Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed Issues #95

Merged
merged 19 commits into from
Apr 23, 2024
Merged

Fixed Issues #95

merged 19 commits into from
Apr 23, 2024

Conversation

HarshitSF
Copy link
Collaborator

Fixed terraform issues and updated README file.

Copy link
Contributor

Terraform plan output for bootstrap in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # aws_dynamodb_table.tenant_details will be created
  + resource "aws_dynamodb_table" "tenant_details" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "TENANT_ID"
      + id               = (known after apply)
      + name             = "arc-saas-dev-tenant-details"
      + read_capacity    = 5
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-tenant-details"
          + "Project"     = "arc-saas"
        }
      + tags_all         = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-tenant-details"
          + "Project"     = "arc-saas"
        }
      + write_capacity   = 5

      + attribute {
          + name = "TENANT_ID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # aws_s3_bucket.artifact_bucket will be created
  + resource "aws_s3_bucket" "artifact_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
          + "type"        = "artifact"
        }
      + tags_all                    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
          + "type"        = "artifact"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # aws_s3_bucket_public_access_block.public_access_block will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.bootstrap.data.aws_iam_policy_document.policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = (sensitive value)
          + sid       = "enforce-tls"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = (sensitive value)
          + sid       = "inventory-and-analytics"

          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }
          + condition {
              # At least one attribute in this block is (or was) sensitive,
              # so its contents will not be displayed.
            }

          + principals {
              + identifiers = [
                  + "s3.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.bootstrap.aws_dynamodb_table.terraform_state_lock will be created
  + resource "aws_dynamodb_table" "terraform_state_lock" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "LockID"
      + id               = (known after apply)
      + name             = "arc-saas-dev-terraform-state-lock"
      + read_capacity    = 2
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags             = {
          + "DynamoDBName" = "arc-saas-dev-terraform-state-lock"
          + "Environment"  = "dev"
          + "Name"         = "arc-saas-dev-terraform-state-lock"
          + "Project"      = "arc-saas"
        }
      + tags_all         = {
          + "DynamoDBName" = "arc-saas-dev-terraform-state-lock"
          + "Environment"  = "dev"
          + "Name"         = "arc-saas-dev-terraform-state-lock"
          + "Project"      = "arc-saas"
        }
      + write_capacity   = 2

      + attribute {
          + name = "LockID"
          + type = "S"
        }

      + point_in_time_recovery {
          + enabled = true
        }

      + server_side_encryption {
          + enabled     = true
          + kms_key_arn = (known after apply)
        }
    }

  # module.bootstrap.aws_s3_bucket.private will be created
  + resource "aws_s3_bucket" "private" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = (sensitive value)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_acl.this will be created
  + resource "aws_s3_bucket_acl" "this" {
      + acl    = "private"
      + bucket = (known after apply)
      + id     = (known after apply)
    }

  # module.bootstrap.aws_s3_bucket_analytics_configuration.private_analytics_config[0] will be created
  + resource "aws_s3_bucket_analytics_configuration" "private_analytics_config" {
      + bucket = (sensitive value)
      + id     = (known after apply)
      + name   = "Analytics"

      + storage_class_analysis {
          + data_export {
              + output_schema_version = "V_1"

              + destination {
                  + s3_bucket_destination {
                      + bucket_arn = (known after apply)
                      + format     = "CSV"
                      + prefix     = "_AWSBucketAnalytics"
                    }
                }
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_lifecycle_configuration.this will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "rule-1"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 14
            }

          + expiration {
              + days                         = 0
              + expired_object_delete_marker = true
            }

          + noncurrent_version_expiration {
              + noncurrent_days = 365
            }

          + noncurrent_version_transition {
              + noncurrent_days           = 30
              + storage_class             = "STANDARD_IA"
                # (1 unchanged attribute hidden)
            }
        }
      + rule {
          + id     = "rule-2"
          + status = "Enabled"

          + expiration {
              + days                         = 14
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketInventory/"
            }
        }
      + rule {
          + id     = "rule-3"
          + status = "Enabled"

          + expiration {
              + days                         = 30
              + expired_object_delete_marker = (known after apply)
            }

          + filter {
              + prefix = "_AWSBucketAnalytics/"
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_ownership_controls.this will be created
  + resource "aws_s3_bucket_ownership_controls" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + object_ownership = "BucketOwnerPreferred"
        }
    }

  # module.bootstrap.aws_s3_bucket_public_access_block.public_access_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "public_access_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.bootstrap.aws_s3_bucket_server_side_encryption_configuration.example will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + bucket_key_enabled = false

          + apply_server_side_encryption_by_default {
              + sse_algorithm     = "AES256"
                # (1 unchanged attribute hidden)
            }
        }
    }

  # module.bootstrap.aws_s3_bucket_versioning.this will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = "Disabled"
          + status     = "Enabled"
        }
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/artifact-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Codepipeline Artifact Bucket"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/artifact-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/tenant-details-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Tenant Details DynamoDB Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/tenant-details-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/terraform-state-bucket"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Bucket Name"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/terraform-state-bucket"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bootstrap_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/terraform-state-dynamodb-table"] will be created
  + resource "aws_ssm_parameter" "default" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Terraform State Dynamodb Table"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/arc-saas/dev/terraform-state-dynamodb-table"
      + overwrite   = true
      + tags        = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier        = "Standard"
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

  # module.bucket_suffix.random_password.password will be created
  + resource "random_password" "password" {
      + bcrypt_hash      = (sensitive value)
      + id               = (known after apply)
      + length           = 6
      + lower            = true
      + min_lower        = 0
      + min_numeric      = 0
      + min_special      = 0
      + min_upper        = 0
      + number           = true
      + numeric          = true
      + result           = (sensitive value)
      + special          = false
      + upper            = false
        # (1 unchanged attribute hidden)
    }

Plan: 18 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + state_bucket_arn      = (known after apply)
  + state_bucket_name     = (sensitive value)
  + state_lock_table_arn  = (known after apply)
  + state_lock_table_name = "arc-saas-dev-terraform-state-lock"

Copy link
Contributor

Terraform plan output for codebuild-role in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.codebuild_role.aws_iam_policy.default will be updated in-place
  ~ resource "aws_iam_policy" "default" {
        id               = "arn:aws:iam::471112653618:policy/arc-saas-dev-codebuild-iam-policy"
        name             = "arc-saas-dev-codebuild-iam-policy"
      ~ policy           = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                            # (1 unchanged element hidden)
                            "s3:*",
                          + "route53:*",
                            "rds:*",
                          + "logs:*",
                          + "lambda:*",
                          + "kms:*",
                            "iam:*",
                          + "glue:*",
                            "es:*",
                          + "elasticloadbalancing:DescribeLoadBalancers",
                            "elasticache:*",
                          - "eks:Describe*",
                          + "eks:*",
                            "ec2:*",
                          - "dynamodb:PutItem",
                          - "dynamodb:GetItem",
                          - "dynamodb:DeleteItem",
                          + "dynamodb:*",
                          + "cur:*",
                            "cognito-idp:*",
                          - "kms:*",
                          + "codecommit:*",
                          + "budgets:*",
                            "aps:*",
                          + "SNS:*",
                        ]
                        # (3 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags             = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (7 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Copy link
Contributor

Terraform plan output for opensearch in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # module.os_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/opensearch/domain_endpoint"] will be updated in-place
  ~ resource "aws_ssm_parameter" "default" {
        id              = "/arc-saas/dev/opensearch/domain_endpoint"
      + insecure_value  = (known after apply)
        name            = "/arc-saas/dev/opensearch/domain_endpoint"
        tags            = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
      ~ value           = (sensitive value)
      ~ version         = 1 -> (known after apply)
        # (9 unchanged attributes hidden)
    }

  # module.opensearch.module.opensearch.data.aws_iam_policy_document.default[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "default" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "es:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "*",
                  + "arn:aws:iam::471112653618:role/arc-saas-dev-opensearch-admin",
                  + "arn:aws:iam::471112653618:role/arc-saas-dev-opensearch-ro",
                  + "arn:aws:iam::471112653618:role/arc-saas-dev-opensearch-user",
                ]
              + type        = "AWS"
            }
        }
    }

  # module.opensearch.module.opensearch.aws_elasticsearch_domain.default[0] will be created
  + resource "aws_elasticsearch_domain" "default" {
      + access_policies       = (known after apply)
      + advanced_options      = {
          + "override_main_response_version"         = "false"
          + "rest.action.multi.allow_explicit_index" = "true"
        }
      + arn                   = (known after apply)
      + domain_id             = (known after apply)
      + domain_name           = "arc-saas-dev-opensearch"
      + elasticsearch_version = "OpenSearch_2.11"
      + endpoint              = (known after apply)
      + id                    = (known after apply)
      + kibana_endpoint       = (known after apply)
      + tags                  = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-opensearch"
          + "Namespace"   = "arc-saas"
          + "Project"     = "arc-saas"
        }
      + tags_all              = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-opensearch"
          + "Namespace"   = "arc-saas"
          + "Project"     = "arc-saas"
        }

      + advanced_security_options {
          + enabled                        = true
          + internal_user_database_enabled = true

          + master_user_options {
              + master_user_name     = "os_admin"
              + master_user_password = (sensitive value)
                # (1 unchanged attribute hidden)
            }
        }

      + cluster_config {
          + dedicated_master_enabled = false
          + instance_count           = 2
          + instance_type            = "t3.medium.elasticsearch"
          + warm_enabled             = false
          + zone_awareness_enabled   = true

          + zone_awareness_config {
              + availability_zone_count = 2
            }
        }

      + domain_endpoint_options {
          + custom_endpoint_enabled = false
          + enforce_https           = true
          + tls_security_policy     = "Policy-Min-TLS-1-0-2019-07"
        }

      + ebs_options {
          + ebs_enabled = true
          + iops        = 0
          + throughput  = (known after apply)
          + volume_size = 20
          + volume_type = "gp2"
        }

      + encrypt_at_rest {
          + enabled    = true
          + kms_key_id = (known after apply)
        }

      + log_publishing_options {
          + enabled                  = false
          + log_type                 = "AUDIT_LOGS"
            # (1 unchanged attribute hidden)
        }
      + log_publishing_options {
          + enabled                  = false
          + log_type                 = "ES_APPLICATION_LOGS"
            # (1 unchanged attribute hidden)
        }
      + log_publishing_options {
          + enabled                  = false
          + log_type                 = "INDEX_SLOW_LOGS"
            # (1 unchanged attribute hidden)
        }
      + log_publishing_options {
          + enabled                  = false
          + log_type                 = "SEARCH_SLOW_LOGS"
            # (1 unchanged attribute hidden)
        }

      + node_to_node_encryption {
          + enabled = true
        }

      + snapshot_options {
          + automated_snapshot_start_hour = 0
        }

      + vpc_options {
          + availability_zones = (known after apply)
          + security_group_ids = [
              + "sg-043e7473416f45082",
            ]
          + subnet_ids         = [
              + "subnet-0baba1b11deb04aeb",
              + "subnet-0f3f04207431110c7",
            ]
          + vpc_id             = (known after apply)
        }
    }

  # module.opensearch.module.opensearch.aws_elasticsearch_domain_policy.default[0] will be created
  + resource "aws_elasticsearch_domain_policy" "default" {
      + access_policies = (known after apply)
      + domain_name     = "arc-saas-dev-opensearch"
      + id              = (known after apply)
    }

Plan: 2 to add, 1 to change, 0 to destroy.

Changes to Outputs:
  ~ domain_arn      = "arn:aws:es:us-east-1:471112653618:domain/arc-saas-dev-opensearch" -> (known after apply)
  ~ domain_endpoint = "vpc-arc-saas-dev-opensearch-fxi4vbtsv2x5ppfbvgke72heoa.us-east-1.es.amazonaws.com" -> (known after apply)
  ~ domain_id       = "471112653618/arc-saas-dev-opensearch" -> (known after apply)
  ~ kibana_endpoint = "vpc-arc-saas-dev-opensearch-fxi4vbtsv2x5ppfbvgke72heoa.us-east-1.es.amazonaws.com/_plugin/kibana/" -> (known after apply)
  ~ opensearch_name = "arc-saas-dev-opensearch" -> (known after apply)

Copy link
Contributor

github-actions bot commented Apr 19, 2024

Terraform plan output for cognito-user-pool in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.aws_cognito_user_pool.aws_cognito_user_pool_client.client[0] will be updated in-place
  ~ resource "aws_cognito_user_pool_client" "client" {
      ~ callback_urls                                 = [
          - "http://localhost:3000/auth/cognito-auth-redirect",
            # (1 unchanged element hidden)
        ]
        id                                            = "35c7u6fqqun2qcadav06o3fv3a"
        name                                          = "arc-saas"
        # (19 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Copy link
Contributor

Terraform plan output for tenant-codebuilds in dev


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Copy link
Contributor

github-actions bot commented Apr 19, 2024

Terraform plan output for client-vpn in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.self_signed_cert_root.aws_acm_certificate.default[0] will be created
  + resource "aws_acm_certificate" "default" {
      + arn                       = (known after apply)
      + certificate_body          = <<-EOT
            -----BEGIN CERTIFICATE-----
            MIIDFzCCAf+gAwIBAgIQES3sxnVljO6VnvtklaEyhjANBgkqhkiG9w0BAQsFADAs
            MREwDwYDVQQKEwhhcmMtc2FhczEXMBUGA1UEAwwOKi5hcmMtc2Fhcy5uZXQwHhcN
            MjQwMjI5MDgxNDU4WhcNMzQwMjI2MDgxNDU4WjAsMREwDwYDVQQKEwhhcmMtc2Fh
            czEXMBUGA1UEAwwOKi5hcmMtc2Fhcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
            DwAwggEKAoIBAQDZM0J+Ph6tWHt+OoH9AGTZYMP9jeg0DPXrRbYhxNVLXNPMPJJC
            tXIDSKH55bzE1apI94kJ1Okf2J0+u+is7QXy9SusEc4q0uZa5o3TVHQ3FfcmsG67
            24VS8j9wYSOCRM+fwiM4NAmUYw74bAFpsLIezqpCfWvCLd5S1gtoV+mZbNXQYgjh
            CNPkCmvltChBXw3Y76urNYx6Qz0VoXUaN1QSHnBVjAEarC77GKX7GSAvPr3TpI8s
            Byg3klG8NNsRT2lAku7I/SR1Fq9/8c7kUUFv9W4IAQxUbMe8j7vQYfaNyYzcKPus
            egc7fLT2d0v1txJclmnkT8sBDHLdCc4NNxytAgMBAAGjNTAzMA4GA1UdDwEB/wQE
            AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
            DQEBCwUAA4IBAQC/jDz6x6uPS0nurUmCIQ1ANrix9xSjYsIidJxH5GyvAbhntDyL
            4Tur+yYeCRfzk4vbodyCG4nPhqesJ0Bmlz/ZFYfNIzDJplYiDtKFvZUbJpWTOmtr
            RcPk/QavNY/J59kBA+So7uRHRdTE+oqiBee25rG+/i4bkb9utjLRaaXVocvCfXZG
            4N6O6JOSKGWKd0ds0hJIMkr4+O5rpPxVfzed3a1GxlyS2to6sXvO8hu10o/KtJcE
            GAzfnNtjOWCM/R352i+dqRJz6GjA4ZCjTvsDsmSYFq8B1vrT6DGBYvU3/eKWksRj
            yqtF7DYM6n9h+ctxL2yWr6pt1pdJ85q7KacS
            -----END CERTIFICATE-----
        EOT
      + certificate_chain         = <<-EOT
            -----BEGIN CERTIFICATE-----
            MIIDJTCCAg2gAwIBAgIRAN8dPoiUvGQ2izYU6lbm7v4wDQYJKoZIhvcNAQELBQAw
            LDERMA8GA1UEChMIYXJjLXNhYXMxFzAVBgNVBAMMDiouYXJjLXNhYXMubmV0MB4X
            DTI0MDIyOTA4MTQ1N1oXDTM0MDIyNjA4MTQ1N1owLDERMA8GA1UEChMIYXJjLXNh
            YXMxFzAVBgNVBAMMDiouYXJjLXNhYXMubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOC
            AQ8AMIIBCgKCAQEA1VdlSzh/Id0Dg8af840ym7Mx922TgrvOfARu9g90U0irW4g6
            VE4zXUM8CrsoiWRZmPR3vA7ie6kx0E/k6zgCF3hjRWraOBj8udHuDvn44MKLaDO0
            cF1qm5ztgfYwCFDQNs/CXOmSodtbBml7pg7zyQ1X3PQqOmSRIZIcBhUq1l0fI89F
            Cmjs/yJHIeSF37rHbkepfg5sLo5jRHqfw81lVLHKCgnACLam1BjoP+wX6sLh2xMO
            YLTFtoIZDxIlzjYVOjeUa1erpiaU//48OjnPtOZacabGv33Ju6Z8ETvzV7ponrbF
            KUgKAIjjNvV2fWeFkI79MNEc2NKu4HI/KF03hwIDAQABo0IwQDAOBgNVHQ8BAf8E
            BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2SFlCy3D3T4TL1EHG9iq
            Ay6LVKMwDQYJKoZIhvcNAQELBQADggEBAHtWagLOh7Gm3yExeQES3L1MNMEs+EMg
            dO8BjrF8xOhBIxU+K49oFEf3TM23G8CHcFnHSjA1HBzaUKHIWHyKlmzyWRugxb1Q
            Z+SHrA42qozl7q4Ov65QEuZwq9ov/aiQ68vkGahurI5eGOGRfyq5OJsmdQxXx3Zq
            LyyGk6OitjRUv7mXoAKstO897yM0FPCVfdnJScf52YO5a7Wj6zHrqJOBU41zvSVL
            cuRrihhXE8CDlyP9cBEWZnI/vBs2lv9As+l/rnbKvufQfNNwurVGDTiRV2bEjL3z
            BZWwVwjUyABdkwHekJSDASt06fEpBDoBR112Xno8XDSMnssKdvba1iw=
            -----END CERTIFICATE-----
        EOT
      + domain_name               = (known after apply)
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + private_key               = (sensitive value)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = (known after apply)
      + tags_all                  = (known after apply)
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Copy link
Contributor

github-actions bot commented Apr 19, 2024

Terraform plan output for waf in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.waf.aws_wafv2_web_acl.default[0] will be created
  + resource "aws_wafv2_web_acl" "default" {
      + application_integration_url = (known after apply)
      + arn                         = (known after apply)
      + capacity                    = (known after apply)
      + description                 = "Managed by Terraform"
      + id                          = (known after apply)
      + lock_token                  = (known after apply)
      + name                        = "arc-saas-dev-waf"
      + scope                       = "REGIONAL"
      + tags                        = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-waf"
          + "Project"     = "arc-saas"
        }
      + tags_all                    = {
          + "Environment" = "dev"
          + "Name"        = "arc-saas-dev-waf"
          + "Project"     = "arc-saas"
        }

      + default_action {
          + allow {
            }
        }

      + rule {
          + name     = "rule-11"
          + priority = 60

          + action {
              + allow {
                }
            }

          + statement {
              + geo_match_statement {
                  + country_codes = [
                      + "US",
                      + "IN",
                    ]
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-11-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "rule-70"
          + priority = 70

          + action {
              + block {
                }
            }

          + statement {
              + sqli_match_statement {
                  + field_to_match {
                      + query_string {}
                    }
                  + text_transformation {
                      + priority = 1
                      + type     = "URL_DECODE"
                    }
                  + text_transformation {
                      + priority = 2
                      + type     = "HTML_ENTITY_DECODE"
                    }
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-70-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "rule-95"
          + priority = 95

          + action {
              + block {
                }
            }

          + statement {
              + not_statement {
                  + statement {
                      + geo_match_statement {
                          + country_codes = [
                              + "DE",
                            ]
                        }
                    }
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-95-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "rule-80"
          + priority = 80

          + action {
              + count {
                }
            }

          + statement {
              + geo_match_statement {
                  + country_codes = [
                      + "US",
                      + "GB",
                      + "IN",
                    ]
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "rule-80-metric"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "rule-90"
          + priority = 90

          + action {
              + count {
                }
            }

          + statement {
              + not_statement {
                  + statement {
                      + geo_match_statement {
                          + country_codes = [
                              + "US",
                              + "IN",
                            ]
                        }
                    }
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = false
              + metric_name                = "rule-90-metric"
              + sampled_requests_enabled   = false
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesAdminProtectionRuleSet"
          + priority = 1

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesAdminProtectionRuleSet"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesAdminProtectionRuleSet"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesAmazonIpReputationList"
          + priority = 2

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesAmazonIpReputationList"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesAmazonIpReputationList"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesCommonRuleSet"
          + priority = 3

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesCommonRuleSet"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesCommonRuleSet"
              + sampled_requests_enabled   = true
            }
        }
      + rule {
          + name     = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
          + priority = 4

          + override_action {
              + none {}
            }

          + statement {
              + managed_rule_group_statement {
                  + name        = "AWSManagedRulesKnownBadInputsRuleSet"
                  + vendor_name = "AWS"
                    # (1 unchanged attribute hidden)
                }
            }

          + visibility_config {
              + cloudwatch_metrics_enabled = true
              + metric_name                = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
              + sampled_requests_enabled   = true
            }
        }

      + visibility_config {
          + cloudwatch_metrics_enabled = true
          + metric_name                = "rules-example-metric"
          + sampled_requests_enabled   = true
        }
    }

  # module.waf.aws_wafv2_web_acl_association.default[0] will be created
  + resource "aws_wafv2_web_acl_association" "default" {
      + id           = (known after apply)
      + resource_arn = "arn:aws:elasticloadbalancing:us-east-1:471112653618:loadbalancer/app/alb-external-ingress/441e6ba5a8a2cc52"
      + web_acl_arn  = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Copy link
Contributor

Terraform plan output for db in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement
+/- create replacement and then destroy
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_security_groups.aurora will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_security_groups" "aurora" {
      + arns    = (known after apply)
      + id      = (known after apply)
      + ids     = (known after apply)
      + tags    = (known after apply)
      + vpc_ids = (known after apply)

      + filter {
          + name   = "tag:Name"
          + values = [
              + "arc-saas-dev-aurora",
            ]
        }
      + filter {
          + name   = "vpc-id"
          + values = [
              + "vpc-0e4e71bc3ddf72c2f",
            ]
        }
    }

  # module.aurora.aws_ssm_parameter.this["/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_password"] will be destroyed
  # (because key ["/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_password"] is not in for_each map)
  - resource "aws_ssm_parameter" "this" {
      - arn         = "arn:aws:ssm:us-east-1:471112653618:parameter/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_password" -> null
      - data_type   = "text" -> null
      - description = "Managed by Terraform" -> null
      - id          = "/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_password" -> null
      - key_id      = "alias/aws/ssm" -> null
      - name        = "/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_password" -> null
      - overwrite   = true -> null
      - tags        = {
          - "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tags_all    = {
          - "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tier        = "Standard" -> null
      - type        = "SecureString" -> null
      - value       = (sensitive value) -> null
      - version     = 1 -> null
    }

  # module.aurora.aws_ssm_parameter.this["/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_username"] will be destroyed
  # (because key ["/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_username"] is not in for_each map)
  - resource "aws_ssm_parameter" "this" {
      - arn         = "arn:aws:ssm:us-east-1:471112653618:parameter/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_username" -> null
      - data_type   = "text" -> null
      - description = "Managed by Terraform" -> null
      - id          = "/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_username" -> null
      - key_id      = "alias/aws/ssm" -> null
      - name        = "/arc-saas/dev/arc-saas-dev-aurora/cluster_admin_db_username" -> null
      - overwrite   = true -> null
      - tags        = {
          - "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tags_all    = {
          - "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tier        = "Standard" -> null
      - type        = "SecureString" -> null
      - value       = (sensitive value) -> null
      - version     = 1 -> null
    }

  # module.aurora.aws_ssm_parameter.this["/arc-saas/dev/arc-saas-dev-aurora/cluster_endpoint"] will be destroyed
  # (because key ["/arc-saas/dev/arc-saas-dev-aurora/cluster_endpoint"] is not in for_each map)
  - resource "aws_ssm_parameter" "this" {
      - arn         = "arn:aws:ssm:us-east-1:471112653618:parameter/arc-saas/dev/arc-saas-dev-aurora/cluster_endpoint" -> null
      - data_type   = "text" -> null
      - description = "Managed by Terraform" -> null
      - id          = "/arc-saas/dev/arc-saas-dev-aurora/cluster_endpoint" -> null
      - key_id      = "alias/aws/ssm" -> null
      - name        = "/arc-saas/dev/arc-saas-dev-aurora/cluster_endpoint" -> null
      - overwrite   = true -> null
      - tags        = {
          - "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tags_all    = {
          - "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          - "Environment" = "dev"
          - "Project"     = "arc-saas"
        } -> null
      - tier        = "Standard" -> null
      - type        = "SecureString" -> null
      - value       = (sensitive value) -> null
      - version     = 1 -> null
    }

  # module.aurora.aws_ssm_parameter.this["/arc-saas/dev/aurora/cluster_admin_db_password"] will be created
  + resource "aws_ssm_parameter" "this" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "Managed by Terraform"
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/arc-saas/dev/aurora/cluster_admin_db_password"
      + overwrite      = true
      + tags           = {
          + "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all       = {
          + "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.aurora.aws_ssm_parameter.this["/arc-saas/dev/aurora/cluster_admin_db_username"] will be created
  + resource "aws_ssm_parameter" "this" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "Managed by Terraform"
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/arc-saas/dev/aurora/cluster_admin_db_username"
      + overwrite      = true
      + tags           = {
          + "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all       = {
          + "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.aurora.aws_ssm_parameter.this["/arc-saas/dev/aurora/cluster_endpoint"] will be created
  + resource "aws_ssm_parameter" "this" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "Managed by Terraform"
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/arc-saas/dev/aurora/cluster_endpoint"
      + overwrite      = true
      + tags           = {
          + "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tags_all       = {
          + "AuroraName"  = "arc-saas-dev-db-cluster-ssm-param"
          + "Environment" = "dev"
          + "Project"     = "arc-saas"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.db_ssm_parameters.aws_ssm_parameter.default["/arc-saas/dev/db_host"] will be updated in-place
  ~ resource "aws_ssm_parameter" "default" {
        id             = "/arc-saas/dev/db_host"
      + insecure_value = (known after apply)
        name           = "/arc-saas/dev/db_host"
        tags           = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
      ~ value          = (sensitive value)
      ~ version        = 2 -> (known after apply)
        # (7 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_db_parameter_group.default[0] must be replaced
+/- resource "aws_db_parameter_group" "default" {
      ~ arn         = "arn:aws:rds:us-east-1:471112653618:pg:arc-saas-dev-arc-saas-dev-aurora-20240229050850239800000002" -> (known after apply)
      ~ id          = "arc-saas-dev-arc-saas-dev-aurora-20240229050850239800000002" -> (known after apply)
      ~ name        = "arc-saas-dev-arc-saas-dev-aurora-20240229050850239800000002" -> (known after apply)
      ~ name_prefix = "arc-saas-dev-arc-saas-dev-aurora-" -> "arc-saas-dev-aurora-" # forces replacement
      ~ tags        = {
            "Environment" = "dev"
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
      ~ tags_all    = {
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            # (4 unchanged elements hidden)
        }
        # (2 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_db_subnet_group.default[0] must be replaced
-/+ resource "aws_db_subnet_group" "default" {
      ~ arn                     = "arn:aws:rds:us-east-1:471112653618:subgrp:arc-saas-dev-arc-saas-dev-aurora" -> (known after apply)
      ~ id                      = "arc-saas-dev-arc-saas-dev-aurora" -> (known after apply)
      ~ name                    = "arc-saas-dev-arc-saas-dev-aurora" -> "arc-saas-dev-aurora" # forces replacement
      + name_prefix             = (known after apply)
      ~ supported_network_types = [
          - "IPV4",
        ] -> (known after apply)
      ~ tags                    = {
            "Environment" = "dev"
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
      ~ tags_all                = {
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            # (4 unchanged elements hidden)
        }
      ~ vpc_id                  = "vpc-0e4e71bc3ddf72c2f" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_rds_cluster.primary[0] must be replaced
-/+ resource "aws_rds_cluster" "primary" {
      ~ allocated_storage                   = 1 -> (known after apply)
      ~ arn                                 = "arn:aws:rds:us-east-1:471112653618:cluster:arc-saas-dev-arc-saas-dev-aurora" -> (known after apply)
      ~ availability_zones                  = [
          - "us-east-1a",
          - "us-east-1b",
          - "us-east-1d",
        ] -> (known after apply)
      ~ cluster_identifier                  = "arc-saas-dev-arc-saas-dev-aurora" -> "arc-saas-dev-aurora" # forces replacement
      + cluster_identifier_prefix           = (known after apply)
      ~ cluster_members                     = [
          - "arc-saas-dev-arc-saas-dev-aurora-1",
        ] -> (known after apply)
      ~ cluster_resource_id                 = "cluster-V4FUQB7IOLSZUVQKL2TGAOYBGA" -> (known after apply)
      ~ db_cluster_parameter_group_name     = "arc-saas-dev-arc-saas-dev-aurora-20240229050850235700000001" -> (known after apply)
      ~ db_subnet_group_name                = "arc-saas-dev-arc-saas-dev-aurora" -> "arc-saas-dev-aurora" # forces replacement
      - enabled_cloudwatch_logs_exports     = [] -> null
      ~ endpoint                            = "arc-saas-dev-arc-saas-dev-aurora.cluster-ctuyek6cgig6.us-east-1.rds.amazonaws.com" -> (known after apply)
      ~ engine_version_actual               = "15.4" -> (known after apply)
      ~ final_snapshot_identifier           = "arc-saas-dev-arc-saas-dev-aurora" -> "arc-saas-dev-aurora"
      ~ hosted_zone_id                      = "Z2R2ITUGPM61AM" -> (known after apply)
      ~ iam_roles                           = [] -> (known after apply)
      ~ id                                  = "arc-saas-dev-arc-saas-dev-aurora" -> (known after apply)
      - iops                                = 0 -> null
      ~ kms_key_id                          = "arn:aws:kms:us-east-1:471112653618:key/4645d077-17e9-4ee8-ab35-ad3d80eb1f43" -> (known after apply)
      ~ master_user_secret                  = [] -> (known after apply)
      + master_user_secret_kms_key_id       = (known after apply)
      ~ network_type                        = "IPV4" -> (known after apply)
      ~ port                                = 5432 -> (known after apply)
      ~ reader_endpoint                     = "arc-saas-dev-arc-saas-dev-aurora.cluster-ro-ctuyek6cgig6.us-east-1.rds.amazonaws.com" -> (known after apply)
      ~ tags                                = {
            "Environment" = "dev"
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
      ~ tags_all                            = {
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            # (4 unchanged elements hidden)
        }
      ~ vpc_security_group_ids              = [
          - "sg-0708f7ada95b60fd5",
        ] -> (known after apply)
        # (20 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_rds_cluster_instance.default[0] must be replaced
-/+ resource "aws_rds_cluster_instance" "default" {
      ~ arn                                   = "arn:aws:rds:us-east-1:471112653618:db:arc-saas-dev-arc-saas-dev-aurora-1" -> (known after apply)
      ~ availability_zone                     = "us-east-1a" -> (known after apply)
      ~ ca_cert_identifier                    = "rds-ca-rsa2048-g1" -> (known after apply)
      ~ cluster_identifier                    = "arc-saas-dev-arc-saas-dev-aurora" # forces replacement -> (known after apply) # forces replacement
      ~ db_parameter_group_name               = "arc-saas-dev-arc-saas-dev-aurora-20240229050850239800000002" -> (known after apply)
      ~ db_subnet_group_name                  = "arc-saas-dev-arc-saas-dev-aurora" -> "arc-saas-dev-aurora" # forces replacement
      ~ dbi_resource_id                       = "db-7FRZBVTBW2SALKXEULOSQ77HFE" -> (known after apply)
      ~ endpoint                              = "arc-saas-dev-arc-saas-dev-aurora-1.ctuyek6cgig6.us-east-1.rds.amazonaws.com" -> (known after apply)
      ~ engine_version_actual                 = "15.4" -> (known after apply)
      ~ id                                    = "arc-saas-dev-arc-saas-dev-aurora-1" -> (known after apply)
      ~ identifier                            = "arc-saas-dev-arc-saas-dev-aurora-1" -> "arc-saas-dev-aurora-1" # forces replacement
      + identifier_prefix                     = (known after apply)
      ~ kms_key_id                            = "arn:aws:kms:us-east-1:471112653618:key/4645d077-17e9-4ee8-ab35-ad3d80eb1f43" -> (known after apply)
      ~ network_type                          = "IPV4" -> (known after apply)
      ~ performance_insights_kms_key_id       = "arn:aws:kms:us-east-1:471112653618:key/4645d077-17e9-4ee8-ab35-ad3d80eb1f43" -> "arn:aws:kms:us-east-1:471112653618:alias/aws/rds"
      ~ port                                  = 5432 -> (known after apply)
      ~ preferred_backup_window               = "07:00-09:00" -> (known after apply)
      ~ storage_encrypted                     = true -> (known after apply)
      ~ tags                                  = {
            "Environment" = "dev"
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
      ~ tags_all                              = {
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            # (4 unchanged elements hidden)
        }
      ~ writer                                = true -> (known after apply)
        # (13 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_rds_cluster_parameter_group.default[0] must be replaced
+/- resource "aws_rds_cluster_parameter_group" "default" {
      ~ arn         = "arn:aws:rds:us-east-1:471112653618:cluster-pg:arc-saas-dev-arc-saas-dev-aurora-20240229050850235700000001" -> (known after apply)
      ~ id          = "arc-saas-dev-arc-saas-dev-aurora-20240229050850235700000001" -> (known after apply)
      ~ name        = "arc-saas-dev-arc-saas-dev-aurora-20240229050850235700000001" -> (known after apply)
      ~ name_prefix = "arc-saas-dev-arc-saas-dev-aurora-" -> "arc-saas-dev-aurora-" # forces replacement
      ~ tags        = {
            "Environment" = "dev"
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
      ~ tags_all    = {
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            # (4 unchanged elements hidden)
        }
        # (2 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_security_group.default[0] must be replaced
-/+ resource "aws_security_group" "default" {
      ~ arn                    = "arn:aws:ec2:us-east-1:471112653618:security-group/sg-0708f7ada95b60fd5" -> (known after apply)
      ~ egress                 = [
          - {
              - cidr_blocks      = [
                  - "0.0.0.0/0",
                ]
              - description      = "Allow outbound traffic"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
        ] -> (known after apply)
      ~ id                     = "sg-0708f7ada95b60fd5" -> (known after apply)
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic from existing CIDR blocks"
              - from_port        = 5432
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 5432
            },
        ] -> (known after apply)
      ~ name                   = "arc-saas-dev-arc-saas-dev-aurora" -> "arc-saas-dev-aurora" # forces replacement
      + name_prefix            = (known after apply)
      ~ owner_id               = "471112653618" -> (known after apply)
      ~ tags                   = {
            "Environment" = "dev"
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            "Namespace"   = "arc-saas"
            "Project"     = "arc-saas"
            "Stage"       = "dev"
        }
      ~ tags_all               = {
          ~ "Name"        = "arc-saas-dev-aurora" -> "aurora"
            # (4 unchanged elements hidden)
        }
        # (3 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_security_group_rule.egress[0] must be replaced
-/+ resource "aws_security_group_rule" "egress" {
      ~ id                       = "sgrule-526596295" -> (known after apply)
      ~ security_group_id        = "sg-0708f7ada95b60fd5" # forces replacement -> (known after apply) # forces replacement
      ~ security_group_rule_id   = "sgr-0be123c1eac5ac2c4" -> (known after apply)
      + source_security_group_id = (known after apply)
        # (7 unchanged attributes hidden)
    }

  # module.aurora.module.aurora_cluster[0].aws_security_group_rule.ingress_cidr_blocks[0] must be replaced
-/+ resource "aws_security_group_rule" "ingress_cidr_blocks" {
      ~ id                       = "sgrule-2773057951" -> (known after apply)
      ~ security_group_id        = "sg-0708f7ada95b60fd5" # forces replacement -> (known after apply) # forces replacement
      ~ security_group_rule_id   = "sgr-0d027ecb915cd1bc1" -> (known after apply)
      + source_security_group_id = (known after apply)
        # (7 unchanged attributes hidden)
    }

Plan: 11 to add, 1 to change, 11 to destroy.

Changes to Outputs:
  ~ aurora_arns            = "arn:aws:rds:us-east-1:471112653618:cluster:arc-saas-dev-arc-saas-dev-aurora" -> (known after apply)
  ~ aurora_endpoints       = "arc-saas-dev-arc-saas-dev-aurora.cluster-ctuyek6cgig6.us-east-1.rds.amazonaws.com" -> (known after apply)
  ~ aurora_reader_endpoint = "arc-saas-dev-arc-saas-dev-aurora.cluster-ro-ctuyek6cgig6.us-east-1.rds.amazonaws.com" -> (known after apply)
  ~ aurora_security_group  = [
      - [
          - "sg-0708f7ada95b60fd5",
        ],
      + (known after apply),
    ]

Copy link
Contributor

Terraform plan output for network in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.network.module.public_subnets.aws_subnet.public["us-east-1a"] will be updated in-place
  ~ resource "aws_subnet" "public" {
        id                                             = "subnet-0cd7ca535c6f06b29"
      ~ tags                                           = {
            "Attributes"             = "public"
            "Environment"            = "dev"
            "Name"                   = "arc-saas-dev-public-subnet-public-us-east-1a"
            "Project"                = "arc-saas"
            "Type"                   = "public"
          - "kubernetes.io/role/elb" = "1" -> null
        }
      ~ tags_all                                       = {
          - "kubernetes.io/role/elb" = "1" -> null
            # (5 unchanged elements hidden)
        }
        # (15 unchanged attributes hidden)
    }

  # module.network.module.public_subnets.aws_subnet.public["us-east-1b"] will be updated in-place
  ~ resource "aws_subnet" "public" {
        id                                             = "subnet-0008bb1bc1329ce37"
      ~ tags                                           = {
            "Attributes"             = "public"
            "Environment"            = "dev"
            "Name"                   = "arc-saas-dev-public-subnet-public-us-east-1b"
            "Project"                = "arc-saas"
            "Type"                   = "public"
          - "kubernetes.io/role/elb" = "1" -> null
        }
      ~ tags_all                                       = {
          - "kubernetes.io/role/elb" = "1" -> null
            # (5 unchanged elements hidden)
        }
        # (15 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

Copy link
Contributor

Terraform plan output for elasticache in dev


No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Copy link
Collaborator

@rayl15 rayl15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved

@rayl15 rayl15 merged commit c9d0219 into main Apr 23, 2024
13 checks passed
Copy link
Contributor

Terraform plan output for core-infra-pipeline in dev


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.billing_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-billing-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-billing-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.cognito_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-cognito-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-cognito-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.control_plane_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-control-plane-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-control-plane-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.deployment_pipeline.aws_codepipeline.deployment_pipeline will be updated in-place
  ~ resource "aws_codepipeline" "deployment_pipeline" {
        id       = "arc-saas-dev-terraform-pipeline"
        name     = "arc-saas-dev-terraform-pipeline"
        tags     = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (3 unchanged attributes hidden)

      ~ stage {
            name = "Stage-Bootstrap"

          ~ action {
                name             = "Action-Bootstrap"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Networking"

          ~ action {
                name             = "Action-Networking"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Database"

          ~ action {
                name             = "Action-Database"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Elasticache"

          ~ action {
                name             = "Action-Elasticache"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Opensearch"

          ~ action {
                name             = "Action-Opensearch"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-ClientVPN"

          ~ action {
                name             = "Action-ClientVPN"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-IAMRole"

          ~ action {
                name             = "Action-IAMRole"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-EKS"

          ~ action {
                name             = "Action-EKS"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-EKS-Auth"

          ~ action {
                name             = "Action-EKS-Auth"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-EKS-Istio"

          ~ action {
                name             = "Action-EKS-Istio"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Observability"

          ~ action {
                name             = "Action-Observability"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Opensearch-Ops"

          ~ action {
                name             = "Action-Opensearch-Ops"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Cognito"

          ~ action {
                name             = "Action-Cognito"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-TenantCodebuilds"

          ~ action {
                name             = "Action-TenantCodebuilds"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-ControlPlaneApplication"

          ~ action {
                name             = "Action-ControlPlaneApplication"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-Billing"

          ~ action {
                name             = "Action-Billing"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }
      ~ stage {
            name = "Stage-WAF"

          ~ action {
                name             = "Action-WAF"
              ~ output_artifacts = [
                  + null,
                ]
                # (10 unchanged attributes hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.eks_auth_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-auth-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-auth-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.eks_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.eks_observability_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-eks-observability-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-eks-observability-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.elasticache_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-elasticache-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-elasticache-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.iam_role_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-iam-role-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-iam-role-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.initial_bootstrap.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/initial-bootstrap-arc-saas-dev"
        name                   = "initial-bootstrap-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.istio_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-istio-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-istio-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.networking_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-networking-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-networking-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.opensearch_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-opensearch-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-opensearch-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.tenant_codebuild_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-tenant-codebuild-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.vpn_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-vpn-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-vpn-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.waf_module_build_step_codebuild_project.aws_codebuild_project.codebuild_project will be updated in-place
  ~ resource "aws_codebuild_project" "codebuild_project" {
        id                     = "arn:aws:codebuild:us-east-1:471112653618:project/terraform-waf-module-build-step-code-build-arc-saas-dev"
        name                   = "terraform-waf-module-build-step-code-build-arc-saas-dev"
        tags                   = {
            "Environment" = "dev"
            "Project"     = "arc-saas"
        }
        # (14 unchanged attributes hidden)

      ~ source {
            # (6 unchanged attributes hidden)

          + git_submodules_config {
              + fetch_submodules = false
            }
        }

      + vpc_config {
            # (1 unchanged attribute hidden)
        }

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 16 to change, 0 to destroy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants