> (known after apply)
name = "timeout_detection_in_reliability_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["reliability_dlq_consumer"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Reliability_DLQ_Consumer"
+ name = "timeout_detection_in_reliability_dlq_consumer_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["response_archiver"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-1985583210" -> (known after apply)
name = "timeout_detection_in_response_archiver_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["submission"] must be replaced
-/+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
~ destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
~ id = "cwlsf-2956744385" -> (known after apply)
name = "timeout_detection_in_submission_lambda_logs"
+ role_arn = (known after apply)
# (3 unchanged attributes hidden)
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["template_archiver"] will be destroyed
# (because key ["template_archiver"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-4036201582" -> null
- log_group_name = "/aws/lambda/Archive_Form_Templates" -> null
- name = "timeout_detection_in_template_archiver_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["vault_data_integrity_check"] will be destroyed
# (because key ["vault_data_integrity_check"] is not in for_each map)
- resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
- destination_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> null
- distribution = "ByLogStream" -> null
- filter_pattern = "Task timed out" -> null
- id = "cwlsf-125604783" -> null
- log_group_name = "/aws/lambda/Vault_Data_Integrity_Check" -> null
- name = "timeout_detection_in_vault_data_integrity_check_lambda_logs" -> null
}
# aws_cloudwatch_log_subscription_filter.lambda_timeout_detection["vault_integrity"] will be created
+ resource "aws_cloudwatch_log_subscription_filter" "lambda_timeout_detection" {
+ destination_arn = (known after apply)
+ distribution = "ByLogStream"
+ filter_pattern = "Task timed out"
+ id = (known after apply)
+ log_group_name = "/aws/lambda/Vault_Data_Integrity_Check"
+ name = "timeout_detection_in_vault_integrity_lambda_logs"
+ role_arn = (known after apply)
}
# aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "vault_data_integrity_check_lambda_iterator_age" {
~ dimensions = {
~ "FunctionName" = "Vault_Data_Integrity_Check" -> "vault-integrity"
~ "Resource" = "Vault_Data_Integrity_Check" -> "vault-integrity"
}
id = "Vault data integrity check lambda iterator age"
tags = {}
# (17 unchanged attributes hidden)
}
# aws_lambda_function.notify_slack must be replaced
-/+ resource "aws_lambda_function" "notify_slack" {
~ architectures = [
- "x86_64",
] -> (known after apply)
~ arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" -> (known after apply)
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
- handler = "notify_slack.handler" -> null
~ id = "NotifySlack" -> (known after apply)
+ image_uri = ":latest"
~ invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack/invocations" -> (known after apply)
~ last_modified = "2024-04-16T14:14:06.000+0000" -> (known after apply)
- layers = [] -> null
~ package_type = "Zip" -> "Image" # forces replacement
~ qualified_arn = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack:$LATEST" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack:$LATEST/invocations" -> (known after apply)
- runtime = "nodejs18.x" -> null
- s3_bucket = "forms-production-lambda-code" -> null
- s3_key = "notify_slack_code" -> null
- s3_object_version = "8oRf2BN4TYTL69XM0qOu2Dhp8BAz5aYR" -> null
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
~ source_code_hash = "kbHJgDNOQodqCMI271CAcgHrZGTvsoUmV5UoyA6F7k8=" -> (known after apply)
~ source_code_size = 26171 -> (known after apply)
- tags = {} -> null
~ version = "$LATEST" -> (known after apply)
# (7 unchanged attributes hidden)
- ephemeral_storage {
- size = 512 -> null
}
# (3 unchanged blocks hidden)
}
# aws_lambda_permission.allow_cloudwatch_to_run_lambda must be replaced
-/+ resource "aws_lambda_permission" "allow_cloudwatch_to_run_lambda" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromCloudWatch" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_critical must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_critical" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSCriticalAlert" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_ok must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_ok" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSOkAlert" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_ok_us_east must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_ok_us_east" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSOkAlertUSEast" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_warning must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_warning" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSWarningAlert" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_lambda_permission.notify_slack_warning_us_east must be replaced
-/+ resource "aws_lambda_permission" "notify_slack_warning_us_east" {
~ function_name = "NotifySlack" -> "notify-slack" # forces replacement
~ id = "AllowExecutionFromSNSWarningAlertUSEast" -> (known after apply)
+ statement_id_prefix = (known after apply)
# (4 unchanged attributes hidden)
}
# aws_s3_object.notify_slack_code will be destroyed
# (because aws_s3_object.notify_slack_code is not in configuration)
- resource "aws_s3_object" "notify_slack_code" {
- bucket = "forms-production-lambda-code" -> null
- bucket_key_enabled = false -> null
- content_type = "application/octet-stream" -> null
- etag = "212705c038f15626255809231f4906e7" -> null
- force_destroy = false -> null
- id = "notify_slack_code" -> null
- key = "notify_slack_code" -> null
- metadata = {} -> null
- server_side_encryption = "AES256" -> null
- source = "/tmp/notify_slack_code.zip" -> null
- source_hash = "kbHJgDNOQodqCMI271CAcgHrZGTvsoUmV5UoyA6F7k8=" -> null
- storage_class = "STANDARD" -> null
- tags = {} -> null
- tags_all = {
- "CostCentre" = "forms-platform-production"
- "Terraform" = "true"
} -> null
- version_id = "8oRf2BN4TYTL69XM0qOu2Dhp8BAz5aYR" -> null
}
# aws_sns_topic_subscription.topic_critical must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_critical" {
~ arn = "arn:aws:sns:ca-central-1:957818836222:alert-critical:94fb04b9-3391-4941-90d4-15b39abb25bd" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:ca-central-1:957818836222:alert-critical:94fb04b9-3391-4941-90d4-15b39abb25bd" -> (known after apply)
~ owner_id = "957818836222" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_ok must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_ok" {
~ arn = "arn:aws:sns:ca-central-1:957818836222:alert-ok:ee918b25-14ac-45de-af1a-7316725ab8fe" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:ca-central-1:957818836222:alert-ok:ee918b25-14ac-45de-af1a-7316725ab8fe" -> (known after apply)
~ owner_id = "957818836222" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_ok_us_east must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_ok_us_east" {
~ arn = "arn:aws:sns:us-east-1:957818836222:alert-ok:ca8689d1-31b5-4754-bab6-62b19e7ee40e" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:us-east-1:957818836222:alert-ok:ca8689d1-31b5-4754-bab6-62b19e7ee40e" -> (known after apply)
~ owner_id = "957818836222" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_warning must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_warning" {
~ arn = "arn:aws:sns:ca-central-1:957818836222:alert-warning:b6c7ad37-8662-4dee-9f83-a8802e87dc42" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:ca-central-1:957818836222:alert-warning:b6c7ad37-8662-4dee-9f83-a8802e87dc42" -> (known after apply)
~ owner_id = "957818836222" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
# aws_sns_topic_subscription.topic_warning_us_east must be replaced
-/+ resource "aws_sns_topic_subscription" "topic_warning_us_east" {
~ arn = "arn:aws:sns:us-east-1:957818836222:alert-warning:dcd0dd15-ba3d-4258-9744-b6307bd8ebc8" -> (known after apply)
~ confirmation_was_authenticated = true -> (known after apply)
~ endpoint = "arn:aws:lambda:ca-central-1:957818836222:function:NotifySlack" # forces replacement -> (known after apply) # forces replacement
+ filter_policy_scope = (known after apply)
~ id = "arn:aws:sns:us-east-1:957818836222:alert-warning:dcd0dd15-ba3d-4258-9744-b6307bd8ebc8" -> (known after apply)
~ owner_id = "957818836222" -> (known after apply)
~ pending_confirmation = false -> (known after apply)
# (5 unchanged attributes hidden)
}
Plan: 32 to add, 1 to change, 33 to destroy.
Warning: Argument is deprecated
with module.athena_bucket.aws_s3_bucket.this,
on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
8: resource "aws_s3_bucket" "this" {
Use the aws_s3_bucket_server_side_encryption_configuration resource instead
(and 3 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup1"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup2"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_cpu_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.forms_memory_utilization_high_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.reliability_dead_letter_queue_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.response_time_warn"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.route53_ddos[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.twoFa_verification_exceeded"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.vault_data_integrity_check_lambda_iterator_age"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_slack_lambda"]
WARN - plan.json -... |
craigzour
approved these changes
May 30, 2024
|
🤖 Release is at https://github.com/cds-snc/forms-terraform/releases/tag/v3.9.0 🌻 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 I have created a release beep boop
3.9.0 (2024-05-17)
Features
Bug Fixes
Miscellaneous Chores
Code Refactoring
This PR was generated with Release Please. See documentation.