Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/manage tenant terraform deployment #84

Merged
merged 37 commits into from
Apr 8, 2024
Merged

Feature/manage tenant terraform deployment #84

merged 37 commits into from
Apr 8, 2024

Conversation

HarshitSF
Copy link
Collaborator

No description provided.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Apr 8, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
20.6% Duplication on New Code

See analysis details on SonarCloud

@HarshitSF HarshitSF merged commit 4b21652 into dev Apr 8, 2024
2 checks passed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2024

Terraform plan output for bootstrap in dev 


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # aws_dynamodb_table.tenant_details will be created
  + resource "aws_dynamodb_table" "tenant_details" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "TENANT_ID"
      + id               = (known after apply)
      + name             = "arc-saas-dev-tenant-details"
      + read_capacity    = 5
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-tenant-details"
          + "Project"     = "arc-saas"
        }
      + tags_all         = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-tenant-details"
          + "Project"     = "arc-saas"
        }
      + write_capacity   = 5

      + attribute {
          + name = "TENANT_ID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # aws_s3_bucket.artifact_bucket will be created
  + resource "aws_s3_bucket" "artifact_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
          + "type"        = "artifact"
        }
      + tags_all                    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
          + "type"        = "artifact"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # aws_s3_bucket_public_access_block.public_access_block will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.bootstrap.data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.bootstrap.aws_dynamodb_table.terraform_state_lock will be created
  + resource "aws_dynamodb_table" "terraform_state_lock" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "LockID"
      + id               = (known after apply)
      + name             = "arc-saas-dev-terraform-state-lock"
      + read_capacity    = 2
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "DynamoDBName" = "arc-saas-dev-terraform-state-lock"
          + "Environment"  = "dev"
          + "Name"         = "arc-saas-dev-terraform-state-lock"
          + "Project"      = "arc-saas"
        }
      + tags_all         = {
          + "DynamoDBName" = "arc-saas-dev-terraform-state-lock"
          + "Environment"  = "dev"
          + "Name"         = "arc-saas-dev-terraform-state-lock"
          + "Project"      = "arc-saas"
        }
      + write_capacity   = 2

      + attribute {
          + name = "LockID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # module.bootstrap.aws_s3_bucket.private will be created
  + resource "aws_s3_bucket" "private" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_acl.this will be created
  + resource "aws_s3_bucket_acl" "this" {
      + acl    = "private"
      + bucket = (known after apply)
      + id     = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_analytics_configuration.private_analytics_config[0] will be created
  + resource "aws_s3_bucket_analytics_configuration" "private_analytics_config" {
      + bucket = (sensitive value)
      + id     = (known after apply)
      + name   = "Analytics"

      + storage_class_analysis {
          + data_export {
              + output_schema_version = "V_1"

              + destination {
                  + s3_bucket_destination {
                      + bucket_arn = (known after apply)
                      + format     = "CSV"
                      + prefix     = "_AWSBucketAnalytics"
                    }
                }
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_lifecycle_configuration.this will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "rule-1"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 14
            }

          + expiration {
              + days                         = 0
              + expired_object_delete_marker = true
            }

          + noncurrent_version_expiration {
              + noncurrent_days = 365
            }

          + noncurrent_version_transition {
              + noncurrent_days = 30
              + storage_class   = "STANDARD_IA"
            }
        }
      + rule {
          + id     = "rule-2"
          + status = "Enabled"

          + expiration {
              + days                         = 14
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketInventory/"
            }
        }
      + rule {
          + id     = "rule-3"
          + status = "Enabled"

          + expiration {
              + days                         = 30
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketAnalytics/"
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_ownership_controls.this will be created
  + resource "aws_s3_bucket_ownership_controls" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + object_ownership = "BucketOwnerPreferred"
        }
    }

  # module.bootstrap.aws_s3_bucket_public_access_block.public_access_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.bootstrap.aws_s3_bucket_server_side_encryption_configuration.example will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + bucket_key_enabled = false

          + apply_server_side_encryption_by_default {
              + sse_algorithm = "AES256"
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = "Disabled"
          + status     = "Enabled"
        }
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/artifact-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Codepipeline Artifact Bucket"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/artifact-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/tenant-details-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Tenant Details DynamoDB Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/tenant-details-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/terraform-state-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Bucket Name"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/terraform-state-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/terraform-state-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Dynamodb Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/terraform-state-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bucket_suffix.random_password.password will be created
  + resource "random_password" "password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 6
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = false
    }

Plan: 18 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + state_bucket_arn      = (sensitive value)
  + state_bucket_name     = (sensitive value)
  + state_lock_table_arn  = (sensitive value)
  + state_lock_table_name = (sensitive value)

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2024

Terraform plan output for core-infra-pipeline in dev 


Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.eks_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project has changed
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (11 unchanged attributes hidden)

      ~ source {
          ~ buildspec           = <<-EOT
                "phases":
                  "build":
                    "commands":
                    - "terraform init --backend-config=config.dev.hcl"
              -     - "terraform plan --var-file=dev.tfvars"
              -     - "terraform apply --var-file=dev.tfvars --auto-approve"
              +     #- "terraform plan --var-file=dev.tfvars"
              +     #- "terraform apply --var-file=dev.tfvars --auto-approve"
                    - "terraform apply --var-file=dev.tfvars --var=\"enable_karpenter=true\" --var=\"add_role_to_ssm=true\"
                      --auto-approve"
                  "install":
                    "commands":
                    - "curl -o /usr/local/bin/terraform.zip https://releases.hashicorp.com/terraform/1.7.1/terraform_1.7.1_linux_amd64.zip"
                    - "unzip /usr/local/bin/terraform.zip -d /usr/local/bin/"
                    - "export PATH=$PWD/:$PATH"
                    - "apt-get update -y && apt-get install -y jq unzip"
                    - "curl -sS -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator"
                    - "curl -sS -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl"
                    - "chmod +x ./kubectl ./aws-iam-authenticator"
                  "pre_build":
                    "commands":
                    - "cd terraform/eks"
                    - "rm config.dev.hcl"
                    - "sed -i 's/aws_region/us-east-1/g' config.txt"
                    - "tf_state_bucket=$(aws ssm get-parameter --name \"/arc-saas/dev/terraform-state-bucket\"
                      --query \"Parameter.Value\" --output text --region us-east-1)"
                    - "tf_state_table=$(aws ssm get-parameter --name \"/arc-saas/dev/terraform-state-dynamodb-table\"
                      --query \"Parameter.Value\" --output text --region us-east-1)"
                    - "envsubst < config.txt > config.dev.hcl"
                "version": "0.2"
            EOT
            # (4 unchanged attributes hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.tenant_codebuild_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project has changed
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
          ~ buildspec           = <<-EOT
                "phases":
                  "build":
                    "commands":
                    - "terraform init --backend-config=config.dev.hcl"
                    - "terraform plan --var-file=dev.tfvars"
                    - "terraform apply --var-file=dev.tfvars -auto-approve"
                    - "chmod +x silo-codecommit.sh"
                    - "./silo-codecommit.sh"
                    - "chmod +x pooled-codecommit.sh"
                    - "./pooled-codecommit.sh"
              -     - "chmod +x tenant-helm-chart-codecommit.sh"
              -     - "./tenant-helm-chart-codecommit.sh"
              +     - "chmod +x tenant-gitops-codecommit.sh"
              +     - "./tenant-gitops-codecommit.sh"
                  "install":
                    "commands":
                    - "curl -o /usr/local/bin/terraform.zip https://releases.hashicorp.com/terraform/1.7.1/terraform_1.7.1_linux_amd64.zip"
                    - "unzip /usr/local/bin/terraform.zip -d /usr/local/bin/"
                    - "terraform --version"
                  "pre_build":
                    "commands":
                    - "export PATH=$PWD/:$PATH"
                    - "cd terraform/tenant-codebuilds"
                    - "rm config.dev.hcl"
                    - "sed -i 's/aws_region/us-east-1/g' config.txt"
                    - "tf_state_bucket=$(aws ssm get-parameter --name \"/arc-saas/dev/terraform-state-bucket\"
                      --query \"Parameter.Value\" --output text --region us-east-1)"
                    - "tf_state_table=$(aws ssm get-parameter --name \"/arc-saas/dev/terraform-state-dynamodb-table\"
                      --query \"Parameter.Value\" --output text --region us-east-1)"
                    - "envsubst < config.txt > config.dev.hcl"
                "version": "0.2"
            EOT
            # (4 unchanged attributes hidden)
        }

        # (4 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.billing_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-billing-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-billing-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.cognito_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-cognito-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-cognito-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.control_plane_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-control-plane-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-control-plane-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.deployment_pipeline.aws_codepipeline.deployment_pipeline will be updated in-place
  ~ resource "aws_codepipeline" "deployment_pipeline" {
        id       = "arc-saas-dev-terraform-pipeline"
        name     = "arc-saas-dev-terraform-pipeline"
        tags     = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (3 unchanged attributes hidden)

      ~ stage {
            name = "Source"

          ~ action {
              ~ configuration    = {
                  ~ "BranchName"           = "feature/manage-tenant-terraform-deployment" -> "main"
                  - "OutputArtifactFormat" = "CODE_ZIP" -> null
                    # (2 unchanged elements hidden)
                }
                name             = "Source"
                # (8 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "test" -> "Stage-Bootstrap"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev" -> "initial-bootstrap-arc-saas-dev"
                }
              ~ name             = "testtenanttcodebuild" -> "Action-Bootstrap"
              ~ output_artifacts = [
                  + "",
                ]
                # (7 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Bootstrap" -> "Stage-Networking"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "initial-bootstrap-arc-saas-dev" -> "terraform-networking-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Bootstrap" -> "Action-Networking"
              ~ output_artifacts = [
                  + "",
                ]
              ~ run_order        = 2 -> 3
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Networking" -> "Stage-Database"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-networking-module-build-step-code-build-arc-saas-dev" -> "terraform-rds-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Networking" -> "Action-Database"
              ~ output_artifacts = [
                  + "",
                ]
              ~ run_order        = 3 -> 4
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Database" -> "Stage-Elasticache"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-rds-module-build-step-code-build-arc-saas-dev" -> "terraform-elasticache-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Database" -> "Action-Elasticache"
              ~ output_artifacts = [
                  + "",
                ]
                # (7 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Elasticache" -> "Stage-Opensearch"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-elasticache-module-build-step-code-build-arc-saas-dev" -> "terraform-opensearch-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Elasticache" -> "Action-Opensearch"
              ~ output_artifacts = [
                  + "",
                ]
                # (7 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Opensearch" -> "Stage-ClientVPN"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-opensearch-module-build-step-code-build-arc-saas-dev" -> "terraform-vpn-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Opensearch" -> "Action-ClientVPN"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-ClientVPN" -> "Stage-IAMRole"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-vpn-module-build-step-code-build-arc-saas-dev" -> "terraform-iam-role-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-ClientVPN" -> "Action-IAMRole"
              ~ output_artifacts = [
                  + "",
                ]
              ~ run_order        = 4 -> 5
                # (5 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-IAMRole" -> "Stage-EKS"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-iam-role-module-build-step-code-build-arc-saas-dev" -> "terraform-eks-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-IAMRole" -> "Action-EKS"
              ~ output_artifacts = [
                  + "",
                ]
              ~ run_order        = 5 -> 6
                # (5 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-EKS" -> "Stage-EKS-Auth"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-eks-module-build-step-code-build-arc-saas-dev" -> "terraform-eks-auth-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-EKS" -> "Action-EKS-Auth"
              ~ output_artifacts = [
                  + "",
                ]
              ~ run_order        = 6 -> 7
                # (5 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-EKS-Auth" -> "Stage-EKS-Istio"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-eks-auth-module-build-step-code-build-arc-saas-dev" -> "terraform-istio-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-EKS-Auth" -> "Action-EKS-Istio"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-EKS-Istio" -> "Stage-Observability"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-istio-module-build-step-code-build-arc-saas-dev" -> "terraform-eks-observability-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-EKS-Istio" -> "Action-Observability"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Observability" -> "Stage-Opensearch-Ops"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-eks-observability-module-build-step-code-build-arc-saas-dev" -> "terraform-opensearch-ops-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Observability" -> "Action-Opensearch-Ops"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Opensearch-Ops" -> "Stage-Cognito"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-opensearch-ops-module-build-step-code-build-arc-saas-dev" -> "terraform-cognito-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Opensearch-Ops" -> "Action-Cognito"
              ~ output_artifacts = [
                  + "",
                ]
              ~ run_order        = 7 -> 8
                # (5 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Cognito" -> "Stage-TenantCodebuilds"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-cognito-module-build-step-code-build-arc-saas-dev" -> "terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Cognito" -> "Action-TenantCodebuilds"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-TenantCodebuilds" -> "Stage-ControlPlaneApplication"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev" -> "terraform-control-plane-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-TenantCodebuilds" -> "Action-ControlPlaneApplication"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-ControlPlaneApplication" -> "Stage-Billing"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-control-plane-module-build-step-code-build-arc-saas-dev" -> "terraform-billing-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-ControlPlaneApplication" -> "Action-Billing"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      ~ stage {
          ~ name = "Stage-Billing" -> "Stage-WAF"

          ~ action {
              ~ configuration    = {
                  ~ "ProjectName" = "terraform-billing-module-build-step-code-build-arc-saas-dev" -> "terraform-waf-module-build-step-code-build-arc-saas-dev"
                }
              ~ name             = "Action-Billing" -> "Action-WAF"
              ~ output_artifacts = [
                  + "",
                ]
                # (6 unchanged attributes hidden)
            }
        }
      - stage {
          - name = "Stage-WAF" -> null

          - action {
              - category         = "Build" -> null
              - configuration    = {
                  - "ProjectName" = "terraform-waf-module-build-step-code-build-arc-saas-dev"
                } -> null
              - input_artifacts  = [
                  - "source_output",
                ] -> null
              - name             = "Action-WAF" -> null
              - output_artifacts = [] -> null
              - owner            = "AWS" -> null
              - provider         = "CodeBuild" -> null
              - run_order        = 8 -> null
              - version          = "1" -> null
            }
        }

        # (1 unchanged block hidden)
    }

  # module.eks_auth_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-auth-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-auth-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.eks_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (11 unchanged attributes hidden)

      ~ source {
          ~ buildspec           = <<-EOT
                "phases":
                  "build":
                    "commands":
                    - "terraform init --backend-config=config.dev.hcl"
              -     #- "terraform plan --var-file=dev.tfvars"
              -     #- "terraform apply --var-file=dev.tfvars --auto-approve"
              +     - "terraform plan --var-file=dev.tfvars"
              +     - "terraform apply --var-file=dev.tfvars --auto-approve"
                    - "terraform apply --var-file=dev.tfvars --var=\"enable_karpenter=true\" --var=\"add_role_to_ssm=true\"
                      --auto-approve"
                  "install":
                    "commands":
                    - "curl -o /usr/local/bin/terraform.zip https://releases.hashicorp.com/terraform/1.7.1/terraform_1.7.1_linux_amd64.zip"
                    - "unzip /usr/local/bin/terraform.zip -d /usr/local/bin/"
                    - "export PATH=$PWD/:$PATH"
                    - "apt-get update -y && apt-get install -y jq unzip"
                    - "curl -sS -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator"
                    - "curl -sS -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl"
                    - "chmod +x ./kubectl ./aws-iam-authenticator"
                  "pre_build":
                    "commands":
                    - "cd terraform/eks"
                    - "rm config.dev.hcl"
                    - "sed -i 's/aws_region/us-east-1/g' config.txt"
                    - "tf_state_bucket=$(aws ssm get-parameter --name \"/arc-saas/dev/terraform-state-bucket\"
                      --query \"Parameter.Value\" --output text --region us-east-1)"
                    - "tf_state_table=$(aws ssm get-parameter --name \"/arc-saas/dev/terraform-state-dynamodb-table\"
                      --query \"Parameter.Value\" --output text --region us-east-1)"
                    - "envsubst < config.txt > config.dev.hcl"
                "version": "0.2"
            EOT
            # (4 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.eks_observability_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-observability-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-observability-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.elasticache_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-elasticache-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-elasticache-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.iam_role_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-iam-role-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-iam-role-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.initial_bootstrap.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/initial-bootstrap-arc-saas-dev"
        name                   = "initial-bootstrap-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.istio_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-istio-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-istio-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.networking_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-networking-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-networking-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.opensearch_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-opensearch-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-opensearch-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.tenant_codebuild_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.vpn_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-vpn-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-vpn-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

  # module.waf_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-waf-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-waf-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (10 unchanged attributes hidden)

      ~ source {
            # (5 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {}

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 16 to change, 0 to destroy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@HarshitSF