Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Image Tag Updated & Canary Support Added for Tenants #102

Merged
merged 6 commits into from
May 30, 2024
Merged

Docker Image Tag Updated & Canary Support Added for Tenants #102

merged 6 commits into from
May 30, 2024

Conversation

HarshitSF
Copy link
Collaborator

The control plane and application plane microservice image tags are updated.
Added Cloudwatch synthetic canary creation during tenant onboarding.
Readme Updated

@HarshitSF HarshitSF added the saas ARC Saas label May 30, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 30, 2024
edited
Loading

Terraform plan output for codebuild-role in dev 


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

@HarshitSF HarshitSF requested a review from rayl15 May 30, 2024 08:33
@github-actions GitHub Actions
Copy link
Contributor

Terraform plan output for bootstrap in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # aws_dynamodb_table.tenant_details will be created
  + resource "aws_dynamodb_table" "tenant_details" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "TENANT_ID"
      + id               = (known after apply)
      + name             = "sf-arc-saas-dev-tenant-details"
      + read_capacity    = 5
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-tenant-details"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all         = {
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-tenant-details"
          + "Project"     = "sf-arc-saas"
        }
      + write_capacity   = 5

      + attribute {
          + name = "TENANT_ID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # aws_s3_bucket.artifact_bucket will be created
  + resource "aws_s3_bucket" "artifact_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
          + "type"        = "artifact"
        }
      + tags_all                    = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
          + "type"        = "artifact"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # aws_s3_bucket_public_access_block.public_access_block will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.bootstrap.data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.bootstrap.aws_dynamodb_table.terraform_state_lock will be created
  + resource "aws_dynamodb_table" "terraform_state_lock" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "LockID"
      + id               = (known after apply)
      + name             = "sf-arc-saas-dev-terraform-state-lock"
      + read_capacity    = 2
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "DynamoDBName" = "sf-arc-saas-dev-terraform-state-lock"
          + "Environment"  = "dev"
          + "Name"         = "sf-arc-saas-dev-terraform-state-lock"
          + "Project"      = "sf-arc-saas"
        }
      + tags_all         = {
          + "DynamoDBName" = "sf-arc-saas-dev-terraform-state-lock"
          + "Environment"  = "dev"
          + "Name"         = "sf-arc-saas-dev-terraform-state-lock"
          + "Project"      = "sf-arc-saas"
        }
      + write_capacity   = 2

      + attribute {
          + name = "LockID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # module.bootstrap.aws_s3_bucket.private will be created
  + resource "aws_s3_bucket" "private" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_acl.this will be created
  + resource "aws_s3_bucket_acl" "this" {
      + acl    = "private"
      + bucket = (known after apply)
      + id     = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_analytics_configuration.private_analytics_config[0] will be created
  + resource "aws_s3_bucket_analytics_configuration" "private_analytics_config" {
      + bucket = (sensitive value)
      + id     = (known after apply)
      + name   = "Analytics"

      + storage_class_analysis {
          + data_export {
              + output_schema_version = "V_1"

              + destination {
                  + s3_bucket_destination {
                      + bucket_arn = (known after apply)
                      + format     = "CSV"
                      + prefix     = "_AWSBucketAnalytics"
                    }
                }
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_lifecycle_configuration.this will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "rule-1"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 14
            }

          + expiration {
              + days                         = 0
              + expired_object_delete_marker = true
            }

          + noncurrent_version_expiration {
              + noncurrent_days = 365
            }

          + noncurrent_version_transition {
              + noncurrent_days           = 30
              + storage_class             = "STANDARD_IA"
                # (1 unchanged attribute hidden)
            }
        }
      + rule {
          + id     = "rule-2"
          + status = "Enabled"

          + expiration {
              + days                         = 14
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketInventory/"
            }
        }
      + rule {
          + id     = "rule-3"
          + status = "Enabled"

          + expiration {
              + days                         = 30
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketAnalytics/"
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_ownership_controls.this will be created
  + resource "aws_s3_bucket_ownership_controls" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + object_ownership = "BucketOwnerPreferred"
        }
    }

  # module.bootstrap.aws_s3_bucket_public_access_block.public_access_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.bootstrap.aws_s3_bucket_server_side_encryption_configuration.example will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + bucket_key_enabled = false

          + apply_server_side_encryption_by_default {
              + sse_algorithm     = "AES256"
                # (1 unchanged attribute hidden)
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = "Disabled"
          + status     = "Enabled"
        }
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/sf-arc-saas/dev/artifact-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Codepipeline Artifact Bucket"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/sf-arc-saas/dev/artifact-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/sf-arc-saas/dev/tenant-details-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Tenant Details DynamoDB Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/sf-arc-saas/dev/tenant-details-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/sf-arc-saas/dev/terraform-state-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Bucket Name"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/sf-arc-saas/dev/terraform-state-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/sf-arc-saas/dev/terraform-state-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Dynamodb Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/sf-arc-saas/dev/terraform-state-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "sf-arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bucket_suffix.random_password.password will be created
  + resource "random_password" "password" {
      + bcrypt_hash      = (sensitive value)
      + id               = (known after apply)
      + length           = 6
      + lower            = true
      + min_lower        = 0
      + min_numeric      = 0
      + min_special      = 0
      + min_upper        = 0
      + number           = true
      + numeric          = true
      + result           = (sensitive value)
      + special          = false
      + upper            = false
        # (1 unchanged attribute hidden)
    }

Plan: 18 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + state_bucket_arn      = (known after apply)
  + state_bucket_name     = (sensitive value)
  + state_lock_table_arn  = (known after apply)
  + state_lock_table_name = "sf-arc-saas-dev-terraform-state-lock"

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 30, 2024
edited
Loading

Terraform plan output for opensearch in dev 


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 30, 2024
edited
Loading

Terraform plan output for tenant-codebuilds in dev 


Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # aws_codecommit_repository.premium_repo has been deleted
  - resource "aws_codecommit_repository" "premium_repo" {
      - clone_url_http  = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/arc-saas-dev-premium-plan-repository" -> null
        id              = "arc-saas-dev-premium-plan-repository"
        tags            = {}
        # (8 unchanged attributes hidden)
    }

  # aws_codecommit_repository.standard_repo has been deleted
  - resource "aws_codecommit_repository" "standard_repo" {
      - clone_url_http  = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/arc-saas-dev-standard-plan-repository" -> null
        id              = "arc-saas-dev-standard-plan-repository"
        tags            = {}
        # (8 unchanged attributes hidden)
    }

  # module.premium_plan_codebuild_project[0].aws_codebuild_project.codebuild_project has been deleted
  - resource "aws_codebuild_project" "codebuild_project" {
      - arn                    = "arn:aws:codebuild:us-east-1:471112653618:project/arc-saas-dev-premium-codebuild-project" -> null
      - badge_enabled          = false -> null
      - build_timeout          = 120 -> null
      - concurrent_build_limit = 2 -> null
      - description            = "Premium plan codebuild project" -> null
      - encryption_key         = "arn:aws:kms:us-east-1:471112653618:alias/aws/s3" -> null
      - id                     = "arn:aws:codebuild:us-east-1:471112653618:project/arc-saas-dev-premium-codebuild-project" -> null
      - name                   = "arc-saas-dev-premium-codebuild-project" -> null
      - project_visibility     = "PRIVATE" -> null
      - queued_timeout         = 8 -> null
      - service_role           = "arn:aws:iam::471112653618:role/arc-saas-dev-tenant-codebuild-role" -> null
      - source_version         = "refs/heads/main" -> null
      - tags                   = {
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tags_all               = {
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
        # (3 unchanged attributes hidden)

      - artifacts {
          - encryption_disabled    = false -> null
            name                   = null
          - override_artifact_name = false -> null
          - type                   = "NO_ARTIFACTS" -> null
            # (6 unchanged attributes hidden)
        }

      - cache {
          - modes    = [] -> null
          - type     = "NO_CACHE" -> null
            # (1 unchanged attribute hidden)
        }

      - environment {
          - compute_type                = "BUILD_GENERAL1_SMALL" -> null
          - image                       = "aws/codebuild/standard:7.0" -> null
          - image_pull_credentials_type = "CODEBUILD" -> null
          - privileged_mode             = true -> null
          - type                        = "LINUX_CONTAINER" -> null
            # (1 unchanged attribute hidden)

          - environment_variable {
              - name  = "AWS_ACCOUNT_ID" -> null
              - type  = "PLAINTEXT" -> null
              - value = "471112653618" -> null
            }
          - environment_variable {
              - name  = "AWS_REGION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "us-east-1" -> null
            }
          - environment_variable {
              - name  = "NAMESPACE" -> null
              - type  = "PLAINTEXT" -> null
              - value = "arc-saas" -> null
            }
          - environment_variable {
              - name  = "ENVIRONMENT" -> null
              - type  = "PLAINTEXT" -> null
              - value = "dev" -> null
            }
          - environment_variable {
              - name  = "VPC_ID" -> null
              - type  = "PLAINTEXT" -> null
              - value = "vpc-0e4e71bc3ddf72c2f" -> null
            }
          - environment_variable {
              - name  = "VPC_CIDR_BLOCK" -> null
              - type  = "PLAINTEXT" -> null
              - value = "10.0.0.0/16" -> null
            }
          - environment_variable {
              - name  = "SUBNET_IDS" -> null
              - type  = "PLAINTEXT" -> null
              - value = "subnet-0f3f04207431110c7,subnet-0baba1b11deb04aeb" -> null
            }
          - environment_variable {
              - name  = "EKS_CLUSTER_NAME" -> null
              - type  = "PLAINTEXT" -> null
              - value = "arc-saas-dev-eks-cluster" -> null
            }
          - environment_variable {
              - name  = "CB_ROLE" -> null
              - type  = "PLAINTEXT" -> null
              - value = (sensitive value) -> null
            }
          - environment_variable {
              - name  = "KARPENTER_ROLE" -> null
              - type  = "PLAINTEXT" -> null
              - value = (sensitive value) -> null
            }
          - environment_variable {
              - name  = "DOMAIN_NAME" -> null
              - type  = "PLAINTEXT" -> null
              - value = "arc-saas.net" -> null
            }
          - environment_variable {
              - name  = "CONTROL_PLANE_HOST" -> null
              - type  = "PLAINTEXT" -> null
              - value = "https://arc-saas.net" -> null
            }
          - environment_variable {
              - name  = "USERNAME" -> null
              - type  = "PLAINTEXT" -> null
              - value = "test" -> null
            }
          - environment_variable {
              - name  = "ACCESS_TOKEN_EXPIRATION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "3600" -> null
            }
          - environment_variable {
              - name  = "REFRESH_TOKEN_EXPIRATION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "3600" -> null
            }
          - environment_variable {
              - name  = "AUTH_CODE_EXPIRATION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "3600" -> null
            }
          - environment_variable {
              - name  = "TENANT_CLIENT_ID" -> null
              - type  = "PARAMETER_STORE" -> null
              - value = "/arc-saas/dev/silo/tenant_client_id" -> null
            }
          - environment_variable {
              - name  = "TENANT_CLIENT_SECRET" -> null
              - type  = "PARAMETER_STORE" -> null
              - value = "/arc-saas/dev/silo/tenant_client_secret" -> null
            }
        }

      - logs_config {
          - cloudwatch_logs {
              - group_name  = "premium-codebuild-log-group" -> null
              - status      = "ENABLED" -> null
              - stream_name = "log-stream" -> null
            }
          - s3_logs {
              - encryption_disabled = false -> null
              - status              = "DISABLED" -> null
                # (2 unchanged attributes hidden)
            }
        }

      - source {
          - buildspec           = "buildspec.yaml" -> null
          - git_clone_depth     = 0 -> null
          - insecure_ssl        = false -> null
          - location            = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/arc-saas-dev-premium-plan-repository" -> null
          - report_build_status = false -> null
          - type                = "CODECOMMIT" -> null

          - git_submodules_config {
              - fetch_submodules = false -> null
            }
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0aaa978ade643c52a",
            ] -> null
          - subnets            = [
              - "subnet-0baba1b11deb04aeb",
              - "subnet-0f3f04207431110c7",
            ] -> null
          - vpc_id             = "vpc-0e4e71bc3ddf72c2f" -> null
        }
    }

  # module.standard_plan_codebuild_project[0].aws_codebuild_project.codebuild_project has been deleted
  - resource "aws_codebuild_project" "codebuild_project" {
      - arn                    = "arn:aws:codebuild:us-east-1:471112653618:project/arc-saas-dev-standard-codebuild-project" -> null
      - badge_enabled          = false -> null
      - build_timeout          = 120 -> null
      - concurrent_build_limit = 2 -> null
      - description            = "Standard plan codebuild project" -> null
      - encryption_key         = "arn:aws:kms:us-east-1:471112653618:alias/aws/s3" -> null
      - id                     = "arn:aws:codebuild:us-east-1:471112653618:project/arc-saas-dev-standard-codebuild-project" -> null
      - name                   = "arc-saas-dev-standard-codebuild-project" -> null
      - project_visibility     = "PRIVATE" -> null
      - queued_timeout         = 8 -> null
      - service_role           = "arn:aws:iam::471112653618:role/arc-saas-dev-tenant-codebuild-role" -> null
      - source_version         = "refs/heads/main" -> null
      - tags                   = {
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tags_all               = {
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
        # (3 unchanged attributes hidden)

      - artifacts {
          - encryption_disabled    = false -> null
            name                   = null
          - override_artifact_name = false -> null
          - type                   = "NO_ARTIFACTS" -> null
            # (6 unchanged attributes hidden)
        }

      - cache {
          - modes    = [] -> null
          - type     = "NO_CACHE" -> null
            # (1 unchanged attribute hidden)
        }

      - environment {
          - compute_type                = "BUILD_GENERAL1_SMALL" -> null
          - image                       = "aws/codebuild/standard:7.0" -> null
          - image_pull_credentials_type = "CODEBUILD" -> null
          - privileged_mode             = true -> null
          - type                        = "LINUX_CONTAINER" -> null
            # (1 unchanged attribute hidden)

          - environment_variable {
              - name  = "AWS_ACCOUNT_ID" -> null
              - type  = "PLAINTEXT" -> null
              - value = "471112653618" -> null
            }
          - environment_variable {
              - name  = "AWS_REGION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "us-east-1" -> null
            }
          - environment_variable {
              - name  = "NAMESPACE" -> null
              - type  = "PLAINTEXT" -> null
              - value = "arc-saas" -> null
            }
          - environment_variable {
              - name  = "ENVIRONMENT" -> null
              - type  = "PLAINTEXT" -> null
              - value = "dev" -> null
            }
          - environment_variable {
              - name  = "VPC_ID" -> null
              - type  = "PLAINTEXT" -> null
              - value = "vpc-0e4e71bc3ddf72c2f" -> null
            }
          - environment_variable {
              - name  = "VPC_CIDR_BLOCK" -> null
              - type  = "PLAINTEXT" -> null
              - value = "10.0.0.0/16" -> null
            }
          - environment_variable {
              - name  = "SUBNET_IDS" -> null
              - type  = "PLAINTEXT" -> null
              - value = "subnet-0f3f04207431110c7,subnet-0baba1b11deb04aeb" -> null
            }
          - environment_variable {
              - name  = "EKS_CLUSTER_NAME" -> null
              - type  = "PLAINTEXT" -> null
              - value = "arc-saas-dev-eks-cluster" -> null
            }
          - environment_variable {
              - name  = "CB_ROLE" -> null
              - type  = "PLAINTEXT" -> null
              - value = (sensitive value) -> null
            }
          - environment_variable {
              - name  = "KARPENTER_ROLE" -> null
              - type  = "PLAINTEXT" -> null
              - value = (sensitive value) -> null
            }
          - environment_variable {
              - name  = "DOMAIN_NAME" -> null
              - type  = "PLAINTEXT" -> null
              - value = "arc-saas.net" -> null
            }
          - environment_variable {
              - name  = "USERNAME" -> null
              - type  = "PLAINTEXT" -> null
              - value = "test" -> null
            }
          - environment_variable {
              - name  = "CONTROL_PLANE_HOST" -> null
              - type  = "PLAINTEXT" -> null
              - value = "https://arc-saas.net" -> null
            }
          - environment_variable {
              - name  = "ACCESS_TOKEN_EXPIRATION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "3600" -> null
            }
          - environment_variable {
              - name  = "REFRESH_TOKEN_EXPIRATION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "3600" -> null
            }
          - environment_variable {
              - name  = "AUTH_CODE_EXPIRATION" -> null
              - type  = "PLAINTEXT" -> null
              - value = "3600" -> null
            }
          - environment_variable {
              - name  = "TENANT_CLIENT_ID" -> null
              - type  = "PARAMETER_STORE" -> null
              - value = "/arc-saas/dev/pooled/tenant_client_id" -> null
            }
          - environment_variable {
              - name  = "TENANT_CLIENT_SECRET" -> null
              - type  = "PARAMETER_STORE" -> null
              - value = "/arc-saas/dev/pooled/tenant_client_secret" -> null
            }
        }

      - logs_config {
          - cloudwatch_logs {
              - group_name  = "standard-codebuild-log-group" -> null
              - status      = "ENABLED" -> null
              - stream_name = "log-stream" -> null
            }
          - s3_logs {
              - encryption_disabled = false -> null
              - status              = "DISABLED" -> null
                # (2 unchanged attributes hidden)
            }
        }

      - source {
          - buildspec           = "buildspec.yaml" -> null
          - git_clone_depth     = 0 -> null
          - insecure_ssl        = false -> null
          - location            = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/arc-saas-dev-standard-plan-repository" -> null
          - report_build_status = false -> null
          - type                = "CODECOMMIT" -> null

          - git_submodules_config {
              - fetch_submodules = false -> null
            }
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0aaa978ade643c52a",
            ] -> null
          - subnets            = [
              - "subnet-0baba1b11deb04aeb",
              - "subnet-0f3f04207431110c7",
            ] -> null
          - vpc_id             = "vpc-0e4e71bc3ddf72c2f" -> null
        }
    }

  # module.tenant_codebuild_iam_role.aws_iam_policy.default has changed
  ~ resource "aws_iam_policy" "default" {
      + attachment_count = 0
        id               = "arn:aws:iam::471112653618:policy/arc-saas-dev-tenant-codebuild-policy"
        name             = "arc-saas-dev-tenant-codebuild-policy"
        tags             = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (7 unchanged attributes hidden)
    }

  # module.tenant_codebuild_iam_role.aws_iam_role.default has been deleted
  - resource "aws_iam_role" "default" {
      - arn                   = "arn:aws:iam::471112653618:role/arc-saas-dev-tenant-codebuild-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "codebuild.amazonaws.com"
                        }
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2024-02-28T12:50:27Z" -> null
      - description           = "IAM role for tenant codebuild projects" -> null
      - force_detach_policies = false -> null
      - id                    = "arc-saas-dev-tenant-codebuild-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::471112653618:policy/arc-saas-dev-tenant-codebuild-policy",
          - "arn:aws:iam::471112653618:policy/service-role/CodeBuildBasePolicy-arc-saas-dev-premium-codebuild-project-us-east-1",
          - "arn:aws:iam::471112653618:policy/service-role/CodeBuildManagedSecretPolicy-arc-saas-dev-premium-codebuild-project-us-east-1",
          - "arn:aws:iam::471112653618:policy/service-role/CodeBuildVpcPolicy-arc-saas-dev-premium-codebuild-project-us-east-1",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "arc-saas-dev-tenant-codebuild-role" -> null
      - path                  = "/" -> null
      - tags                  = {
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tags_all              = {
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - unique_id             = "AROAW3MEATMZNPYD2KDZ3" -> null
        # (2 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_codecommit_repository.premium_repo will be created
  + resource "aws_codecommit_repository" "premium_repo" {
      + arn             = (known after apply)
      + clone_url_http  = (known after apply)
      + clone_url_ssh   = (known after apply)
      + default_branch  = "main"
      + description     = "arc-saas-dev-premium-repository."
      + id              = (known after apply)
      + kms_key_id      = (known after apply)
      + repository_id   = (known after apply)
      + repository_name = "arc-saas-dev-premium-plan-repository"
      + tags_all        = (known after apply)
    }

  # aws_codecommit_repository.standard_repo will be created
  + resource "aws_codecommit_repository" "standard_repo" {
      + arn             = (known after apply)
      + clone_url_http  = (known after apply)
      + clone_url_ssh   = (known after apply)
      + default_branch  = "main"
      + description     = "arc-saas-dev-standard-repository."
      + id              = (known after apply)
      + kms_key_id      = (known after apply)
      + repository_id   = (known after apply)
      + repository_name = "arc-saas-dev-standard-plan-repository"
      + tags_all        = (known after apply)
    }

  # aws_codecommit_repository.tenant_helm_repo will be created
  + resource "aws_codecommit_repository" "tenant_helm_repo" {
      + arn             = (known after apply)
      + clone_url_http  = (known after apply)
      + clone_url_ssh   = (known after apply)
      + default_branch  = "main"
      + description     = "arc-saas-dev-tenant-management-gitops-repository."
      + id              = (known after apply)
      + kms_key_id      = (known after apply)
      + repository_id   = (known after apply)
      + repository_name = "arc-saas-dev-tenant-management-gitops-repository"
      + tags_all        = (known after apply)
    }

  # module.premium_plan_codebuild_project[0].aws_codebuild_project.codebuild_project will be created
  + resource "aws_codebuild_project" "codebuild_project" {
      + arn                    = (known after apply)
      + badge_enabled          = false
      + badge_url              = (known after apply)
      + build_timeout          = 120
      + concurrent_build_limit = 2
      + description            = "Premium plan codebuild project"
      + encryption_key         = (known after apply)
      + id                     = (known after apply)
      + name                   = "arc-saas-dev-premium-codebuild-project"
      + project_visibility     = "PRIVATE"
      + public_project_alias   = (known after apply)
      + queued_timeout         = 8
      + service_role           = (known after apply)
      + source_version         = "refs/heads/main"
      + tags                   = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }

      + artifacts {
          + encryption_disabled    = false
          + override_artifact_name = false
          + type                   = "NO_ARTIFACTS"
            # (1 unchanged attribute hidden)
        }

      + cache {
          + modes    = []
          + type     = "NO_CACHE"
            # (1 unchanged attribute hidden)
        }

      + environment {
          + compute_type                = "BUILD_GENERAL1_SMALL"
          + image                       = "aws/codebuild/standard:7.0"
          + image_pull_credentials_type = "CODEBUILD"
          + privileged_mode             = true
          + type                        = "LINUX_CONTAINER"

          + environment_variable {
              + name  = "AWS_ACCOUNT_ID"
              + type  = "PLAINTEXT"
              + value = "471112653618"
            }
          + environment_variable {
              + name  = "AWS_REGION"
              + type  = "PLAINTEXT"
              + value = "us-east-1"
            }
          + environment_variable {
              + name  = "NAMESPACE"
              + type  = "PLAINTEXT"
              + value = "arc-saas"
            }
          + environment_variable {
              + name  = "ENVIRONMENT"
              + type  = "PLAINTEXT"
              + value = "dev"
            }
          + environment_variable {
              + name  = "VPC_ID"
              + type  = "PLAINTEXT"
              + value = "vpc-0b854ec095c8650cb"
            }
          + environment_variable {
              + name  = "VPC_CIDR_BLOCK"
              + type  = "PLAINTEXT"
              + value = "10.0.0.0/16"
            }
          + environment_variable {
              + name  = "SUBNET_IDS"
              + type  = "PLAINTEXT"
              + value = "subnet-074f002d3ab2604c6,subnet-0de9b0eb76627de31"
            }
          + environment_variable {
              + name  = "EKS_CLUSTER_NAME"
              + type  = "PLAINTEXT"
              + value = "arc-saas-dev-eks-cluster"
            }
          + environment_variable {
              + name  = "CB_ROLE"
              + type  = "PLAINTEXT"
              + value = (sensitive value)
            }
          + environment_variable {
              + name  = "KARPENTER_ROLE"
              + type  = "PLAINTEXT"
              + value = (sensitive value)
            }
          + environment_variable {
              + name  = "DOMAIN_NAME"
              + type  = "PLAINTEXT"
              + value = "arc-saas.net"
            }
          + environment_variable {
              + name  = "CONTROL_PLANE_HOST"
              + type  = "PLAINTEXT"
              + value = "https://arc-saas.net"
            }
          + environment_variable {
              + name  = "USERNAME"
              + type  = "PLAINTEXT"
              + value = "test"
            }
          + environment_variable {
              + name  = "ACCESS_TOKEN_EXPIRATION"
              + type  = "PLAINTEXT"
              + value = "3600"
            }
          + environment_variable {
              + name  = "REFRESH_TOKEN_EXPIRATION"
              + type  = "PLAINTEXT"
              + value = "3600"
            }
          + environment_variable {
              + name  = "AUTH_CODE_EXPIRATION"
              + type  = "PLAINTEXT"
              + value = "3600"
            }
          + environment_variable {
              + name  = "TENANT_CLIENT_ID"
              + type  = "PARAMETER_STORE"
              + value = "/arc-saas/dev/silo/tenant_client_id"
            }
          + environment_variable {
              + name  = "TENANT_CLIENT_SECRET"
              + type  = "PARAMETER_STORE"
              + value = "/arc-saas/dev/silo/tenant_client_secret"
            }
        }

      + logs_config {
          + cloudwatch_logs {
              + group_name  = "premium-codebuild-log-group"
              + status      = "ENABLED"
              + stream_name = "log-stream"
            }
          + s3_logs {
              + encryption_disabled = false
              + status              = "DISABLED"
                # (1 unchanged attribute hidden)
            }
        }

      + source {
          + buildspec           = "buildspec.yaml"
          + git_clone_depth     = 0
          + location            = (known after apply)
          + report_build_status = false
          + type                = "CODECOMMIT"

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
          + security_group_ids = [
              + "sg-094c70e2efc5299ec",
            ]
          + subnets            = [
              + "subnet-074f002d3ab2604c6",
              + "subnet-0de9b0eb76627de31",
            ]
          + vpc_id             = "vpc-0b854ec095c8650cb"
        }
    }

  # module.standard_plan_codebuild_project[0].aws_codebuild_project.codebuild_project will be created
  + resource "aws_codebuild_project" "codebuild_project" {
      + arn                    = (known after apply)
      + badge_enabled          = false
      + badge_url              = (known after apply)
      + build_timeout          = 120
      + concurrent_build_limit = 2
      + description            = "Standard plan codebuild project"
      + encryption_key         = (known after apply)
      + id                     = (known after apply)
      + name                   = "arc-saas-dev-standard-codebuild-project"
      + project_visibility     = "PRIVATE"
      + public_project_alias   = (known after apply)
      + queued_timeout         = 8
      + service_role           = (known after apply)
      + source_version         = "refs/heads/main"
      + tags                   = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }

      + artifacts {
          + encryption_disabled    = false
          + override_artifact_name = false
          + type                   = "NO_ARTIFACTS"
            # (1 unchanged attribute hidden)
        }

      + cache {
          + modes    = []
          + type     = "NO_CACHE"
            # (1 unchanged attribute hidden)
        }

      + environment {
          + compute_type                = "BUILD_GENERAL1_SMALL"
          + image                       = "aws/codebuild/standard:7.0"
          + image_pull_credentials_type = "CODEBUILD"
          + privileged_mode             = true
          + type                        = "LINUX_CONTAINER"

          + environment_variable {
              + name  = "AWS_ACCOUNT_ID"
              + type  = "PLAINTEXT"
              + value = "471112653618"
            }
          + environment_variable {
              + name  = "AWS_REGION"
              + type  = "PLAINTEXT"
              + value = "us-east-1"
            }
          + environment_variable {
              + name  = "NAMESPACE"
              + type  = "PLAINTEXT"
              + value = "arc-saas"
            }
          + environment_variable {
              + name  = "ENVIRONMENT"
              + type  = "PLAINTEXT"
              + value = "dev"
            }
          + environment_variable {
              + name  = "VPC_ID"
              + type  = "PLAINTEXT"
              + value = "vpc-0b854ec095c8650cb"
            }
          + environment_variable {
              + name  = "VPC_CIDR_BLOCK"
              + type  = "PLAINTEXT"
              + value = "10.0.0.0/16"
            }
          + environment_variable {
              + name  = "SUBNET_IDS"
              + type  = "PLAINTEXT"
              + value = "subnet-074f002d3ab2604c6,subnet-0de9b0eb76627de31"
            }
          + environment_variable {
              + name  = "EKS_CLUSTER_NAME"
              + type  = "PLAINTEXT"
              + value = "arc-saas-dev-eks-cluster"
            }
          + environment_variable {
              + name  = "CB_ROLE"
              + type  = "PLAINTEXT"
              + value = (sensitive value)
            }
          + environment_variable {
              + name  = "KARPENTER_ROLE"
              + type  = "PLAINTEXT"
              + value = (sensitive value)
            }
          + environment_variable {
              + name  = "DOMAIN_NAME"
              + type  = "PLAINTEXT"
              + value = "arc-saas.net"
            }
          + environment_variable {
              + name  = "USERNAME"
              + type  = "PLAINTEXT"
              + value = "test"
            }
          + environment_variable {
              + name  = "CONTROL_PLANE_HOST"
              + type  = "PLAINTEXT"
              + value = "https://arc-saas.net"
            }
          + environment_variable {
              + name  = "ACCESS_TOKEN_EXPIRATION"
              + type  = "PLAINTEXT"
              + value = "3600"
            }
          + environment_variable {
              + name  = "REFRESH_TOKEN_EXPIRATION"
              + type  = "PLAINTEXT"
              + value = "3600"
            }
          + environment_variable {
              + name  = "AUTH_CODE_EXPIRATION"
              + type  = "PLAINTEXT"
              + value = "3600"
            }
          + environment_variable {
              + name  = "TENANT_CLIENT_ID"
              + type  = "PARAMETER_STORE"
              + value = "/arc-saas/dev/pooled/tenant_client_id"
            }
          + environment_variable {
              + name  = "TENANT_CLIENT_SECRET"
              + type  = "PARAMETER_STORE"
              + value = "/arc-saas/dev/pooled/tenant_client_secret"
            }
        }

      + logs_config {
          + cloudwatch_logs {
              + group_name  = "standard-codebuild-log-group"
              + status      = "ENABLED"
              + stream_name = "log-stream"
            }
          + s3_logs {
              + encryption_disabled = false
              + status              = "DISABLED"
                # (1 unchanged attribute hidden)
            }
        }

      + source {
          + buildspec           = "buildspec.yaml"
          + git_clone_depth     = 0
          + location            = (known after apply)
          + report_build_status = false
          + type                = "CODECOMMIT"

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
          + security_group_ids = [
              + "sg-094c70e2efc5299ec",
            ]
          + subnets            = [
              + "subnet-074f002d3ab2604c6",
              + "subnet-0de9b0eb76627de31",
            ]
          + vpc_id             = "vpc-0b854ec095c8650cb"
        }
    }

  # module.tenant_codebuild_iam_role.aws_iam_role.default will be created
  + resource "aws_iam_role" "default" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "codebuild.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + description           = "IAM role for tenant codebuild projects"
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "arc-saas-dev-tenant-codebuild-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all              = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + unique_id             = (known after apply)
        # (1 unchanged attribute hidden)
    }

  # module.tenant_codebuild_iam_role.aws_iam_role_policy_attachment.default will be created
  + resource "aws_iam_role_policy_attachment" "default" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::471112653618:policy/arc-saas-dev-tenant-codebuild-policy"
      + role       = "arc-saas-dev-tenant-codebuild-role"
    }

Plan: 7 to add, 0 to change, 0 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 30, 2024
edited
Loading

Terraform plan output for cognito-user-pool in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.aws_cognito_user_pool.aws_cognito_user_pool_client.client[0] will be updated in-place
  ~ resource "aws_cognito_user_pool_client" "client" {
      ~ callback_urls                                 = [
          - "http://localhost:3000/auth/cognito-auth-redirect",
            # (1 unchanged element hidden)
        ]
        id                                            = "35c7u6fqqun2qcadav06o3fv3a"
      ~ logout_urls                                   = [
          - "http://localhost:4200/auth/login",
            # (1 unchanged element hidden)
        ]
        name                                          = "arc-saas"
        # (18 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 30, 2024
edited
Loading

Terraform plan output for waf in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.waf.aws_wafv2_web_acl.default[0] will be created
  + resource "aws_wafv2_web_acl" "default" {
      + application_integration_url = (known after apply)
      + arn                         = (known after apply)
      + capacity                    = (known after apply)
      + description                 = "Managed by Terraform"
      + id                          = (known after apply)
      + lock_token                  = (known after apply)
      + name                        = "arc-saas-dev-waf"
      + scope                       = "REGIONAL"
      + tags                        = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-waf"
          + "Project"     = "arc-saas"
        }
      + tags_all                    = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-waf"
          + "Project"     = "arc-saas"
        }

      + default_action {
          + allow {
            }
        }

      + rule {
          + name     = "rule-11"
          + priority = 60

          + action {
              + allow {
                }
            }

          + statement {
              + geo_match_statement {
                  + country_codes = [
                      + "US",
                      + "IN",
                    ]
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-11-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "rule-70"
          + priority = 70

          + action {
              + block {
                }
            }

          + statement {
              + sqli_match_statement {
                  + field_to_match {
                      + query_string {}
                    }
                  + text_transformation {
                      + priority = 1
                      + type     = "URL_DECODE"
                    }
                  + text_transformation {
                      + priority = 2
                      + type     = "HTML_ENTITY_DECODE"
                    }
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-70-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "rule-95"
          + priority = 95

          + action {
              + block {
                }
            }

          + statement {
              + not_statement {
                  + statement {
                      + geo_match_statement {
                          + country_codes = [
                              + "DE",
                            ]
                        }
                    }
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-95-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "rule-80"
          + priority = 80

          + action {
              + count {
                }
            }

          + statement {
              + geo_match_statement {
                  + country_codes = [
                      + "US",
                      + "GB",
                      + "IN",
                    ]
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "rule-80-metric"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "rule-90"
          + priority = 90

          + action {
              + count {
                }
            }

          + statement {
              + not_statement {
                  + statement {
                      + geo_match_statement {
                          + country_codes = [
                              + "US",
                              + "IN",
                            ]
                        }
                    }
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-90-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesAdminProtectionRuleSet"
          + priority = 1

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesAdminProtectionRuleSet"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesAdminProtectionRuleSet"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesAmazonIpReputationList"
          + priority = 2

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesAmazonIpReputationList"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesAmazonIpReputationList"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesCommonRuleSet"
          + priority = 3

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesCommonRuleSet"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesCommonRuleSet"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
          + priority = 4

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesKnownBadInputsRuleSet"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
              + sampled_requests_enabled   = true
            }
        }

      + visibility_config {
          + cloudwatch_metrics_enabled = true
          + metric_name                = "rules-example-metric"
          + sampled_requests_enabled   = true
        }
    }

  # module.waf.aws_wafv2_web_acl_association.default[0] will be created
  + resource "aws_wafv2_web_acl_association" "default" {
      + id           = (known after apply)
      + resource_arn = "arn:aws:elasticloadbalancing:us-east-1:471112653618:loadbalancer/app/alb-external-ingress/26c772b0070af6a0"
      + web_acl_arn  = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 30, 2024
edited
Loading

Terraform plan output for db in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_security_groups.aurora will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_security_groups" "aurora" {
      + arns    = (known after apply)
      + id      = (known after apply)
      + ids     = (known after apply)
      + tags    = (known after apply)
      + vpc_ids = (known after apply)

      + filter {
          + name   = "tag:Name"
          + values = [
              + "arc-saas-dev-aurora",
            ]
        }
      + filter {
          + name   = "vpc-id"
          + values = [
              + "vpc-0b854ec095c8650cb",
            ]
        }
    }

  # module.aurora.module.aurora_cluster[0].aws_rds_cluster_instance.default[0] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "default" {
        id                                    = "arc-saas-dev-aurora-1"
      ~ performance_insights_kms_key_id       = "arn:aws:kms:us-east-1:471112653618:key/4645d077-17e9-4ee8-ab35-ad3d80eb1f43" -> "arn:aws:kms:us-east-1:471112653618:alias/aws/rds"
        tags                                  = {
            "Environment" = "dev"
            "Name"        = "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
        # (30 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Changes to Outputs:
  ~ aurora_security_group  = [
      - [],
      + (known after apply),
    ]

@github-actions GitHub Actions
Copy link
Contributor

Terraform plan output for client-vpn in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_ssm_parameter.ca_key will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ssm_parameter" "ca_key" {
      + arn     = (known after apply)
      + id      = (known after apply)
      + name    = "/sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca.key"
      + type    = (known after apply)
      + value   = (sensitive value)
      + version = (known after apply)
    }

  # module.self_signed_cert_ca.aws_ssm_parameter.certificate[0] will be created
  + resource "aws_ssm_parameter" "certificate" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca.pem"
      + tags           = {
          + "Attributes" = "self-signed-cert-ca"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tags_all       = {
          + "Attributes" = "self-signed-cert-ca"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.self_signed_cert_ca.aws_ssm_parameter.private_key[0] will be created
  + resource "aws_ssm_parameter" "private_key" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca.key"
      + tags           = {
          + "Attributes" = "self-signed-cert-ca"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tags_all       = {
          + "Attributes" = "self-signed-cert-ca"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-ca"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.self_signed_cert_ca.tls_private_key.default[0] will be created
  + resource "tls_private_key" "default" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }

  # module.self_signed_cert_ca.tls_self_signed_cert.default[0] will be created
  + resource "tls_self_signed_cert" "default" {
      + allowed_uses          = [
          + "crl_signing",
          + "cert_signing",
        ]
      + cert_pem              = (known after apply)
      + early_renewal_hours   = 0
      + id                    = (known after apply)
      + is_ca_certificate     = true
      + key_algorithm         = (known after apply)
      + private_key_pem       = (sensitive value)
      + ready_for_renewal     = false
      + set_authority_key_id  = false
      + set_subject_key_id    = false
      + validity_end_time     = (known after apply)
      + validity_period_hours = 87600
      + validity_start_time   = (known after apply)

      + subject {
          + common_name  = "*.arc-saas.net"
          + organization = "sf-arc-saas"
        }
    }

  # module.self_signed_cert_root.aws_acm_certificate.default[0] will be created
  + resource "aws_acm_certificate" "default" {
      + arn                       = (known after apply)
      + certificate_body          = (known after apply)
      + certificate_chain         = (known after apply)
      + domain_name               = (known after apply)
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + private_key               = (sensitive value)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = (known after apply)
      + tags_all                  = (known after apply)
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = (known after apply)
    }

  # module.self_signed_cert_root.aws_ssm_parameter.certificate[0] will be created
  + resource "aws_ssm_parameter" "certificate" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-root.pem"
      + tags           = {
          + "Attributes" = "self-signed-cert-root"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-root"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tags_all       = {
          + "Attributes" = "self-signed-cert-root"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-root"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.self_signed_cert_root.aws_ssm_parameter.private_key[0] will be created
  + resource "aws_ssm_parameter" "private_key" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-root.key"
      + tags           = {
          + "Attributes" = "self-signed-cert-root"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-root"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tags_all       = {
          + "Attributes" = "self-signed-cert-root"
          + "Name"       = "sf-arc-saas-dev-arc-saas-vpn-self-signed-cert-root"
          + "Namespace"  = "sf-arc-saas"
          + "Stage"      = "dev"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.self_signed_cert_root.tls_cert_request.default[0] will be created
  + resource "tls_cert_request" "default" {
      + cert_request_pem = (known after apply)
      + id               = (known after apply)
      + key_algorithm    = (known after apply)
      + private_key_pem  = (sensitive value)

      + subject {
          + common_name  = "*.arc-saas.net"
          + organization = "sf-arc-saas"
        }
    }

  # module.self_signed_cert_root.tls_locally_signed_cert.default[0] will be created
  + resource "tls_locally_signed_cert" "default" {
      + allowed_uses          = [
          + "key_encipherment",
          + "digital_signature",
          + "client_auth",
        ]
      + ca_cert_pem           = (known after apply)
      + ca_key_algorithm      = (known after apply)
      + ca_private_key_pem    = (sensitive value)
      + cert_pem              = (known after apply)
      + cert_request_pem      = (known after apply)
      + early_renewal_hours   = 0
      + id                    = (known after apply)
      + is_ca_certificate     = false
      + ready_for_renewal     = false
      + set_subject_key_id    = false
      + validity_end_time     = (known after apply)
      + validity_period_hours = 87600
      + validity_start_time   = (known after apply)
    }

  # module.self_signed_cert_root.tls_private_key.default[0] will be created
  + resource "tls_private_key" "default" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }

Plan: 10 to add, 0 to change, 0 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Terraform plan output for elasticache in dev 


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

@github-actions GitHub Actions
Copy link
Contributor

Terraform plan output for network in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # module.network.module.private_subnets.aws_network_acl.private[0] will be updated in-place
  ~ resource "aws_network_acl" "private" {
        id         = "acl-01706c75db5746961"
      ~ subnet_ids = [
          - "subnet-078651de642ea6e72",
          - "subnet-0f8e823d7d502a668",
        ] -> (known after apply)
        tags       = {
            "Attributes"  = "private"
            "Environment" = "dev"
            "Name"        = "sf-arc-saas-dev-private-subnet"
            "Project"     = "sf-arc-saas"
        }
        # (6 unchanged attributes hidden)
    }

  # module.network.module.private_subnets.aws_route.default["us-east-1a"] will be created
  + resource "aws_route" "default" {
      + destination_cidr_block = "0.0.0.0/0"
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + nat_gateway_id         = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)
    }

  # module.network.module.private_subnets.aws_route.default["us-east-1b"] will be created
  + resource "aws_route" "default" {
      + destination_cidr_block = "0.0.0.0/0"
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + nat_gateway_id         = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)
    }

  # module.network.module.private_subnets.aws_route.default["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_route" "default" {
      - destination_cidr_block = "0.0.0.0/0" -> null
      - id                     = "r-rtb-0d4adec74b6161dc41080289494" -> null
      - nat_gateway_id         = "nat-041140c0064d8e6a3" -> null
      - origin                 = "CreateRoute" -> null
      - route_table_id         = "rtb-0d4adec74b6161dc4" -> null
      - state                  = "active" -> null
    }

  # module.network.module.private_subnets.aws_route.default["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_route" "default" {
      - destination_cidr_block = "0.0.0.0/0" -> null
      - id                     = "r-rtb-06840aece7ed3ec7e1080289494" -> null
      - nat_gateway_id         = "nat-085d4b1a056507c1c" -> null
      - origin                 = "CreateRoute" -> null
      - route_table_id         = "rtb-06840aece7ed3ec7e" -> null
      - state                  = "active" -> null
    }

  # module.network.module.private_subnets.aws_route_table.private["us-east-1a"] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + tags_all         = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + vpc_id           = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.private_subnets.aws_route_table.private["us-east-1b"] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + tags_all         = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + vpc_id           = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.private_subnets.aws_route_table.private["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_route_table" "private" {
      - arn              = "arn:aws:ec2:us-west-2:471112653618:route-table/rtb-0d4adec74b6161dc4" -> null
      - id               = "rtb-0d4adec74b6161dc4" -> null
      - owner_id         = "471112653618" -> null
      - propagating_vgws = [] -> null
      - route            = [
          - {
              - carrier_gateway_id         = ""
              - cidr_block                 = "0.0.0.0/0"
              - core_network_arn           = ""
              - destination_prefix_list_id = ""
              - egress_only_gateway_id     = ""
              - gateway_id                 = ""
              - ipv6_cidr_block            = ""
              - local_gateway_id           = ""
              - nat_gateway_id             = "nat-041140c0064d8e6a3"
              - network_interface_id       = ""
              - transit_gateway_id         = ""
              - vpc_endpoint_id            = ""
              - vpc_peering_connection_id  = ""
            },
        ] -> null
      - tags             = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - tags_all         = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - vpc_id           = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.private_subnets.aws_route_table.private["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_route_table" "private" {
      - arn              = "arn:aws:ec2:us-west-2:471112653618:route-table/rtb-06840aece7ed3ec7e" -> null
      - id               = "rtb-06840aece7ed3ec7e" -> null
      - owner_id         = "471112653618" -> null
      - propagating_vgws = [] -> null
      - route            = [
          - {
              - carrier_gateway_id         = ""
              - cidr_block                 = "0.0.0.0/0"
              - core_network_arn           = ""
              - destination_prefix_list_id = ""
              - egress_only_gateway_id     = ""
              - gateway_id                 = ""
              - ipv6_cidr_block            = ""
              - local_gateway_id           = ""
              - nat_gateway_id             = "nat-085d4b1a056507c1c"
              - network_interface_id       = ""
              - transit_gateway_id         = ""
              - vpc_endpoint_id            = ""
              - vpc_peering_connection_id  = ""
            },
        ] -> null
      - tags             = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - tags_all         = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - vpc_id           = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.private_subnets.aws_route_table_association.private["us-east-1a"] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.network.module.private_subnets.aws_route_table_association.private["us-east-1b"] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.network.module.private_subnets.aws_route_table_association.private["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_route_table_association" "private" {
      - id             = "rtbassoc-0a508b32e06deecd6" -> null
      - route_table_id = "rtb-0d4adec74b6161dc4" -> null
      - subnet_id      = "subnet-0f8e823d7d502a668" -> null
    }

  # module.network.module.private_subnets.aws_route_table_association.private["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_route_table_association" "private" {
      - id             = "rtbassoc-0586382ce72669695" -> null
      - route_table_id = "rtb-06840aece7ed3ec7e" -> null
      - subnet_id      = "subnet-078651de642ea6e72" -> null
    }

  # module.network.module.private_subnets.aws_subnet.private["us-east-1a"] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.128.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + tags_all                                       = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + vpc_id                                         = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.private_subnets.aws_subnet.private["us-east-1b"] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.144.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + tags_all                                       = {
          + "Attributes"  = "private"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-private-subnet-private-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "private"
        }
      + vpc_id                                         = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.private_subnets.aws_subnet.private["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_subnet" "private" {
      - arn                                            = "arn:aws:ec2:us-west-2:471112653618:subnet/subnet-0f8e823d7d502a668" -> null
      - assign_ipv6_address_on_creation                = false -> null
      - availability_zone                              = "us-west-2a" -> null
      - availability_zone_id                           = "usw2-az2" -> null
      - cidr_block                                     = "10.0.128.0/20" -> null
      - enable_dns64                                   = false -> null
      - enable_lni_at_device_index                     = 0 -> null
      - enable_resource_name_dns_a_record_on_launch    = false -> null
      - enable_resource_name_dns_aaaa_record_on_launch = false -> null
      - id                                             = "subnet-0f8e823d7d502a668" -> null
      - ipv6_native                                    = false -> null
      - map_customer_owned_ip_on_launch                = false -> null
      - map_public_ip_on_launch                        = false -> null
      - owner_id                                       = "471112653618" -> null
      - private_dns_hostname_type_on_launch            = "ip-name" -> null
      - tags                                           = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - tags_all                                       = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - vpc_id                                         = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.private_subnets.aws_subnet.private["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_subnet" "private" {
      - arn                                            = "arn:aws:ec2:us-west-2:471112653618:subnet/subnet-078651de642ea6e72" -> null
      - assign_ipv6_address_on_creation                = false -> null
      - availability_zone                              = "us-west-2b" -> null
      - availability_zone_id                           = "usw2-az1" -> null
      - cidr_block                                     = "10.0.144.0/20" -> null
      - enable_dns64                                   = false -> null
      - enable_lni_at_device_index                     = 0 -> null
      - enable_resource_name_dns_a_record_on_launch    = false -> null
      - enable_resource_name_dns_aaaa_record_on_launch = false -> null
      - id                                             = "subnet-078651de642ea6e72" -> null
      - ipv6_native                                    = false -> null
      - map_customer_owned_ip_on_launch                = false -> null
      - map_public_ip_on_launch                        = false -> null
      - owner_id                                       = "471112653618" -> null
      - private_dns_hostname_type_on_launch            = "ip-name" -> null
      - tags                                           = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - tags_all                                       = {
          - "Attributes"  = "private"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-private-subnet-private-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "private"
        } -> null
      - vpc_id                                         = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.public_subnets.aws_eip.public["us-east-1a"] will be created
  + resource "aws_eip" "public" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all             = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet"
          + "Project"     = "sf-arc-saas"
        }
      + vpc                  = true
    }

  # module.network.module.public_subnets.aws_eip.public["us-east-1b"] will be created
  + resource "aws_eip" "public" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet"
          + "Project"     = "sf-arc-saas"
        }
      + tags_all             = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet"
          + "Project"     = "sf-arc-saas"
        }
      + vpc                  = true
    }

  # module.network.module.public_subnets.aws_eip.public["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_eip" "public" {
      - allocation_id        = "eipalloc-012f824a749a0957c" -> null
      - arn                  = "arn:aws:ec2:us-west-2:471112653618:elastic-ip/eipalloc-012f824a749a0957c" -> null
      - association_id       = "eipassoc-041ceac8b9156654c" -> null
      - domain               = "vpc" -> null
      - id                   = "eipalloc-012f824a749a0957c" -> null
      - network_border_group = "us-west-2" -> null
      - network_interface    = "eni-050639581c672f8cb" -> null
      - private_dns          = "ip-10-0-10-62.us-west-2.compute.internal" -> null
      - private_ip           = "10.0.10.62" -> null
      - public_dns           = "ec2-54-148-233-90.us-west-2.compute.amazonaws.com" -> null
      - public_ip            = "54.148.233.90" -> null
      - public_ipv4_pool     = "amazon" -> null
      - tags                 = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet"
          - "Project"     = "sf-arc-saas"
        } -> null
      - tags_all             = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet"
          - "Project"     = "sf-arc-saas"
        } -> null
      - vpc                  = true -> null
    }

  # module.network.module.public_subnets.aws_eip.public["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_eip" "public" {
      - allocation_id        = "eipalloc-086788637a4a4747b" -> null
      - arn                  = "arn:aws:ec2:us-west-2:471112653618:elastic-ip/eipalloc-086788637a4a4747b" -> null
      - association_id       = "eipassoc-09f68998876f4a89d" -> null
      - domain               = "vpc" -> null
      - id                   = "eipalloc-086788637a4a4747b" -> null
      - network_border_group = "us-west-2" -> null
      - network_interface    = "eni-000875ca904dab7c5" -> null
      - private_dns          = "ip-10-0-26-121.us-west-2.compute.internal" -> null
      - private_ip           = "10.0.26.121" -> null
      - public_dns           = "ec2-52-11-150-117.us-west-2.compute.amazonaws.com" -> null
      - public_ip            = "52.11.150.117" -> null
      - public_ipv4_pool     = "amazon" -> null
      - tags                 = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet"
          - "Project"     = "sf-arc-saas"
        } -> null
      - tags_all             = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet"
          - "Project"     = "sf-arc-saas"
        } -> null
      - vpc                  = true -> null
    }

  # module.network.module.public_subnets.aws_nat_gateway.public["us-east-1a"] will be created
  + resource "aws_nat_gateway" "public" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + tags_all                           = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
    }

  # module.network.module.public_subnets.aws_nat_gateway.public["us-east-1b"] will be created
  + resource "aws_nat_gateway" "public" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + tags_all                           = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
    }

  # module.network.module.public_subnets.aws_nat_gateway.public["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_nat_gateway" "public" {
      - allocation_id                      = "eipalloc-012f824a749a0957c" -> null
      - association_id                     = "eipassoc-041ceac8b9156654c" -> null
      - connectivity_type                  = "public" -> null
      - id                                 = "nat-041140c0064d8e6a3" -> null
      - network_interface_id               = "eni-050639581c672f8cb" -> null
      - private_ip                         = "10.0.10.62" -> null
      - public_ip                          = "54.148.233.90" -> null
      - secondary_allocation_ids           = [] -> null
      - secondary_private_ip_address_count = 0 -> null
      - secondary_private_ip_addresses     = [] -> null
      - subnet_id                          = "subnet-08f7c800b6bb54c9a" -> null
      - tags                               = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - tags_all                           = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
    }

  # module.network.module.public_subnets.aws_nat_gateway.public["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_nat_gateway" "public" {
      - allocation_id                      = "eipalloc-086788637a4a4747b" -> null
      - association_id                     = "eipassoc-09f68998876f4a89d" -> null
      - connectivity_type                  = "public" -> null
      - id                                 = "nat-085d4b1a056507c1c" -> null
      - network_interface_id               = "eni-000875ca904dab7c5" -> null
      - private_ip                         = "10.0.26.121" -> null
      - public_ip                          = "52.11.150.117" -> null
      - secondary_allocation_ids           = [] -> null
      - secondary_private_ip_address_count = 0 -> null
      - secondary_private_ip_addresses     = [] -> null
      - subnet_id                          = "subnet-047e945dc9cf1f746" -> null
      - tags                               = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - tags_all                           = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
    }

  # module.network.module.public_subnets.aws_network_acl.public[0] will be updated in-place
  ~ resource "aws_network_acl" "public" {
        id         = "acl-0cadac0578b766cd2"
      ~ subnet_ids = [
          - "subnet-047e945dc9cf1f746",
          - "subnet-08f7c800b6bb54c9a",
        ] -> (known after apply)
        tags       = {
            "Attributes"  = "public"
            "Environment" = "dev"
            "Name"        = "sf-arc-saas-dev-public-subnet"
            "Project"     = "sf-arc-saas"
        }
        # (6 unchanged attributes hidden)
    }

  # module.network.module.public_subnets.aws_route.public["us-east-1a"] will be created
  + resource "aws_route" "public" {
      + destination_cidr_block = "0.0.0.0/0"
      + gateway_id             = "igw-0c9515bf64b2f2b3b"
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)
    }

  # module.network.module.public_subnets.aws_route.public["us-east-1b"] will be created
  + resource "aws_route" "public" {
      + destination_cidr_block = "0.0.0.0/0"
      + gateway_id             = "igw-0c9515bf64b2f2b3b"
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)
    }

  # module.network.module.public_subnets.aws_route.public["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_route" "public" {
      - destination_cidr_block = "0.0.0.0/0" -> null
      - gateway_id             = "igw-0c9515bf64b2f2b3b" -> null
      - id                     = "r-rtb-03b50b1a485d678341080289494" -> null
      - origin                 = "CreateRoute" -> null
      - route_table_id         = "rtb-03b50b1a485d67834" -> null
      - state                  = "active" -> null
    }

  # module.network.module.public_subnets.aws_route.public["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_route" "public" {
      - destination_cidr_block = "0.0.0.0/0" -> null
      - gateway_id             = "igw-0c9515bf64b2f2b3b" -> null
      - id                     = "r-rtb-047219d8ce63843d41080289494" -> null
      - origin                 = "CreateRoute" -> null
      - route_table_id         = "rtb-047219d8ce63843d4" -> null
      - state                  = "active" -> null
    }

  # module.network.module.public_subnets.aws_route_table.public["us-east-1a"] will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + tags_all         = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + vpc_id           = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.public_subnets.aws_route_table.public["us-east-1b"] will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + tags_all         = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + vpc_id           = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.public_subnets.aws_route_table.public["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_route_table" "public" {
      - arn              = "arn:aws:ec2:us-west-2:471112653618:route-table/rtb-03b50b1a485d67834" -> null
      - id               = "rtb-03b50b1a485d67834" -> null
      - owner_id         = "471112653618" -> null
      - propagating_vgws = [] -> null
      - route            = [
          - {
              - carrier_gateway_id         = ""
              - cidr_block                 = "0.0.0.0/0"
              - core_network_arn           = ""
              - destination_prefix_list_id = ""
              - egress_only_gateway_id     = ""
              - gateway_id                 = "igw-0c9515bf64b2f2b3b"
              - ipv6_cidr_block            = ""
              - local_gateway_id           = ""
              - nat_gateway_id             = ""
              - network_interface_id       = ""
              - transit_gateway_id         = ""
              - vpc_endpoint_id            = ""
              - vpc_peering_connection_id  = ""
            },
        ] -> null
      - tags             = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - tags_all         = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - vpc_id           = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.public_subnets.aws_route_table.public["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_route_table" "public" {
      - arn              = "arn:aws:ec2:us-west-2:471112653618:route-table/rtb-047219d8ce63843d4" -> null
      - id               = "rtb-047219d8ce63843d4" -> null
      - owner_id         = "471112653618" -> null
      - propagating_vgws = [] -> null
      - route            = [
          - {
              - carrier_gateway_id         = ""
              - cidr_block                 = "0.0.0.0/0"
              - core_network_arn           = ""
              - destination_prefix_list_id = ""
              - egress_only_gateway_id     = ""
              - gateway_id                 = "igw-0c9515bf64b2f2b3b"
              - ipv6_cidr_block            = ""
              - local_gateway_id           = ""
              - nat_gateway_id             = ""
              - network_interface_id       = ""
              - transit_gateway_id         = ""
              - vpc_endpoint_id            = ""
              - vpc_peering_connection_id  = ""
            },
        ] -> null
      - tags             = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - tags_all         = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - vpc_id           = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.public_subnets.aws_route_table_association.public["us-east-1a"] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.network.module.public_subnets.aws_route_table_association.public["us-east-1b"] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.network.module.public_subnets.aws_route_table_association.public["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_route_table_association" "public" {
      - id             = "rtbassoc-0269893aa03e7e194" -> null
      - route_table_id = "rtb-03b50b1a485d67834" -> null
      - subnet_id      = "subnet-08f7c800b6bb54c9a" -> null
    }

  # module.network.module.public_subnets.aws_route_table_association.public["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_route_table_association" "public" {
      - id             = "rtbassoc-0845641e3355476b0" -> null
      - route_table_id = "rtb-047219d8ce63843d4" -> null
      - subnet_id      = "subnet-047e945dc9cf1f746" -> null
    }

  # module.network.module.public_subnets.aws_subnet.public["us-east-1a"] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.0.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + tags_all                                       = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1a"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + vpc_id                                         = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.public_subnets.aws_subnet.public["us-east-1b"] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.16.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + tags_all                                       = {
          + "Attributes"  = "public"
          + "Environment" = "dev"
          + "Name"        = "sf-arc-saas-dev-public-subnet-public-us-east-1b"
          + "Project"     = "sf-arc-saas"
          + "Type"        = "public"
        }
      + vpc_id                                         = "vpc-0c000dd15b500b2fb"
    }

  # module.network.module.public_subnets.aws_subnet.public["us-west-2a"] will be destroyed
  # (because key ["us-west-2a"] is not in for_each map)
  - resource "aws_subnet" "public" {
      - arn                                            = "arn:aws:ec2:us-west-2:471112653618:subnet/subnet-08f7c800b6bb54c9a" -> null
      - assign_ipv6_address_on_creation                = false -> null
      - availability_zone                              = "us-west-2a" -> null
      - availability_zone_id                           = "usw2-az2" -> null
      - cidr_block                                     = "10.0.0.0/20" -> null
      - enable_dns64                                   = false -> null
      - enable_lni_at_device_index                     = 0 -> null
      - enable_resource_name_dns_a_record_on_launch    = false -> null
      - enable_resource_name_dns_aaaa_record_on_launch = false -> null
      - id                                             = "subnet-08f7c800b6bb54c9a" -> null
      - ipv6_native                                    = false -> null
      - map_customer_owned_ip_on_launch                = false -> null
      - map_public_ip_on_launch                        = false -> null
      - owner_id                                       = "471112653618" -> null
      - private_dns_hostname_type_on_launch            = "ip-name" -> null
      - tags                                           = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - tags_all                                       = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2a"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - vpc_id                                         = "vpc-0c000dd15b500b2fb" -> null
    }

  # module.network.module.public_subnets.aws_subnet.public["us-west-2b"] will be destroyed
  # (because key ["us-west-2b"] is not in for_each map)
  - resource "aws_subnet" "public" {
      - arn                                            = "arn:aws:ec2:us-west-2:471112653618:subnet/subnet-047e945dc9cf1f746" -> null
      - assign_ipv6_address_on_creation                = false -> null
      - availability_zone                              = "us-west-2b" -> null
      - availability_zone_id                           = "usw2-az1" -> null
      - cidr_block                                     = "10.0.16.0/20" -> null
      - enable_dns64                                   = false -> null
      - enable_lni_at_device_index                     = 0 -> null
      - enable_resource_name_dns_a_record_on_launch    = false -> null
      - enable_resource_name_dns_aaaa_record_on_launch = false -> null
      - id                                             = "subnet-047e945dc9cf1f746" -> null
      - ipv6_native                                    = false -> null
      - map_customer_owned_ip_on_launch                = false -> null
      - map_public_ip_on_launch                        = false -> null
      - owner_id                                       = "471112653618" -> null
      - private_dns_hostname_type_on_launch            = "ip-name" -> null
      - tags                                           = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - tags_all                                       = {
          - "Attributes"  = "public"
          - "Environment" = "dev"
          - "Name"        = "sf-arc-saas-dev-public-subnet-public-us-west-2b"
          - "Project"     = "sf-arc-saas"
          - "Type"        = "public"
        } -> null
      - vpc_id                                         = "vpc-0c000dd15b500b2fb" -> null
    }

Plan: 20 to add, 2 to change, 20 to destroy.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.4% Duplication on New Code

See analysis details on SonarCloud

rayl15
rayl15 approved these changes May 30, 2024
View reviewed changes
Copy link
Collaborator

@rayl15 rayl15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved

@rayl15 rayl15 merged commit 3373aa0 into main May 30, 2024
4 checks passed
@HarshitSF HarshitSF deleted the feature/updates branch June 4, 2024 04:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rayl15 rayl15 rayl15 approved these changes

Assignees
No one assigned
Labels
saas ARC Saas
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HarshitSF @rayl15