profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/dj2/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
dan sinclair dj2 @cds-snc Waterloo http://everburning.com Software Writer.

dj2/Ruby-RTF 22

A Ruby RTF Library

dj2/query_string_parser 15

A simple query string parser

dj2/MyTube 10

Cocoa YouTube Application

dj2/async-rack 9

Makes middleware that ships with Rack bullet-proof for async responses.

dj2/ObjectiveC-UnitTest-Example 8

A repo with an Objective-C project setup with OCUnit and OCMock

dj2/SilverLining 8

HotCocoa app to view Amazon EC2 instance information

dj2/Postie 7

HotCocoa tutorial application

cds-snc/docs 3

Documentation Repository

dj2/Bean 3

Cocoa extensions for MacRuby apps

dj2/Flick 2

Tutorial application on flicking views on the iPhone

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

🏁 Plans are complete for this run

CalvinRodo

comment created time in 6 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: etl_lambdas

✅   Terraform Format: success ✅   Terraform Plan: success

⚠️   WARNING: resources will be destroyed by this change!

Plan: 0 to add, 0 to change, 19 to destroy

<details> <summary>Show Plan</summary>

module.unmasked_metrics.aws_efs_file_system.efs_for_lambda: Refreshing state... [id=fs-60b9848d]
aws_cloudwatch_event_rule.twice-a-day: Refreshing state... [id=twice-a-day]
module.masked_metrics.aws_efs_mount_target.mt: Refreshing state... [id=fsmt-22f34dcf]
module.masked_metrics.aws_efs_access_point.access_point_for_lambda: Refreshing state... [id=fsap-0320df5e73bc78c10]
aws_cloudwatch_event_target.tigger-unmasked_metrics: Refreshing state... [id=twice-a-day-unmasked_metrics]
module.unmasked_metrics.aws_efs_access_point.access_point_for_lambda: Refreshing state... [id=fsap-089530abd87ad4b95]
module.unmasked_metrics.aws_lambda_function.lambda: Refreshing state... [id=unmasked_metrics]
aws_lambda_permission.allow-cloudwatch-to-call-masked_metrics: Refreshing state... [id=AllowExecutionFromCloudWatch]
module.unmasked_metrics.aws_efs_mount_target.mt: Refreshing state... [id=fsmt-23f34dce]
module.masked_metrics.aws_lambda_function.lambda: Refreshing state... [id=masked_metrics]
aws_cloudwatch_event_target.tigger-masked_metrics: Refreshing state... [id=twice-a-day-masked_metrics]
aws_lambda_permission.allow-cloudwatch-to-call-unmasked_metrics: Refreshing state... [id=AllowExecutionFromCloudWatch]
aws_iam_role.metrics_csv: Refreshing state... [id=metrics_csv_lambda_role]
aws_iam_role_policy_attachment.lambda_insights: Refreshing state... [id=metrics_csv_lambda_role-20210526134833317700000001]
module.masked_metrics.aws_efs_file_system.efs_for_lambda: Refreshing state... [id=fs-61b9848c]
module.masked_metrics.aws_cloudwatch_log_group.metric_log: Refreshing state... [id=/aws/lambda/masked_metrics]
module.unmasked_metrics.aws_cloudwatch_log_group.metric_log: Refreshing state... [id=/aws/lambda/unmasked_metrics]
aws_iam_role_policy_attachment.etl_policies: Refreshing state... [id=metrics_csv_lambda_role-20210519202244195100000001]
aws_iam_policy.etl_policies: Refreshing state... [id=arn:aws:iam::820252213580:policy/EtlLambdaAccess]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # aws_cloudwatch_event_rule.twice-a-day will be destroyed
  - resource "aws_cloudwatch_event_rule" "twice-a-day" {
      - arn                 = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - description         = "Fires twice a day" -> null
      - event_bus_name      = "default" -> null
      - id                  = "twice-a-day" -> null
      - is_enabled          = true -> null
      - name                = "twice-a-day" -> null
      - schedule_expression = "cron(0 6,18 * * ? *)" -> null
      - tags                = {} -> null
      - tags_all            = {} -> null
    }

  # aws_cloudwatch_event_target.tigger-masked_metrics will be destroyed
  - resource "aws_cloudwatch_event_target" "tigger-masked_metrics" {
      - arn            = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics" -> null
      - event_bus_name = "default" -> null
      - id             = "twice-a-day-masked_metrics" -> null
      - rule           = "twice-a-day" -> null
      - target_id      = "masked_metrics" -> null
    }

  # aws_cloudwatch_event_target.tigger-unmasked_metrics will be destroyed
  - resource "aws_cloudwatch_event_target" "tigger-unmasked_metrics" {
      - arn            = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics" -> null
      - event_bus_name = "default" -> null
      - id             = "twice-a-day-unmasked_metrics" -> null
      - rule           = "twice-a-day" -> null
      - target_id      = "unmasked_metrics" -> null
    }

  # aws_iam_policy.etl_policies will be destroyed
  - resource "aws_iam_policy" "etl_policies" {
      - arn       = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - id        = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - name      = "EtlLambdaAccess" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "dynamodb:Scan",
                          - "dynamodb:Query",
                          - "dynamodb:GetItem",
                          - "dynamodb:ConditionCheckItem",
                          - "dynamodb:BatchGetItem",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:dynamodb:ca-central-1:820252213580:table/aggregate_metrics"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "ecr:GetDownloadUrlForlayer",
                          - "ecr:BatchGetImage",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ecr:ca-central-1:820252213580:repository/covid-server/metrics-server"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "ec2:DescribeNetworkInterfaces",
                          - "ec2:DeleteNetworkInterface",
                          - "ec2:CreateNetworkInterface",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "s3:PutObjectAcl",
                          - "s3:PutObject",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:s3:::unmasked-metrics-tdvfd-production/*",
                          - "arn:aws:s3:::unmasked-metrics-tdvfd-production",
                          - "arn:aws:s3:::masked-metrics-tdvfd-production/*",
                          - "arn:aws:s3:::masked-metrics-tdvfd-production",
                        ]
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "elasticfilesystem:DescribeMountTargets",
                          - "elasticfilesystem:ClientWrite",
                          - "elasticfilesystem:ClientMount",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c",
                          - "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d",
                        ]
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA356WXQFGANOBIN2CB" -> null
      - tags      = {} -> null
      - tags_all  = {} -> null
    }

  # aws_iam_role.metrics_csv will be destroyed
  - resource "aws_iam_role" "metrics_csv" {
      - arn                   = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2021-05-19T20:22:43Z" -> null
      - force_detach_policies = false -> null
      - id                    = "metrics_csv_lambda_role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::820252213580:policy/EtlLambdaAccess",
          - "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "metrics_csv_lambda_role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {} -> null
      - unique_id             = "AROA356WXQFGIV2GRLHFI" -> null

      - inline_policy {}
    }

  # aws_iam_role_policy_attachment.etl_policies will be destroyed
  - resource "aws_iam_role_policy_attachment" "etl_policies" {
      - id         = "metrics_csv_lambda_role-20210519202244195100000001" -> null
      - policy_arn = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - role       = "metrics_csv_lambda_role" -> null
    }

  # aws_iam_role_policy_attachment.lambda_insights will be destroyed
  - resource "aws_iam_role_policy_attachment" "lambda_insights" {
      - id         = "metrics_csv_lambda_role-20210526134833317700000001" -> null
      - policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" -> null
      - role       = "metrics_csv_lambda_role" -> null
    }

  # aws_lambda_permission.allow-cloudwatch-to-call-masked_metrics will be destroyed
  - resource "aws_lambda_permission" "allow-cloudwatch-to-call-masked_metrics" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "masked_metrics" -> null
      - id            = "AllowExecutionFromCloudWatch" -> null
      - principal     = "events.amazonaws.com" -> null
      - source_arn    = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - statement_id  = "AllowExecutionFromCloudWatch" -> null
    }

  # aws_lambda_permission.allow-cloudwatch-to-call-unmasked_metrics will be destroyed
  - resource "aws_lambda_permission" "allow-cloudwatch-to-call-unmasked_metrics" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "unmasked_metrics" -> null
      - id            = "AllowExecutionFromCloudWatch" -> null
      - principal     = "events.amazonaws.com" -> null
      - source_arn    = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - statement_id  = "AllowExecutionFromCloudWatch" -> null
    }

  # module.masked_metrics.aws_cloudwatch_log_group.metric_log will be destroyed
  - resource "aws_cloudwatch_log_group" "metric_log" {
      - arn               = "arn:aws:logs:ca-central-1:820252213580:log-group:/aws/lambda/masked_metrics" -> null
      - id                = "/aws/lambda/masked_metrics" -> null
      - name              = "/aws/lambda/masked_metrics" -> null
      - retention_in_days = 14 -> null
      - tags              = {} -> null
      - tags_all          = {} -> null
    }

  # module.masked_metrics.aws_efs_access_point.access_point_for_lambda will be destroyed
  - resource "aws_efs_access_point" "access_point_for_lambda" {
      - arn             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-0320df5e73bc78c10" -> null
      - file_system_arn = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - file_system_id  = "fs-61b9848c" -> null
      - id              = "fsap-0320df5e73bc78c10" -> null
      - owner_id        = "820252213580" -> null
      - tags            = {} -> null
      - tags_all        = {} -> null

      - posix_user {
          - gid            = 1000 -> null
          - secondary_gids = [] -> null
          - uid            = 1000 -> null
        }

      - root_directory {
          - path = "/lambda" -> null

          - creation_info {
              - owner_gid   = 1000 -> null
              - owner_uid   = 1000 -> null
              - permissions = "777" -> null
            }
        }
    }

  # module.masked_metrics.aws_efs_file_system.efs_for_lambda will be destroyed
  - resource "aws_efs_file_system" "efs_for_lambda" {
      - arn                             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - creation_token                  = "terraform-20210521225218804700000001" -> null
      - dns_name                        = "fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - encrypted                       = true -> null
      - id                              = "fs-61b9848c" -> null
      - kms_key_id                      = "arn:aws:kms:ca-central-1:820252213580:key/1052ecd5-f5c8-432c-a761-b394e546187b" -> null
      - number_of_mount_targets         = 1 -> null
      - owner_id                        = "820252213580" -> null
      - performance_mode                = "generalPurpose" -> null
      - provisioned_throughput_in_mibps = 0 -> null
      - size_in_bytes                   = [
          - {
              - value             = 987086848
              - value_in_ia       = 0
              - value_in_standard = 987086848
            },
        ] -> null
      - tags                            = {
          - "Name" = "masked_metrics_efs"
        } -> null
      - tags_all                        = {
          - "Name" = "masked_metrics_efs"
        } -> null
      - throughput_mode                 = "bursting" -> null
    }

  # module.masked_metrics.aws_efs_mount_target.mt will be destroyed
  - resource "aws_efs_mount_target" "mt" {
      - availability_zone_id   = "cac1-az2" -> null
      - availability_zone_name = "ca-central-1b" -> null
      - dns_name               = "fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - file_system_arn        = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - file_system_id         = "fs-61b9848c" -> null
      - id                     = "fsmt-22f34dcf" -> null
      - ip_address             = "10.0.1.138" -> null
      - mount_target_dns_name  = "ca-central-1b.fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - network_interface_id   = "eni-01b7a0c0761072f36" -> null
      - owner_id               = "820252213580" -> null
      - security_groups        = [
          - "sg-0601b86c6c8a63c5d",
        ] -> null
      - subnet_id              = "subnet-06fcfc328ffe9f5d0" -> null
    }

  # module.masked_metrics.aws_lambda_function.lambda will be destroyed
  - resource "aws_lambda_function" "lambda" {
      - arn                            = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics" -> null
      - function_name                  = "masked_metrics" -> null
      - id                             = "masked_metrics" -> null
      - image_uri                      = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:6fbb890e8a7cdfd19d3b3de1ed8885f5ac7442ef" -> null
      - invoke_arn                     = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics/invocations" -> null
      - last_modified                  = "2021-05-28T13:14:28.989+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 10240 -> null
      - package_type                   = "Image" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - source_code_hash               = "06b15b64e863e4cb0d35600748b5a4200c11a027e175bd62293a9decf7b4693d" -> null
      - source_code_size               = 0 -> null
      - tags                           = {} -> null
      - tags_all                       = {} -> null
      - timeout                        = 900 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "BUCKET_NAME"    = "masked-metrics-tdvfd-production"
              - "ENVIRONMENT"    = "production"
              - "IN_MEMORY_DATA" = "True"
              - "MASK_DATA"      = "true"
              - "TMP_PATH"       = "/mnt/efs"
            } -> null
        }

      - file_system_config {
          - arn              = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-0320df5e73bc78c10" -> null
          - local_mount_path = "/mnt/efs" -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0b77afa7e1b78c3c2",
            ] -> null
          - subnet_ids         = [
              - "subnet-06fcfc328ffe9f5d0",
            ] -> null
          - vpc_id             = "vpc-086a4997479cf5b10" -> null
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_log_group.metric_log will be destroyed
  - resource "aws_cloudwatch_log_group" "metric_log" {
      - arn               = "arn:aws:logs:ca-central-1:820252213580:log-group:/aws/lambda/unmasked_metrics" -> null
      - id                = "/aws/lambda/unmasked_metrics" -> null
      - name              = "/aws/lambda/unmasked_metrics" -> null
      - retention_in_days = 14 -> null
      - tags              = {} -> null
      - tags_all          = {} -> null
    }

  # module.unmasked_metrics.aws_efs_access_point.access_point_for_lambda will be destroyed
  - resource "aws_efs_access_point" "access_point_for_lambda" {
      - arn             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-089530abd87ad4b95" -> null
      - file_system_arn = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - file_system_id  = "fs-60b9848d" -> null
      - id              = "fsap-089530abd87ad4b95" -> null
      - owner_id        = "820252213580" -> null
      - tags            = {} -> null
      - tags_all        = {} -> null

      - posix_user {
          - gid            = 1000 -> null
          - secondary_gids = [] -> null
          - uid            = 1000 -> null
        }

      - root_directory {
          - path = "/lambda" -> null

          - creation_info {
              - owner_gid   = 1000 -> null
              - owner_uid   = 1000 -> null
              - permissions = "777" -> null
            }
        }
    }

  # module.unmasked_metrics.aws_efs_file_system.efs_for_lambda will be destroyed
  - resource "aws_efs_file_system" "efs_for_lambda" {
      - arn                             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - creation_token                  = "terraform-20210521225218807600000002" -> null
      - dns_name                        = "fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - encrypted                       = true -> null
      - id                              = "fs-60b9848d" -> null
      - kms_key_id                      = "arn:aws:kms:ca-central-1:820252213580:key/1052ecd5-f5c8-432c-a761-b394e546187b" -> null
      - number_of_mount_targets         = 1 -> null
      - owner_id                        = "820252213580" -> null
      - performance_mode                = "generalPurpose" -> null
      - provisioned_throughput_in_mibps = 0 -> null
      - size_in_bytes                   = [
          - {
              - value             = 961015808
              - value_in_ia       = 0
              - value_in_standard = 961015808
            },
        ] -> null
      - tags                            = {
          - "Name" = "unmasked_metrics_efs"
        } -> null
      - tags_all                        = {
          - "Name" = "unmasked_metrics_efs"
        } -> null
      - throughput_mode                 = "bursting" -> null
    }

  # module.unmasked_metrics.aws_efs_mount_target.mt will be destroyed
  - resource "aws_efs_mount_target" "mt" {
      - availability_zone_id   = "cac1-az2" -> null
      - availability_zone_name = "ca-central-1b" -> null
      - dns_name               = "fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - file_system_arn        = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - file_system_id         = "fs-60b9848d" -> null
      - id                     = "fsmt-23f34dce" -> null
      - ip_address             = "10.0.1.226" -> null
      - mount_target_dns_name  = "ca-central-1b.fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - network_interface_id   = "eni-03392ade9ee4f1415" -> null
      - owner_id               = "820252213580" -> null
      - security_groups        = [
          - "sg-0601b86c6c8a63c5d",
        ] -> null
      - subnet_id              = "subnet-06fcfc328ffe9f5d0" -> null
    }

  # module.unmasked_metrics.aws_lambda_function.lambda will be destroyed
  - resource "aws_lambda_function" "lambda" {
      - arn                            = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics" -> null
      - function_name                  = "unmasked_metrics" -> null
      - id                             = "unmasked_metrics" -> null
      - image_uri                      = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:6fbb890e8a7cdfd19d3b3de1ed8885f5ac7442ef" -> null
      - invoke_arn                     = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics/invocations" -> null
      - last_modified                  = "2021-05-27T17:08:52.000+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 10240 -> null
      - package_type                   = "Image" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - source_code_hash               = "06b15b64e863e4cb0d35600748b5a4200c11a027e175bd62293a9decf7b4693d" -> null
      - source_code_size               = 0 -> null
      - tags                           = {} -> null
      - tags_all                       = {} -> null
      - timeout                        = 900 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "BUCKET_NAME"    = "unmasked-metrics-tdvfd-production"
              - "ENVIRONMENT"    = "production"
              - "IN_MEMORY_DATA" = "True"
              - "MASK_DATA"      = "false"
              - "TMP_PATH"       = "/mnt/efs"
            } -> null
        }

      - file_system_config {
          - arn              = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-089530abd87ad4b95" -> null
          - local_mount_path = "/mnt/efs" -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0b77afa7e1b78c3c2",
            ] -> null
          - subnet_ids         = [
              - "subnet-06fcfc328ffe9f5d0",
            ] -> null
          - vpc_id             = "vpc-086a4997479cf5b10" -> null
        }
    }

Plan: 0 to add, 0 to change, 19 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

Releasing state lock. This may take a few moments...

</details>

CalvinRodo

comment created time in 6 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: ecs

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 16 to add, 0 to change, 0 to destroy

<details> <summary>Show Plan</summary>


An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.etl_policies will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "etl_policies"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "dynamodb:BatchGetItem",
              + "dynamodb:ConditionCheckItem",
              + "dynamodb:GetItem",
              + "dynamodb:Query",
              + "dynamodb:Scan",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:dynamodb:ca-central-1:820252213580:table/aggregate_metrics",
            ]
        }
      + statement {
          + actions   = [
              + "ecr:BatchGetImage",
              + "ecr:GetDownloadUrlForlayer",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ecr:ca-central-1:820252213580:repository/covid-server/metrics-server",
            ]
        }
      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "ec2:CreateNetworkInterface",
              + "ec2:DeleteNetworkInterface",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ec2:ca-central-1:820252213580:network-interface/*",
            ]
        }
      + statement {
          + actions   = [
              + "ec2:DescribeNetworkInterfaces",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
              + "s3:PutObjectAcl",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:s3:::masked-metrics-tdvfd-production",
              + "arn:aws:s3:::masked-metrics-tdvfd-production/*",
              + "arn:aws:s3:::unmasked-metrics-tdvfd-production",
              + "arn:aws:s3:::unmasked-metrics-tdvfd-production/*",
            ]
        }
    }

  # data.aws_iam_policy_document.scheduled_task_cw_event_role_cloudwatch_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "scheduled_task_cw_event_role_cloudwatch_policy"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "ecs:RunTask",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # aws_ecs_cluster.in_app_metrics will be created
  + resource "aws_ecs_cluster" "in_app_metrics" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "in-app-metrics"
      + tags     = {
          + "CostCentre" = "CovidShield"
        }
      + tags_all = {
          + "CostCentre" = "CovidShield"
        }

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_iam_policy.etl_policies will be created
  + resource "aws_iam_policy" "etl_policies" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "ETLTaskExecutionPolicies"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
      + tags_all  = (known after apply)
    }

  # aws_iam_role.container_execution_role will be created
  + resource "aws_iam_role" "container_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = [
                              + "ec2.amazonaws.com",
                              + "ecs-tasks.amazonaws.com",
                            ]
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "container_execution_role"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role.scheduled_task_cw_event_role will be created
  + resource "aws_iam_role" "scheduled_task_cw_event_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "events.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "etl-st-cw-role"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role.task_execution_role will be created
  + resource "aws_iam_role" "task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "metrics_task_execution_role"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy will be created
  + resource "aws_iam_role_policy" "scheduled_task_cw_event_role_cloudwatch_policy" {
      + id     = (known after apply)
      + name   = "etl-st-cw-policy"
      + policy = (known after apply)
      + role   = (known after apply)
    }

  # aws_iam_role_policy_attachment.ce_cs will be created
  + resource "aws_iam_role_policy_attachment" "ce_cs" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
      + role       = "container_execution_role"
    }

  # aws_iam_role_policy_attachment.te_etl_policies will be created
  + resource "aws_iam_role_policy_attachment" "te_etl_policies" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "metrics_task_execution_role"
    }

  # module.masked_metrics.data.template_file.masked_metrics will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "masked_metrics"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "MASK_DATA"
                          + value = "${mask_data}"
                        },
                      + {
                          + name  = "ENVIRONMENT"
                          + value = "${environment}"
                        },
                      + {
                          + name  = "BUCKET_NAME"
                          + value = "${bucket_name}"
                        },
                    ]
                  + image            = "${image}"
                  + linuxParameters  = {
                      + capabilities = {
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "${awslogs-group}"
                          + awslogs-region        = "${awslogs-region}"
                          + awslogs-stream-prefix = "${awslogs-stream-prefix}"
                        }
                    }
                  + name             = "${name}"
                  + portMappings     = [
                      + {
                          + containerPort = 8001
                        },
                    ]
                  + secrets          = []
                },
            ]
        )
      + vars     = {
          + "awslogs-group"         = "/aws/ecs/masked_metrics_ecs"
          + "awslogs-region"        = "ca-central-1"
          + "awslogs-stream-prefix" = "ecs-masked-metrics"
          + "bucket_name"           = "masked-metrics-tdvfd-production"
          + "environment"           = "production"
          + "image"                 = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:4819f93a1a68f0147be3536513cee4e07d766f47"
          + "mask_data"             = "True"
          + "name"                  = "masked_metrics"
        }
    }

  # module.masked_metrics.aws_cloudwatch_event_rule.event_rule will be created
  + resource "aws_cloudwatch_event_rule" "event_rule" {
      + arn                 = (known after apply)
      + event_bus_name      = "default"
      + id                  = (known after apply)
      + is_enabled          = true
      + name                = "masked_metrics_event_rule"
      + name_prefix         = (known after apply)
      + schedule_expression = "rate(24 hours)"
      + tags                = {
          + "Name" = "masked_metrics-cw-event-rule"
        }
      + tags_all            = {
          + "Name" = "masked_metrics-cw-event-rule"
        }
    }

  # module.masked_metrics.aws_cloudwatch_event_target.ecs_scheduled_task will be created
  + resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
      + arn            = (known after apply)
      + event_bus_name = "default"
      + id             = (known after apply)
      + role_arn       = (known after apply)
      + rule           = "masked_metrics_event_rule"
      + target_id      = (known after apply)

      + ecs_target {
          + launch_type         = "FARGATE"
          + platform_version    = "1.4.0"
          + task_count          = 1
          + task_definition_arn = (known after apply)

          + network_configuration {
              + assign_public_ip = false
              + security_groups  = [
                  + "sg-0b77afa7e1b78c3c2",
                ]
              + subnets          = [
                  + "subnet-06fcfc328ffe9f5d0",
                ]
            }
        }
    }

  # module.masked_metrics.aws_cloudwatch_log_group.log will be created
  + resource "aws_cloudwatch_log_group" "log" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/ecs/masked_metrics_ecs"
      + retention_in_days = 14
      + tags_all          = (known after apply)
    }

  # module.masked_metrics.aws_ecs_task_definition.task_def will be created
  + resource "aws_ecs_task_definition" "task_def" {
      + arn                      = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "512"
      + execution_role_arn       = (known after apply)
      + family                   = "masked_metrics"
      + id                       = (known after apply)
      + memory                   = "1024"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + tags                     = {
          + "CostCentre" = "CovidShield"
        }
      + tags_all                 = {
          + "CostCentre" = "CovidShield"
        }
      + task_role_arn            = (known after apply)
    }

  # module.unmasked_metrics.data.template_file.masked_metrics will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "masked_metrics"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "MASK_DATA"
                          + value = "${mask_data}"
                        },
                      + {
                          + name  = "ENVIRONMENT"
                          + value = "${environment}"
                        },
                      + {
                          + name  = "BUCKET_NAME"
                          + value = "${bucket_name}"
                        },
                    ]
                  + image            = "${image}"
                  + linuxParameters  = {
                      + capabilities = {
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "${awslogs-group}"
                          + awslogs-region        = "${awslogs-region}"
                          + awslogs-stream-prefix = "${awslogs-stream-prefix}"
                        }
                    }
                  + name             = "${name}"
                  + portMappings     = [
                      + {
                          + containerPort = 8001
                        },
                    ]
                  + secrets          = []
                },
            ]
        )
      + vars     = {
          + "awslogs-group"         = "/aws/ecs/unmasked_metrics_ecs"
          + "awslogs-region"        = "ca-central-1"
          + "awslogs-stream-prefix" = "ecs-unmasked-metrics"
          + "bucket_name"           = "unmasked-metrics-tdvfd-production"
          + "environment"           = "production"
          + "image"                 = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:4819f93a1a68f0147be3536513cee4e07d766f47"
          + "mask_data"             = "False"
          + "name"                  = "unmasked_metrics"
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_event_rule.event_rule will be created
  + resource "aws_cloudwatch_event_rule" "event_rule" {
      + arn                 = (known after apply)
      + event_bus_name      = "default"
      + id                  = (known after apply)
      + is_enabled          = true
      + name                = "unmasked_metrics_event_rule"
      + name_prefix         = (known after apply)
      + schedule_expression = "rate(24 hours)"
      + tags                = {
          + "Name" = "unmasked_metrics-cw-event-rule"
        }
      + tags_all            = {
          + "Name" = "unmasked_metrics-cw-event-rule"
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_event_target.ecs_scheduled_task will be created
  + resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
      + arn            = (known after apply)
      + event_bus_name = "default"
      + id             = (known after apply)
      + role_arn       = (known after apply)
      + rule           = "unmasked_metrics_event_rule"
      + target_id      = (known after apply)

      + ecs_target {
          + launch_type         = "FARGATE"
          + platform_version    = "1.4.0"
          + task_count          = 1
          + task_definition_arn = (known after apply)

          + network_configuration {
              + assign_public_ip = false
              + security_groups  = [
                  + "sg-0b77afa7e1b78c3c2",
                ]
              + subnets          = [
                  + "subnet-06fcfc328ffe9f5d0",
                ]
            }
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_log_group.log will be created
  + resource "aws_cloudwatch_log_group" "log" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/ecs/unmasked_metrics_ecs"
      + retention_in_days = 14
      + tags_all          = (known after apply)
    }

  # module.unmasked_metrics.aws_ecs_task_definition.task_def will be created
  + resource "aws_ecs_task_definition" "task_def" {
      + arn                      = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "512"
      + execution_role_arn       = (known after apply)
      + family                   = "unmasked_metrics"
      + id                       = (known after apply)
      + memory                   = "1024"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + tags                     = {
          + "CostCentre" = "CovidShield"
        }
      + tags_all                 = {
          + "CostCentre" = "CovidShield"
        }
      + task_role_arn            = (known after apply)
    }

Plan: 16 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in 7 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: backoff_retry_lambda

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 0 to add, 1 to change, 0 to destroy

<details> <summary>Show Plan</summary>

aws_iam_role.backoff: Refreshing state... [id=backoff_lambda_role]
aws_iam_policy.backoff_retry: Refreshing state... [id=arn:aws:iam::820252213580:policy/CovidAlertBackoffRetryLambda]
aws_iam_role_policy_attachment.backoff_retry: Refreshing state... [id=backoff_lambda_role-20210531191444542600000001]
aws_security_group.backoff_retry_sg: Refreshing state... [id=sg-0ed581601fe3fe7fc]
aws_security_group_rule.privatelink_metrics_backoff_ingress: Refreshing state... [id=sgrule-798161409]
aws_lambda_function.backoff_retry: Refreshing state... [id=backoff_retry]
aws_lambda_event_source_mapping.dead_letters: Refreshing state... [id=89578793-102f-4d07-8988-7cc0dca14eb7]
aws_cloudwatch_metric_alarm.backoff_retry_average_duration: Refreshing state... [id=backoff-retry--average-duration]
aws_cloudwatch_log_group.backoff_log_group: Refreshing state... [id=/aws/lambda/backoff_retry]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_policy.backoff_retry will be updated in-place
  ~ resource "aws_iam_policy" "backoff_retry" {
        id        = "arn:aws:iam::820252213580:policy/CovidAlertBackoffRetryLambda"
        name      = "CovidAlertBackoffRetryLambda"
      ~ policy    = jsonencode(
          ~ {
              ~ Statement = [
                    # (1 unchanged element hidden)
                    {
                        Action   = [
                            "logs:PutLogEvents",
                            "logs:CreateLogStream",
                        ]
                        Effect   = "Allow"
                        Resource = "arn:aws:logs:*:*:*"
                        Sid      = ""
                    },
                  ~ {
                      ~ Action   = [
                          - "ec2:DescribeNetworkInterfaces",
                            "ec2:DeleteNetworkInterface",
                            # (1 unchanged element hidden)
                        ]
                      ~ Resource = "*" -> "arn:aws:ec2:ca-central-1:820252213580:network-interface/*"
                        # (2 unchanged elements hidden)
                    },
                  + {
                      + Action   = "ec2:DescribeNetworkInterfaces"
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = ""
                    },
                    {
                        Action   = [
                            "sqs:SendMessage",
                            "sqs:ReceiveMessage",
                            "sqs:GetQueueAttributes",
                            "sqs:DeleteMessage",
                            "kms:GenerateDataKey",
                            "kms:Decrypt",
                        ]
                        Effect   = "Allow"
                        Resource = [
                            "arn:aws:sqs:ca-central-1:820252213580:aggregation-lambda-dead-letter-queue",
                            "arn:aws:kms:ca-central-1:820252213580:key/73667eeb-f327-4ee4-866a-2239de28f560",
                        ]
                        Sid      = ""
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
        tags      = {}
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in 7 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: s3

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 2 to add, 0 to change, 0 to destroy

<details> <summary>Show Plan</summary>

random_string.bucket_random_id: Refreshing state... [id=tdvfd]
module.unmasked_metrics.aws_s3_bucket.masked_metrics: Refreshing state... [id=unmasked-metrics-tdvfd-production]
module.masked_metrics.aws_s3_bucket.masked_metrics: Refreshing state... [id=masked-metrics-tdvfd-production]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.masked_metrics.aws_s3_bucket_public_access_block.masked_metrics will be created
  + resource "aws_s3_bucket_public_access_block" "masked_metrics" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "masked-metrics-tdvfd-production"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.unmasked_metrics.aws_s3_bucket_public_access_block.masked_metrics will be created
  + resource "aws_s3_bucket_public_access_block" "masked_metrics" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "unmasked-metrics-tdvfd-production"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

Plan: 2 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

Releasing state lock. This may take a few moments...

</details>

CalvinRodo

comment created time in 8 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: network

✅   Terraform Format: success ✅   Terraform Plan: success

⚠️   WARNING: resources will be destroyed by this change!

Plan: 7 to add, 13 to change, 2 to destroy

<details> <summary>Show Plan</summary>

aws_eip.lambda: Refreshing state... [id=eipalloc-0e14bda1148801041]
aws_vpc.main: Refreshing state... [id=vpc-086a4997479cf5b10]
aws_subnet.private: Refreshing state... [id=subnet-06fcfc328ffe9f5d0]
aws_security_group.lambda: Refreshing state... [id=sg-0b77afa7e1b78c3c2]
aws_security_group.efs: Refreshing state... [id=sg-0601b86c6c8a63c5d]
aws_default_route_table.default: Refreshing state... [id=rtb-0808af644864c76fc]
aws_default_network_acl.default: Refreshing state... [id=acl-0549ea64c0a5dd244]
aws_default_security_group.default: Refreshing state... [id=sg-05da359a059d41cdd]
aws_subnet.public: Refreshing state... [id=subnet-0f56eba7c1dbfdbe1]
aws_internet_gateway.gw: Refreshing state... [id=igw-00e00ca5f9d0d9bb1]
aws_route_table.public: Refreshing state... [id=rtb-03b21c36e7aa3f06d]
aws_security_group_rule.efs_ingress: Refreshing state... [id=sgrule-3307242864]
aws_security_group_rule.inet_egress: Refreshing state... [id=sgrule-2790156866]
aws_security_group_rule.efs_egress: Refreshing state... [id=sgrule-3197137894]
aws_nat_gateway.nat_gateway: Refreshing state... [id=nat-0330af1b2a402ec33]
aws_network_acl.main: Refreshing state... [id=acl-03ffeb664fa756d29]
aws_vpc_endpoint.s3: Refreshing state... [id=vpce-06674ae7bb78e969f]
aws_route_table_association.public: Refreshing state... [id=rtbassoc-0e9f78a27f7846671]
aws_vpc_endpoint.dynamodb: Refreshing state... [id=vpce-00dc3084b7f725d68]
aws_route_table.private: Refreshing state... [id=rtb-00da3a96f8b34217a]
aws_route_table_association.a: Refreshing state... [id=rtbassoc-06527543e55cc4b21]
aws_security_group_rule.s3_private_link: Refreshing state... [id=sgrule-1374877533]
aws_security_group_rule.dynamodb_privatelink: Refreshing state... [id=sgrule-2378049180]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.vpc_metrics_flow_logs_write will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "vpc_metrics_flow_logs_write"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:DescribeLogGroups",
              + "logs:DescribeLogStreams",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # aws_cloudwatch_log_group.vpc_metrics_flow_logs will be created
  + resource "aws_cloudwatch_log_group" "vpc_metrics_flow_logs" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "vpc_metrics_flow_logs"
      + retention_in_days = 30
      + tags_all          = (known after apply)
    }

  # aws_default_network_acl.default will be updated in-place
  ~ resource "aws_default_network_acl" "default" {
        id                     = "acl-0549ea64c0a5dd244"
      ~ tags                   = {
          ~ "Name" = "metricsstaging_default_nacl" -> "inappmetricsprod_default_nacl"
        }
      ~ tags_all               = {
          ~ "Name" = "metricsstaging_default_nacl" -> "inappmetricsprod_default_nacl"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_default_route_table.default will be updated in-place
  ~ resource "aws_default_route_table" "default" {
        id                     = "rtb-0808af644864c76fc"
      ~ tags                   = {
          ~ "name" = "metricsstaging_default_route_table" -> "inappmetricsprod_default_route_table"
        }
      ~ tags_all               = {
          ~ "name" = "metricsstaging_default_route_table" -> "inappmetricsprod_default_route_table"
        }
        # (6 unchanged attributes hidden)
    }

  # aws_flow_log.vpc_metrics_flow_logs will be created
  + resource "aws_flow_log" "vpc_metrics_flow_logs" {
      + arn                      = (known after apply)
      + iam_role_arn             = (known after apply)
      + id                       = (known after apply)
      + log_destination          = (known after apply)
      + log_destination_type     = "cloud-watch-logs"
      + log_format               = (known after apply)
      + log_group_name           = (known after apply)
      + max_aggregation_interval = 600
      + tags_all                 = (known after apply)
      + traffic_type             = "ALL"
      + vpc_id                   = "vpc-086a4997479cf5b10"
    }

  # aws_iam_policy.vpc_metrics_flow_logs_write will be created
  + resource "aws_iam_policy" "vpc_metrics_flow_logs_write" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "CovidAlertMetricsVpcFlowLogs"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
      + tags_all  = (known after apply)
    }

  # aws_iam_role.vpc_metrics_flow_logs will be created
  + resource "aws_iam_role" "vpc_metrics_flow_logs" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "vpc-flow-logs.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "vpc_metrics_flow_logs"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write will be created
  + resource "aws_iam_role_policy_attachment" "vpc_metrics_flow_logs_write" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "vpc_metrics_flow_logs"
    }

  # aws_internet_gateway.gw will be updated in-place
  ~ resource "aws_internet_gateway" "gw" {
        id       = "igw-00e00ca5f9d0d9bb1"
      ~ tags     = {
          ~ "Name" = "metricsstaging_internet_gateway" -> "inappmetricsprod_internet_gateway"
        }
      ~ tags_all = {
          ~ "Name" = "metricsstaging_internet_gateway" -> "inappmetricsprod_internet_gateway"
        }
        # (3 unchanged attributes hidden)
    }

  # aws_nat_gateway.nat_gateway will be updated in-place
  ~ resource "aws_nat_gateway" "nat_gateway" {
        id                   = "nat-0330af1b2a402ec33"
      ~ tags                 = {
          ~ "Name" = "metricsstaging-natgw" -> "inappmetricsprod-natgw"
        }
      ~ tags_all             = {
          ~ "Name" = "metricsstaging-natgw" -> "inappmetricsprod-natgw"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_network_acl.main will be updated in-place
  ~ resource "aws_network_acl" "main" {
        id         = "acl-03ffeb664fa756d29"
      ~ subnet_ids = [
          - "subnet-06fcfc328ffe9f5d0",
          - "subnet-0f56eba7c1dbfdbe1",
        ] -> (known after apply)
      ~ tags       = {
          ~ "Name" = "metricsstaging_main_nacl" -> "inappmetricsprod_main_nacl"
        }
      ~ tags_all   = {
          ~ "Name" = "metricsstaging_main_nacl" -> "inappmetricsprod_main_nacl"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_route_table.private will be updated in-place
  ~ resource "aws_route_table" "private" {
        id               = "rtb-00da3a96f8b34217a"
      ~ tags             = {
          ~ "Name" = "metricsstaging_private_route_table" -> "inappmetricsprod_private_route_table"
        }
      ~ tags_all         = {
          ~ "Name" = "metricsstaging_private_route_table" -> "inappmetricsprod_private_route_table"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_route_table.public will be updated in-place
  ~ resource "aws_route_table" "public" {
        id               = "rtb-03b21c36e7aa3f06d"
      ~ tags             = {
          ~ "Name" = "metricsstaging_public_route_table" -> "inappmetricsprod_public_route_table"
        }
      ~ tags_all         = {
          ~ "Name" = "metricsstaging_public_route_table" -> "inappmetricsprod_public_route_table"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_route_table_association.a must be replaced
-/+ resource "aws_route_table_association" "a" {
      ~ id             = "rtbassoc-06527543e55cc4b21" -> (known after apply)
      ~ subnet_id      = "subnet-06fcfc328ffe9f5d0" -> (known after apply) # forces replacement
        # (1 unchanged attribute hidden)
    }

  # aws_security_group.efs will be updated in-place
  ~ resource "aws_security_group" "efs" {
        id                     = "sg-0601b86c6c8a63c5d"
        name                   = "terraform-20210521225207411400000001"
      ~ tags                   = {
          ~ "Name" = "metricsstaging_efs_sg" -> "inappmetricsprod_efs_sg"
        }
      ~ tags_all               = {
          ~ "Name" = "metricsstaging_efs_sg" -> "inappmetricsprod_efs_sg"
        }
        # (8 unchanged attributes hidden)
    }

  # aws_security_group.lambda will be updated in-place
  ~ resource "aws_security_group" "lambda" {
        id                     = "sg-0b77afa7e1b78c3c2"
        name                   = "terraform-20210519192428868000000001"
      ~ tags                   = {
          ~ "Name" = "metricsstaging_lambda_sg" -> "inappmetricsprod_lambda_sg"
        }
      ~ tags_all               = {
          ~ "Name" = "metricsstaging_lambda_sg" -> "inappmetricsprod_lambda_sg"
        }
        # (8 unchanged attributes hidden)
    }

  # aws_subnet.private must be replaced
-/+ resource "aws_subnet" "private" {
      ~ arn                             = "arn:aws:ec2:ca-central-1:820252213580:subnet/subnet-06fcfc328ffe9f5d0" -> (known after apply)
      ~ availability_zone               = "ca-central-1b" -> "ca-central-1a" # forces replacement
      ~ availability_zone_id            = "cac1-az2" -> (known after apply)
      ~ id                              = "subnet-06fcfc328ffe9f5d0" -> (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      - map_customer_owned_ip_on_launch = false -> null
      ~ owner_id                        = "820252213580" -> (known after apply)
      ~ tags                            = {
          ~ "Name" = "metricsstaging_private_subnet" -> "inappmetricsprod_private_subnet"
        }
      ~ tags_all                        = {
          ~ "Name" = "metricsstaging_private_subnet" -> "inappmetricsprod_private_subnet"
        }
        # (4 unchanged attributes hidden)
    }

  # aws_subnet.public will be updated in-place
  ~ resource "aws_subnet" "public" {
        id                              = "subnet-0f56eba7c1dbfdbe1"
      ~ tags                            = {
          ~ "Name" = "metricsstaging_public_subnet" -> "inappmetricsprod_public_subnet"
        }
      ~ tags_all                        = {
          ~ "Name" = "metricsstaging_public_subnet" -> "inappmetricsprod_public_subnet"
        }
        # (9 unchanged attributes hidden)
    }

  # aws_vpc.main will be updated in-place
  ~ resource "aws_vpc" "main" {
        id                               = "vpc-086a4997479cf5b10"
      ~ tags                             = {
          ~ "Name" = "metricsstaging_vpc" -> "inappmetricsprod_vpc"
        }
      ~ tags_all                         = {
          ~ "Name" = "metricsstaging_vpc" -> "inappmetricsprod_vpc"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_vpc_endpoint.dynamodb will be updated in-place
  ~ resource "aws_vpc_endpoint" "dynamodb" {
        id                    = "vpce-00dc3084b7f725d68"
      ~ tags                  = {
          ~ "Name" = "metricsstaging_dynamodb_gateway" -> "inappmetricsprod_dynamodb_gateway"
        }
      ~ tags_all              = {
          ~ "Name" = "metricsstaging_dynamodb_gateway" -> "inappmetricsprod_dynamodb_gateway"
        }
        # (16 unchanged attributes hidden)
    }

  # aws_vpc_endpoint.s3 will be updated in-place
  ~ resource "aws_vpc_endpoint" "s3" {
        id                    = "vpce-06674ae7bb78e969f"
      ~ tags                  = {
          ~ "Name" = "metricsstaging_s3_gateway" -> "inappmetricsprod_s3_gateway"
        }
      ~ tags_all              = {
          ~ "Name" = "metricsstaging_s3_gateway" -> "inappmetricsprod_s3_gateway"
        }
        # (16 unchanged attributes hidden)
    }

Plan: 7 to add, 13 to change, 2 to destroy.

Changes to Outputs:
  ~ private_subnet_id = "subnet-06fcfc328ffe9f5d0" -> (known after apply)

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in 8 minutes

push eventcds-snc/covid-alert-metrics-terraform

CalvinRodo

commit sha 21b83c63793824be724a503f53ff923092b86c0b

fix: change prod name to prod

view details

push time in 8 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

🏁 Plans are complete for this run

CalvinRodo

comment created time in 44 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: ecs

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 16 to add, 0 to change, 0 to destroy

<details> <summary>Show Plan</summary>


An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.etl_policies will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "etl_policies"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "dynamodb:BatchGetItem",
              + "dynamodb:ConditionCheckItem",
              + "dynamodb:GetItem",
              + "dynamodb:Query",
              + "dynamodb:Scan",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:dynamodb:ca-central-1:820252213580:table/aggregate_metrics",
            ]
        }
      + statement {
          + actions   = [
              + "ecr:BatchGetImage",
              + "ecr:GetDownloadUrlForlayer",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ecr:ca-central-1:820252213580:repository/covid-server/metrics-server",
            ]
        }
      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "ec2:CreateNetworkInterface",
              + "ec2:DeleteNetworkInterface",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ec2:ca-central-1:820252213580:network-interface/*",
            ]
        }
      + statement {
          + actions   = [
              + "ec2:DescribeNetworkInterfaces",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
              + "s3:PutObjectAcl",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:s3:::masked-metrics-tdvfd-production",
              + "arn:aws:s3:::masked-metrics-tdvfd-production/*",
              + "arn:aws:s3:::unmasked-metrics-tdvfd-production",
              + "arn:aws:s3:::unmasked-metrics-tdvfd-production/*",
            ]
        }
    }

  # data.aws_iam_policy_document.scheduled_task_cw_event_role_cloudwatch_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "scheduled_task_cw_event_role_cloudwatch_policy"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "ecs:RunTask",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # aws_ecs_cluster.in_app_metrics will be created
  + resource "aws_ecs_cluster" "in_app_metrics" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "in-app-metrics"
      + tags     = {
          + "CostCentre" = "CovidShield"
        }
      + tags_all = {
          + "CostCentre" = "CovidShield"
        }

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_iam_policy.etl_policies will be created
  + resource "aws_iam_policy" "etl_policies" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "ETLTaskExecutionPolicies"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
      + tags_all  = (known after apply)
    }

  # aws_iam_role.container_execution_role will be created
  + resource "aws_iam_role" "container_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = [
                              + "ec2.amazonaws.com",
                              + "ecs-tasks.amazonaws.com",
                            ]
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "container_execution_role"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role.scheduled_task_cw_event_role will be created
  + resource "aws_iam_role" "scheduled_task_cw_event_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "events.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "etl-st-cw-role"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role.task_execution_role will be created
  + resource "aws_iam_role" "task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "metrics_task_execution_role"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy will be created
  + resource "aws_iam_role_policy" "scheduled_task_cw_event_role_cloudwatch_policy" {
      + id     = (known after apply)
      + name   = "etl-st-cw-policy"
      + policy = (known after apply)
      + role   = (known after apply)
    }

  # aws_iam_role_policy_attachment.ce_cs will be created
  + resource "aws_iam_role_policy_attachment" "ce_cs" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
      + role       = "container_execution_role"
    }

  # aws_iam_role_policy_attachment.te_etl_policies will be created
  + resource "aws_iam_role_policy_attachment" "te_etl_policies" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "metrics_task_execution_role"
    }

  # module.masked_metrics.data.template_file.masked_metrics will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "masked_metrics"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "MASK_DATA"
                          + value = "${mask_data}"
                        },
                      + {
                          + name  = "ENVIRONMENT"
                          + value = "${environment}"
                        },
                      + {
                          + name  = "BUCKET_NAME"
                          + value = "${bucket_name}"
                        },
                    ]
                  + image            = "${image}"
                  + linuxParameters  = {
                      + capabilities = {
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "${awslogs-group}"
                          + awslogs-region        = "${awslogs-region}"
                          + awslogs-stream-prefix = "${awslogs-stream-prefix}"
                        }
                    }
                  + name             = "${name}"
                  + portMappings     = [
                      + {
                          + containerPort = 8001
                        },
                    ]
                  + secrets          = []
                },
            ]
        )
      + vars     = {
          + "awslogs-group"         = "/aws/ecs/masked_metrics_ecs"
          + "awslogs-region"        = "ca-central-1"
          + "awslogs-stream-prefix" = "ecs-masked-metrics"
          + "bucket_name"           = "masked-metrics-tdvfd-production"
          + "environment"           = "production"
          + "image"                 = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:4819f93a1a68f0147be3536513cee4e07d766f47"
          + "mask_data"             = "True"
          + "name"                  = "masked_metrics"
        }
    }

  # module.masked_metrics.aws_cloudwatch_event_rule.event_rule will be created
  + resource "aws_cloudwatch_event_rule" "event_rule" {
      + arn                 = (known after apply)
      + event_bus_name      = "default"
      + id                  = (known after apply)
      + is_enabled          = true
      + name                = "masked_metrics_event_rule"
      + name_prefix         = (known after apply)
      + schedule_expression = "rate(24 hours)"
      + tags                = {
          + "Name" = "masked_metrics-cw-event-rule"
        }
      + tags_all            = {
          + "Name" = "masked_metrics-cw-event-rule"
        }
    }

  # module.masked_metrics.aws_cloudwatch_event_target.ecs_scheduled_task will be created
  + resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
      + arn            = (known after apply)
      + event_bus_name = "default"
      + id             = (known after apply)
      + role_arn       = (known after apply)
      + rule           = "masked_metrics_event_rule"
      + target_id      = (known after apply)

      + ecs_target {
          + launch_type         = "FARGATE"
          + platform_version    = "1.4.0"
          + task_count          = 1
          + task_definition_arn = (known after apply)

          + network_configuration {
              + assign_public_ip = false
              + security_groups  = [
                  + "sg-0b77afa7e1b78c3c2",
                ]
              + subnets          = [
                  + "subnet-06fcfc328ffe9f5d0",
                ]
            }
        }
    }

  # module.masked_metrics.aws_cloudwatch_log_group.log will be created
  + resource "aws_cloudwatch_log_group" "log" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/ecs/masked_metrics_ecs"
      + retention_in_days = 14
      + tags_all          = (known after apply)
    }

  # module.masked_metrics.aws_ecs_task_definition.task_def will be created
  + resource "aws_ecs_task_definition" "task_def" {
      + arn                      = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "512"
      + execution_role_arn       = (known after apply)
      + family                   = "masked_metrics"
      + id                       = (known after apply)
      + memory                   = "1024"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + tags                     = {
          + "CostCentre" = "CovidShield"
        }
      + tags_all                 = {
          + "CostCentre" = "CovidShield"
        }
      + task_role_arn            = (known after apply)
    }

  # module.unmasked_metrics.data.template_file.masked_metrics will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "masked_metrics"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "MASK_DATA"
                          + value = "${mask_data}"
                        },
                      + {
                          + name  = "ENVIRONMENT"
                          + value = "${environment}"
                        },
                      + {
                          + name  = "BUCKET_NAME"
                          + value = "${bucket_name}"
                        },
                    ]
                  + image            = "${image}"
                  + linuxParameters  = {
                      + capabilities = {
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "${awslogs-group}"
                          + awslogs-region        = "${awslogs-region}"
                          + awslogs-stream-prefix = "${awslogs-stream-prefix}"
                        }
                    }
                  + name             = "${name}"
                  + portMappings     = [
                      + {
                          + containerPort = 8001
                        },
                    ]
                  + secrets          = []
                },
            ]
        )
      + vars     = {
          + "awslogs-group"         = "/aws/ecs/unmasked_metrics_ecs"
          + "awslogs-region"        = "ca-central-1"
          + "awslogs-stream-prefix" = "ecs-unmasked-metrics"
          + "bucket_name"           = "unmasked-metrics-tdvfd-production"
          + "environment"           = "production"
          + "image"                 = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:4819f93a1a68f0147be3536513cee4e07d766f47"
          + "mask_data"             = "False"
          + "name"                  = "unmasked_metrics"
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_event_rule.event_rule will be created
  + resource "aws_cloudwatch_event_rule" "event_rule" {
      + arn                 = (known after apply)
      + event_bus_name      = "default"
      + id                  = (known after apply)
      + is_enabled          = true
      + name                = "unmasked_metrics_event_rule"
      + name_prefix         = (known after apply)
      + schedule_expression = "rate(24 hours)"
      + tags                = {
          + "Name" = "unmasked_metrics-cw-event-rule"
        }
      + tags_all            = {
          + "Name" = "unmasked_metrics-cw-event-rule"
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_event_target.ecs_scheduled_task will be created
  + resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
      + arn            = (known after apply)
      + event_bus_name = "default"
      + id             = (known after apply)
      + role_arn       = (known after apply)
      + rule           = "unmasked_metrics_event_rule"
      + target_id      = (known after apply)

      + ecs_target {
          + launch_type         = "FARGATE"
          + platform_version    = "1.4.0"
          + task_count          = 1
          + task_definition_arn = (known after apply)

          + network_configuration {
              + assign_public_ip = false
              + security_groups  = [
                  + "sg-0b77afa7e1b78c3c2",
                ]
              + subnets          = [
                  + "subnet-06fcfc328ffe9f5d0",
                ]
            }
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_log_group.log will be created
  + resource "aws_cloudwatch_log_group" "log" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/ecs/unmasked_metrics_ecs"
      + retention_in_days = 14
      + tags_all          = (known after apply)
    }

  # module.unmasked_metrics.aws_ecs_task_definition.task_def will be created
  + resource "aws_ecs_task_definition" "task_def" {
      + arn                      = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "512"
      + execution_role_arn       = (known after apply)
      + family                   = "unmasked_metrics"
      + id                       = (known after apply)
      + memory                   = "1024"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + tags                     = {
          + "CostCentre" = "CovidShield"
        }
      + tags_all                 = {
          + "CostCentre" = "CovidShield"
        }
      + task_role_arn            = (known after apply)
    }

Plan: 16 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

Releasing state lock. This may take a few moments...

</details>

CalvinRodo

comment created time in 44 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: backoff_retry_lambda

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 0 to add, 1 to change, 0 to destroy

<details> <summary>Show Plan</summary>

aws_iam_role.backoff: Refreshing state... [id=backoff_lambda_role]
aws_iam_policy.backoff_retry: Refreshing state... [id=arn:aws:iam::820252213580:policy/CovidAlertBackoffRetryLambda]
aws_iam_role_policy_attachment.backoff_retry: Refreshing state... [id=backoff_lambda_role-20210531191444542600000001]
aws_security_group.backoff_retry_sg: Refreshing state... [id=sg-0ed581601fe3fe7fc]
aws_security_group_rule.privatelink_metrics_backoff_ingress: Refreshing state... [id=sgrule-798161409]
aws_lambda_function.backoff_retry: Refreshing state... [id=backoff_retry]
aws_lambda_event_source_mapping.dead_letters: Refreshing state... [id=89578793-102f-4d07-8988-7cc0dca14eb7]
aws_cloudwatch_log_group.backoff_log_group: Refreshing state... [id=/aws/lambda/backoff_retry]
aws_cloudwatch_metric_alarm.backoff_retry_average_duration: Refreshing state... [id=backoff-retry--average-duration]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_policy.backoff_retry will be updated in-place
  ~ resource "aws_iam_policy" "backoff_retry" {
        id        = "arn:aws:iam::820252213580:policy/CovidAlertBackoffRetryLambda"
        name      = "CovidAlertBackoffRetryLambda"
      ~ policy    = jsonencode(
          ~ {
              ~ Statement = [
                    # (1 unchanged element hidden)
                    {
                        Action   = [
                            "logs:PutLogEvents",
                            "logs:CreateLogStream",
                        ]
                        Effect   = "Allow"
                        Resource = "arn:aws:logs:*:*:*"
                        Sid      = ""
                    },
                  ~ {
                      ~ Action   = [
                          - "ec2:DescribeNetworkInterfaces",
                            "ec2:DeleteNetworkInterface",
                            # (1 unchanged element hidden)
                        ]
                      ~ Resource = "*" -> "arn:aws:ec2:ca-central-1:820252213580:network-interface/*"
                        # (2 unchanged elements hidden)
                    },
                  + {
                      + Action   = "ec2:DescribeNetworkInterfaces"
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = ""
                    },
                    {
                        Action   = [
                            "sqs:SendMessage",
                            "sqs:ReceiveMessage",
                            "sqs:GetQueueAttributes",
                            "sqs:DeleteMessage",
                            "kms:GenerateDataKey",
                            "kms:Decrypt",
                        ]
                        Effect   = "Allow"
                        Resource = [
                            "arn:aws:sqs:ca-central-1:820252213580:aggregation-lambda-dead-letter-queue",
                            "arn:aws:kms:ca-central-1:820252213580:key/73667eeb-f327-4ee4-866a-2239de28f560",
                        ]
                        Sid      = ""
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
        tags      = {}
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in 44 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: etl_lambdas

✅   Terraform Format: success ✅   Terraform Plan: success

⚠️   WARNING: resources will be destroyed by this change!

Plan: 0 to add, 0 to change, 19 to destroy

<details> <summary>Show Plan</summary>

aws_lambda_permission.allow-cloudwatch-to-call-masked_metrics: Refreshing state... [id=AllowExecutionFromCloudWatch]
module.unmasked_metrics.aws_efs_access_point.access_point_for_lambda: Refreshing state... [id=fsap-089530abd87ad4b95]
aws_iam_policy.etl_policies: Refreshing state... [id=arn:aws:iam::820252213580:policy/EtlLambdaAccess]
module.unmasked_metrics.aws_lambda_function.lambda: Refreshing state... [id=unmasked_metrics]
module.masked_metrics.aws_lambda_function.lambda: Refreshing state... [id=masked_metrics]
module.masked_metrics.aws_efs_access_point.access_point_for_lambda: Refreshing state... [id=fsap-0320df5e73bc78c10]
aws_iam_role_policy_attachment.lambda_insights: Refreshing state... [id=metrics_csv_lambda_role-20210526134833317700000001]
module.unmasked_metrics.aws_cloudwatch_log_group.metric_log: Refreshing state... [id=/aws/lambda/unmasked_metrics]
module.unmasked_metrics.aws_efs_mount_target.mt: Refreshing state... [id=fsmt-23f34dce]
module.masked_metrics.aws_efs_mount_target.mt: Refreshing state... [id=fsmt-22f34dcf]
aws_cloudwatch_event_rule.twice-a-day: Refreshing state... [id=twice-a-day]
module.masked_metrics.aws_efs_file_system.efs_for_lambda: Refreshing state... [id=fs-61b9848c]
aws_lambda_permission.allow-cloudwatch-to-call-unmasked_metrics: Refreshing state... [id=AllowExecutionFromCloudWatch]
module.unmasked_metrics.aws_efs_file_system.efs_for_lambda: Refreshing state... [id=fs-60b9848d]
aws_cloudwatch_event_target.tigger-unmasked_metrics: Refreshing state... [id=twice-a-day-unmasked_metrics]
module.masked_metrics.aws_cloudwatch_log_group.metric_log: Refreshing state... [id=/aws/lambda/masked_metrics]
aws_iam_role_policy_attachment.etl_policies: Refreshing state... [id=metrics_csv_lambda_role-20210519202244195100000001]
aws_iam_role.metrics_csv: Refreshing state... [id=metrics_csv_lambda_role]
aws_cloudwatch_event_target.tigger-masked_metrics: Refreshing state... [id=twice-a-day-masked_metrics]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # aws_cloudwatch_event_rule.twice-a-day will be destroyed
  - resource "aws_cloudwatch_event_rule" "twice-a-day" {
      - arn                 = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - description         = "Fires twice a day" -> null
      - event_bus_name      = "default" -> null
      - id                  = "twice-a-day" -> null
      - is_enabled          = true -> null
      - name                = "twice-a-day" -> null
      - schedule_expression = "cron(0 6,18 * * ? *)" -> null
      - tags                = {} -> null
      - tags_all            = {} -> null
    }

  # aws_cloudwatch_event_target.tigger-masked_metrics will be destroyed
  - resource "aws_cloudwatch_event_target" "tigger-masked_metrics" {
      - arn            = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics" -> null
      - event_bus_name = "default" -> null
      - id             = "twice-a-day-masked_metrics" -> null
      - rule           = "twice-a-day" -> null
      - target_id      = "masked_metrics" -> null
    }

  # aws_cloudwatch_event_target.tigger-unmasked_metrics will be destroyed
  - resource "aws_cloudwatch_event_target" "tigger-unmasked_metrics" {
      - arn            = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics" -> null
      - event_bus_name = "default" -> null
      - id             = "twice-a-day-unmasked_metrics" -> null
      - rule           = "twice-a-day" -> null
      - target_id      = "unmasked_metrics" -> null
    }

  # aws_iam_policy.etl_policies will be destroyed
  - resource "aws_iam_policy" "etl_policies" {
      - arn       = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - id        = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - name      = "EtlLambdaAccess" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "dynamodb:Scan",
                          - "dynamodb:Query",
                          - "dynamodb:GetItem",
                          - "dynamodb:ConditionCheckItem",
                          - "dynamodb:BatchGetItem",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:dynamodb:ca-central-1:820252213580:table/aggregate_metrics"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "ecr:GetDownloadUrlForlayer",
                          - "ecr:BatchGetImage",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ecr:ca-central-1:820252213580:repository/covid-server/metrics-server"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "ec2:DescribeNetworkInterfaces",
                          - "ec2:DeleteNetworkInterface",
                          - "ec2:CreateNetworkInterface",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "s3:PutObjectAcl",
                          - "s3:PutObject",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:s3:::unmasked-metrics-tdvfd-production/*",
                          - "arn:aws:s3:::unmasked-metrics-tdvfd-production",
                          - "arn:aws:s3:::masked-metrics-tdvfd-production/*",
                          - "arn:aws:s3:::masked-metrics-tdvfd-production",
                        ]
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "elasticfilesystem:DescribeMountTargets",
                          - "elasticfilesystem:ClientWrite",
                          - "elasticfilesystem:ClientMount",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c",
                          - "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d",
                        ]
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA356WXQFGANOBIN2CB" -> null
      - tags      = {} -> null
      - tags_all  = {} -> null
    }

  # aws_iam_role.metrics_csv will be destroyed
  - resource "aws_iam_role" "metrics_csv" {
      - arn                   = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2021-05-19T20:22:43Z" -> null
      - force_detach_policies = false -> null
      - id                    = "metrics_csv_lambda_role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::820252213580:policy/EtlLambdaAccess",
          - "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "metrics_csv_lambda_role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {} -> null
      - unique_id             = "AROA356WXQFGIV2GRLHFI" -> null

      - inline_policy {}
    }

  # aws_iam_role_policy_attachment.etl_policies will be destroyed
  - resource "aws_iam_role_policy_attachment" "etl_policies" {
      - id         = "metrics_csv_lambda_role-20210519202244195100000001" -> null
      - policy_arn = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - role       = "metrics_csv_lambda_role" -> null
    }

  # aws_iam_role_policy_attachment.lambda_insights will be destroyed
  - resource "aws_iam_role_policy_attachment" "lambda_insights" {
      - id         = "metrics_csv_lambda_role-20210526134833317700000001" -> null
      - policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" -> null
      - role       = "metrics_csv_lambda_role" -> null
    }

  # aws_lambda_permission.allow-cloudwatch-to-call-masked_metrics will be destroyed
  - resource "aws_lambda_permission" "allow-cloudwatch-to-call-masked_metrics" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "masked_metrics" -> null
      - id            = "AllowExecutionFromCloudWatch" -> null
      - principal     = "events.amazonaws.com" -> null
      - source_arn    = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - statement_id  = "AllowExecutionFromCloudWatch" -> null
    }

  # aws_lambda_permission.allow-cloudwatch-to-call-unmasked_metrics will be destroyed
  - resource "aws_lambda_permission" "allow-cloudwatch-to-call-unmasked_metrics" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "unmasked_metrics" -> null
      - id            = "AllowExecutionFromCloudWatch" -> null
      - principal     = "events.amazonaws.com" -> null
      - source_arn    = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - statement_id  = "AllowExecutionFromCloudWatch" -> null
    }

  # module.masked_metrics.aws_cloudwatch_log_group.metric_log will be destroyed
  - resource "aws_cloudwatch_log_group" "metric_log" {
      - arn               = "arn:aws:logs:ca-central-1:820252213580:log-group:/aws/lambda/masked_metrics" -> null
      - id                = "/aws/lambda/masked_metrics" -> null
      - name              = "/aws/lambda/masked_metrics" -> null
      - retention_in_days = 14 -> null
      - tags              = {} -> null
      - tags_all          = {} -> null
    }

  # module.masked_metrics.aws_efs_access_point.access_point_for_lambda will be destroyed
  - resource "aws_efs_access_point" "access_point_for_lambda" {
      - arn             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-0320df5e73bc78c10" -> null
      - file_system_arn = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - file_system_id  = "fs-61b9848c" -> null
      - id              = "fsap-0320df5e73bc78c10" -> null
      - owner_id        = "820252213580" -> null
      - tags            = {} -> null
      - tags_all        = {} -> null

      - posix_user {
          - gid            = 1000 -> null
          - secondary_gids = [] -> null
          - uid            = 1000 -> null
        }

      - root_directory {
          - path = "/lambda" -> null

          - creation_info {
              - owner_gid   = 1000 -> null
              - owner_uid   = 1000 -> null
              - permissions = "777" -> null
            }
        }
    }

  # module.masked_metrics.aws_efs_file_system.efs_for_lambda will be destroyed
  - resource "aws_efs_file_system" "efs_for_lambda" {
      - arn                             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - creation_token                  = "terraform-20210521225218804700000001" -> null
      - dns_name                        = "fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - encrypted                       = true -> null
      - id                              = "fs-61b9848c" -> null
      - kms_key_id                      = "arn:aws:kms:ca-central-1:820252213580:key/1052ecd5-f5c8-432c-a761-b394e546187b" -> null
      - number_of_mount_targets         = 1 -> null
      - owner_id                        = "820252213580" -> null
      - performance_mode                = "generalPurpose" -> null
      - provisioned_throughput_in_mibps = 0 -> null
      - size_in_bytes                   = [
          - {
              - value             = 987086848
              - value_in_ia       = 0
              - value_in_standard = 987086848
            },
        ] -> null
      - tags                            = {
          - "Name" = "masked_metrics_efs"
        } -> null
      - tags_all                        = {
          - "Name" = "masked_metrics_efs"
        } -> null
      - throughput_mode                 = "bursting" -> null
    }

  # module.masked_metrics.aws_efs_mount_target.mt will be destroyed
  - resource "aws_efs_mount_target" "mt" {
      - availability_zone_id   = "cac1-az2" -> null
      - availability_zone_name = "ca-central-1b" -> null
      - dns_name               = "fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - file_system_arn        = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - file_system_id         = "fs-61b9848c" -> null
      - id                     = "fsmt-22f34dcf" -> null
      - ip_address             = "10.0.1.138" -> null
      - mount_target_dns_name  = "ca-central-1b.fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - network_interface_id   = "eni-01b7a0c0761072f36" -> null
      - owner_id               = "820252213580" -> null
      - security_groups        = [
          - "sg-0601b86c6c8a63c5d",
        ] -> null
      - subnet_id              = "subnet-06fcfc328ffe9f5d0" -> null
    }

  # module.masked_metrics.aws_lambda_function.lambda will be destroyed
  - resource "aws_lambda_function" "lambda" {
      - arn                            = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics" -> null
      - function_name                  = "masked_metrics" -> null
      - id                             = "masked_metrics" -> null
      - image_uri                      = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:6fbb890e8a7cdfd19d3b3de1ed8885f5ac7442ef" -> null
      - invoke_arn                     = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics/invocations" -> null
      - last_modified                  = "2021-05-28T13:14:28.989+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 10240 -> null
      - package_type                   = "Image" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - source_code_hash               = "06b15b64e863e4cb0d35600748b5a4200c11a027e175bd62293a9decf7b4693d" -> null
      - source_code_size               = 0 -> null
      - tags                           = {} -> null
      - tags_all                       = {} -> null
      - timeout                        = 900 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "BUCKET_NAME"    = "masked-metrics-tdvfd-production"
              - "ENVIRONMENT"    = "production"
              - "IN_MEMORY_DATA" = "True"
              - "MASK_DATA"      = "true"
              - "TMP_PATH"       = "/mnt/efs"
            } -> null
        }

      - file_system_config {
          - arn              = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-0320df5e73bc78c10" -> null
          - local_mount_path = "/mnt/efs" -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0b77afa7e1b78c3c2",
            ] -> null
          - subnet_ids         = [
              - "subnet-06fcfc328ffe9f5d0",
            ] -> null
          - vpc_id             = "vpc-086a4997479cf5b10" -> null
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_log_group.metric_log will be destroyed
  - resource "aws_cloudwatch_log_group" "metric_log" {
      - arn               = "arn:aws:logs:ca-central-1:820252213580:log-group:/aws/lambda/unmasked_metrics" -> null
      - id                = "/aws/lambda/unmasked_metrics" -> null
      - name              = "/aws/lambda/unmasked_metrics" -> null
      - retention_in_days = 14 -> null
      - tags              = {} -> null
      - tags_all          = {} -> null
    }

  # module.unmasked_metrics.aws_efs_access_point.access_point_for_lambda will be destroyed
  - resource "aws_efs_access_point" "access_point_for_lambda" {
      - arn             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-089530abd87ad4b95" -> null
      - file_system_arn = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - file_system_id  = "fs-60b9848d" -> null
      - id              = "fsap-089530abd87ad4b95" -> null
      - owner_id        = "820252213580" -> null
      - tags            = {} -> null
      - tags_all        = {} -> null

      - posix_user {
          - gid            = 1000 -> null
          - secondary_gids = [] -> null
          - uid            = 1000 -> null
        }

      - root_directory {
          - path = "/lambda" -> null

          - creation_info {
              - owner_gid   = 1000 -> null
              - owner_uid   = 1000 -> null
              - permissions = "777" -> null
            }
        }
    }

  # module.unmasked_metrics.aws_efs_file_system.efs_for_lambda will be destroyed
  - resource "aws_efs_file_system" "efs_for_lambda" {
      - arn                             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - creation_token                  = "terraform-20210521225218807600000002" -> null
      - dns_name                        = "fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - encrypted                       = true -> null
      - id                              = "fs-60b9848d" -> null
      - kms_key_id                      = "arn:aws:kms:ca-central-1:820252213580:key/1052ecd5-f5c8-432c-a761-b394e546187b" -> null
      - number_of_mount_targets         = 1 -> null
      - owner_id                        = "820252213580" -> null
      - performance_mode                = "generalPurpose" -> null
      - provisioned_throughput_in_mibps = 0 -> null
      - size_in_bytes                   = [
          - {
              - value             = 961015808
              - value_in_ia       = 0
              - value_in_standard = 961015808
            },
        ] -> null
      - tags                            = {
          - "Name" = "unmasked_metrics_efs"
        } -> null
      - tags_all                        = {
          - "Name" = "unmasked_metrics_efs"
        } -> null
      - throughput_mode                 = "bursting" -> null
    }

  # module.unmasked_metrics.aws_efs_mount_target.mt will be destroyed
  - resource "aws_efs_mount_target" "mt" {
      - availability_zone_id   = "cac1-az2" -> null
      - availability_zone_name = "ca-central-1b" -> null
      - dns_name               = "fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - file_system_arn        = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - file_system_id         = "fs-60b9848d" -> null
      - id                     = "fsmt-23f34dce" -> null
      - ip_address             = "10.0.1.226" -> null
      - mount_target_dns_name  = "ca-central-1b.fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - network_interface_id   = "eni-03392ade9ee4f1415" -> null
      - owner_id               = "820252213580" -> null
      - security_groups        = [
          - "sg-0601b86c6c8a63c5d",
        ] -> null
      - subnet_id              = "subnet-06fcfc328ffe9f5d0" -> null
    }

  # module.unmasked_metrics.aws_lambda_function.lambda will be destroyed
  - resource "aws_lambda_function" "lambda" {
      - arn                            = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics" -> null
      - function_name                  = "unmasked_metrics" -> null
      - id                             = "unmasked_metrics" -> null
      - image_uri                      = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:6fbb890e8a7cdfd19d3b3de1ed8885f5ac7442ef" -> null
      - invoke_arn                     = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics/invocations" -> null
      - last_modified                  = "2021-05-27T17:08:52.000+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 10240 -> null
      - package_type                   = "Image" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - source_code_hash               = "06b15b64e863e4cb0d35600748b5a4200c11a027e175bd62293a9decf7b4693d" -> null
      - source_code_size               = 0 -> null
      - tags                           = {} -> null
      - tags_all                       = {} -> null
      - timeout                        = 900 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "BUCKET_NAME"    = "unmasked-metrics-tdvfd-production"
              - "ENVIRONMENT"    = "production"
              - "IN_MEMORY_DATA" = "True"
              - "MASK_DATA"      = "false"
              - "TMP_PATH"       = "/mnt/efs"
            } -> null
        }

      - file_system_config {
          - arn              = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-089530abd87ad4b95" -> null
          - local_mount_path = "/mnt/efs" -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0b77afa7e1b78c3c2",
            ] -> null
          - subnet_ids         = [
              - "subnet-06fcfc328ffe9f5d0",
            ] -> null
          - vpc_id             = "vpc-086a4997479cf5b10" -> null
        }
    }

Plan: 0 to add, 0 to change, 19 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in 44 minutes

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: s3

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 2 to add, 0 to change, 0 to destroy

<details> <summary>Show Plan</summary>

random_string.bucket_random_id: Refreshing state... [id=tdvfd]
module.masked_metrics.aws_s3_bucket.masked_metrics: Refreshing state... [id=masked-metrics-tdvfd-production]
module.unmasked_metrics.aws_s3_bucket.masked_metrics: Refreshing state... [id=unmasked-metrics-tdvfd-production]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.masked_metrics.aws_s3_bucket_public_access_block.masked_metrics will be created
  + resource "aws_s3_bucket_public_access_block" "masked_metrics" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "masked-metrics-tdvfd-production"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.unmasked_metrics.aws_s3_bucket_public_access_block.masked_metrics will be created
  + resource "aws_s3_bucket_public_access_block" "masked_metrics" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "unmasked-metrics-tdvfd-production"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

Plan: 2 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

Releasing state lock. This may take a few moments...

</details>

CalvinRodo

comment created time in an hour

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: network

✅   Terraform Format: success ✅   Terraform Plan: success

⚠️   WARNING: resources will be destroyed by this change!

Plan: 7 to add, 1 to change, 2 to destroy

<details> <summary>Show Plan</summary>

aws_eip.lambda: Refreshing state... [id=eipalloc-0e14bda1148801041]
aws_vpc.main: Refreshing state... [id=vpc-086a4997479cf5b10]
aws_security_group.efs: Refreshing state... [id=sg-0601b86c6c8a63c5d]
aws_default_network_acl.default: Refreshing state... [id=acl-0549ea64c0a5dd244]
aws_default_route_table.default: Refreshing state... [id=rtb-0808af644864c76fc]
aws_subnet.public: Refreshing state... [id=subnet-0f56eba7c1dbfdbe1]
aws_default_security_group.default: Refreshing state... [id=sg-05da359a059d41cdd]
aws_internet_gateway.gw: Refreshing state... [id=igw-00e00ca5f9d0d9bb1]
aws_subnet.private: Refreshing state... [id=subnet-06fcfc328ffe9f5d0]
aws_security_group.lambda: Refreshing state... [id=sg-0b77afa7e1b78c3c2]
aws_route_table.public: Refreshing state... [id=rtb-03b21c36e7aa3f06d]
aws_nat_gateway.nat_gateway: Refreshing state... [id=nat-0330af1b2a402ec33]
aws_security_group_rule.inet_egress: Refreshing state... [id=sgrule-2790156866]
aws_security_group_rule.efs_egress: Refreshing state... [id=sgrule-3197137894]
aws_security_group_rule.efs_ingress: Refreshing state... [id=sgrule-3307242864]
aws_network_acl.main: Refreshing state... [id=acl-03ffeb664fa756d29]
aws_route_table_association.public: Refreshing state... [id=rtbassoc-0e9f78a27f7846671]
aws_vpc_endpoint.dynamodb: Refreshing state... [id=vpce-00dc3084b7f725d68]
aws_vpc_endpoint.s3: Refreshing state... [id=vpce-06674ae7bb78e969f]
aws_route_table.private: Refreshing state... [id=rtb-00da3a96f8b34217a]
aws_route_table_association.a: Refreshing state... [id=rtbassoc-06527543e55cc4b21]
aws_security_group_rule.dynamodb_privatelink: Refreshing state... [id=sgrule-2378049180]
aws_security_group_rule.s3_private_link: Refreshing state... [id=sgrule-1374877533]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.vpc_metrics_flow_logs_write will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "vpc_metrics_flow_logs_write"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:DescribeLogGroups",
              + "logs:DescribeLogStreams",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # aws_cloudwatch_log_group.vpc_metrics_flow_logs will be created
  + resource "aws_cloudwatch_log_group" "vpc_metrics_flow_logs" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "vpc_metrics_flow_logs"
      + retention_in_days = 30
      + tags_all          = (known after apply)
    }

  # aws_flow_log.vpc_metrics_flow_logs will be created
  + resource "aws_flow_log" "vpc_metrics_flow_logs" {
      + arn                      = (known after apply)
      + iam_role_arn             = (known after apply)
      + id                       = (known after apply)
      + log_destination          = (known after apply)
      + log_destination_type     = "cloud-watch-logs"
      + log_format               = (known after apply)
      + log_group_name           = (known after apply)
      + max_aggregation_interval = 600
      + tags_all                 = (known after apply)
      + traffic_type             = "ALL"
      + vpc_id                   = "vpc-086a4997479cf5b10"
    }

  # aws_iam_policy.vpc_metrics_flow_logs_write will be created
  + resource "aws_iam_policy" "vpc_metrics_flow_logs_write" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "CovidAlertMetricsVpcFlowLogs"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
      + tags_all  = (known after apply)
    }

  # aws_iam_role.vpc_metrics_flow_logs will be created
  + resource "aws_iam_role" "vpc_metrics_flow_logs" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "vpc-flow-logs.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "vpc_metrics_flow_logs"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write will be created
  + resource "aws_iam_role_policy_attachment" "vpc_metrics_flow_logs_write" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "vpc_metrics_flow_logs"
    }

  # aws_network_acl.main will be updated in-place
  ~ resource "aws_network_acl" "main" {
        id         = "acl-03ffeb664fa756d29"
      ~ subnet_ids = [
          - "subnet-06fcfc328ffe9f5d0",
          - "subnet-0f56eba7c1dbfdbe1",
        ] -> (known after apply)
        tags       = {
            "Name" = "metricsstaging_main_nacl"
        }
        # (6 unchanged attributes hidden)
    }

  # aws_route_table_association.a must be replaced
-/+ resource "aws_route_table_association" "a" {
      ~ id             = "rtbassoc-06527543e55cc4b21" -> (known after apply)
      ~ subnet_id      = "subnet-06fcfc328ffe9f5d0" -> (known after apply) # forces replacement
        # (1 unchanged attribute hidden)
    }

  # aws_subnet.private must be replaced
-/+ resource "aws_subnet" "private" {
      ~ arn                             = "arn:aws:ec2:ca-central-1:820252213580:subnet/subnet-06fcfc328ffe9f5d0" -> (known after apply)
      ~ availability_zone               = "ca-central-1b" -> "ca-central-1a" # forces replacement
      ~ availability_zone_id            = "cac1-az2" -> (known after apply)
      ~ id                              = "subnet-06fcfc328ffe9f5d0" -> (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      - map_customer_owned_ip_on_launch = false -> null
      ~ owner_id                        = "820252213580" -> (known after apply)
        tags                            = {
            "Name" = "metricsstaging_private_subnet"
        }
        # (5 unchanged attributes hidden)
    }

Plan: 7 to add, 1 to change, 2 to destroy.

Changes to Outputs:
  ~ private_subnet_id = "subnet-06fcfc328ffe9f5d0" -> (known after apply)

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in an hour

push eventcds-snc/covid-alert-metrics-terraform

CalvinRodo

commit sha cd3c42ae6cae91602645e9e342ff538c5fc5ab4f

fix: add production to ci pipeline

view details

push time in an hour

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

🏁 Plans are complete for this run

CalvinRodo

comment created time in an hour

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: backoff_retry_lambda

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 0 to add, 1 to change, 0 to destroy

<details> <summary>Show Plan</summary>

aws_iam_role.backoff: Refreshing state... [id=backoff_lambda_role]
aws_iam_policy.backoff_retry: Refreshing state... [id=arn:aws:iam::820252213580:policy/CovidAlertBackoffRetryLambda]
aws_iam_role_policy_attachment.backoff_retry: Refreshing state... [id=backoff_lambda_role-20210531191444542600000001]
aws_security_group.backoff_retry_sg: Refreshing state... [id=sg-0ed581601fe3fe7fc]
aws_lambda_function.backoff_retry: Refreshing state... [id=backoff_retry]
aws_security_group_rule.privatelink_metrics_backoff_ingress: Refreshing state... [id=sgrule-798161409]
aws_cloudwatch_log_group.backoff_log_group: Refreshing state... [id=/aws/lambda/backoff_retry]
aws_lambda_event_source_mapping.dead_letters: Refreshing state... [id=89578793-102f-4d07-8988-7cc0dca14eb7]
aws_cloudwatch_metric_alarm.backoff_retry_average_duration: Refreshing state... [id=backoff-retry--average-duration]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_policy.backoff_retry will be updated in-place
  ~ resource "aws_iam_policy" "backoff_retry" {
        id        = "arn:aws:iam::820252213580:policy/CovidAlertBackoffRetryLambda"
        name      = "CovidAlertBackoffRetryLambda"
      ~ policy    = jsonencode(
          ~ {
              ~ Statement = [
                    # (1 unchanged element hidden)
                    {
                        Action   = [
                            "logs:PutLogEvents",
                            "logs:CreateLogStream",
                        ]
                        Effect   = "Allow"
                        Resource = "arn:aws:logs:*:*:*"
                        Sid      = ""
                    },
                  ~ {
                      ~ Action   = [
                          - "ec2:DescribeNetworkInterfaces",
                            "ec2:DeleteNetworkInterface",
                            # (1 unchanged element hidden)
                        ]
                      ~ Resource = "*" -> "arn:aws:ec2:ca-central-1:820252213580:network-interface/*"
                        # (2 unchanged elements hidden)
                    },
                  + {
                      + Action   = "ec2:DescribeNetworkInterfaces"
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = ""
                    },
                    {
                        Action   = [
                            "sqs:SendMessage",
                            "sqs:ReceiveMessage",
                            "sqs:GetQueueAttributes",
                            "sqs:DeleteMessage",
                            "kms:GenerateDataKey",
                            "kms:Decrypt",
                        ]
                        Effect   = "Allow"
                        Resource = [
                            "arn:aws:sqs:ca-central-1:820252213580:aggregation-lambda-dead-letter-queue",
                            "arn:aws:kms:ca-central-1:820252213580:key/73667eeb-f327-4ee4-866a-2239de28f560",
                        ]
                        Sid      = ""
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
        tags      = {}
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

Releasing state lock. This may take a few moments...

</details>

CalvinRodo

comment created time in an hour

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: etl_lambdas

✅   Terraform Format: success ✅   Terraform Plan: success

⚠️   WARNING: resources will be destroyed by this change!

Plan: 0 to add, 0 to change, 19 to destroy

<details> <summary>Show Plan</summary>

aws_iam_role_policy_attachment.lambda_insights: Refreshing state... [id=metrics_csv_lambda_role-20210526134833317700000001]
module.masked_metrics.aws_cloudwatch_log_group.metric_log: Refreshing state... [id=/aws/lambda/masked_metrics]
module.unmasked_metrics.aws_efs_file_system.efs_for_lambda: Refreshing state... [id=fs-60b9848d]
aws_iam_role.metrics_csv: Refreshing state... [id=metrics_csv_lambda_role]
module.unmasked_metrics.aws_lambda_function.lambda: Refreshing state... [id=unmasked_metrics]
aws_cloudwatch_event_target.tigger-unmasked_metrics: Refreshing state... [id=twice-a-day-unmasked_metrics]
module.unmasked_metrics.aws_efs_access_point.access_point_for_lambda: Refreshing state... [id=fsap-089530abd87ad4b95]
module.masked_metrics.aws_lambda_function.lambda: Refreshing state... [id=masked_metrics]
module.masked_metrics.aws_efs_access_point.access_point_for_lambda: Refreshing state... [id=fsap-0320df5e73bc78c10]
module.unmasked_metrics.aws_efs_mount_target.mt: Refreshing state... [id=fsmt-23f34dce]
aws_lambda_permission.allow-cloudwatch-to-call-masked_metrics: Refreshing state... [id=AllowExecutionFromCloudWatch]
aws_iam_policy.etl_policies: Refreshing state... [id=arn:aws:iam::820252213580:policy/EtlLambdaAccess]
module.masked_metrics.aws_efs_file_system.efs_for_lambda: Refreshing state... [id=fs-61b9848c]
aws_cloudwatch_event_target.tigger-masked_metrics: Refreshing state... [id=twice-a-day-masked_metrics]
aws_iam_role_policy_attachment.etl_policies: Refreshing state... [id=metrics_csv_lambda_role-20210519202244195100000001]
aws_lambda_permission.allow-cloudwatch-to-call-unmasked_metrics: Refreshing state... [id=AllowExecutionFromCloudWatch]
module.unmasked_metrics.aws_cloudwatch_log_group.metric_log: Refreshing state... [id=/aws/lambda/unmasked_metrics]
aws_cloudwatch_event_rule.twice-a-day: Refreshing state... [id=twice-a-day]
module.masked_metrics.aws_efs_mount_target.mt: Refreshing state... [id=fsmt-22f34dcf]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # aws_cloudwatch_event_rule.twice-a-day will be destroyed
  - resource "aws_cloudwatch_event_rule" "twice-a-day" {
      - arn                 = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - description         = "Fires twice a day" -> null
      - event_bus_name      = "default" -> null
      - id                  = "twice-a-day" -> null
      - is_enabled          = true -> null
      - name                = "twice-a-day" -> null
      - schedule_expression = "cron(0 6,18 * * ? *)" -> null
      - tags                = {} -> null
      - tags_all            = {} -> null
    }

  # aws_cloudwatch_event_target.tigger-masked_metrics will be destroyed
  - resource "aws_cloudwatch_event_target" "tigger-masked_metrics" {
      - arn            = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics" -> null
      - event_bus_name = "default" -> null
      - id             = "twice-a-day-masked_metrics" -> null
      - rule           = "twice-a-day" -> null
      - target_id      = "masked_metrics" -> null
    }

  # aws_cloudwatch_event_target.tigger-unmasked_metrics will be destroyed
  - resource "aws_cloudwatch_event_target" "tigger-unmasked_metrics" {
      - arn            = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics" -> null
      - event_bus_name = "default" -> null
      - id             = "twice-a-day-unmasked_metrics" -> null
      - rule           = "twice-a-day" -> null
      - target_id      = "unmasked_metrics" -> null
    }

  # aws_iam_policy.etl_policies will be destroyed
  - resource "aws_iam_policy" "etl_policies" {
      - arn       = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - id        = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - name      = "EtlLambdaAccess" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "dynamodb:Scan",
                          - "dynamodb:Query",
                          - "dynamodb:GetItem",
                          - "dynamodb:ConditionCheckItem",
                          - "dynamodb:BatchGetItem",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:dynamodb:ca-central-1:820252213580:table/aggregate_metrics"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "ecr:GetDownloadUrlForlayer",
                          - "ecr:BatchGetImage",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ecr:ca-central-1:820252213580:repository/covid-server/metrics-server"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "ec2:DescribeNetworkInterfaces",
                          - "ec2:DeleteNetworkInterface",
                          - "ec2:CreateNetworkInterface",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "s3:PutObjectAcl",
                          - "s3:PutObject",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:s3:::unmasked-metrics-tdvfd-production/*",
                          - "arn:aws:s3:::unmasked-metrics-tdvfd-production",
                          - "arn:aws:s3:::masked-metrics-tdvfd-production/*",
                          - "arn:aws:s3:::masked-metrics-tdvfd-production",
                        ]
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "elasticfilesystem:DescribeMountTargets",
                          - "elasticfilesystem:ClientWrite",
                          - "elasticfilesystem:ClientMount",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c",
                          - "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d",
                        ]
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA356WXQFGANOBIN2CB" -> null
      - tags      = {} -> null
      - tags_all  = {} -> null
    }

  # aws_iam_role.metrics_csv will be destroyed
  - resource "aws_iam_role" "metrics_csv" {
      - arn                   = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2021-05-19T20:22:43Z" -> null
      - force_detach_policies = false -> null
      - id                    = "metrics_csv_lambda_role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::820252213580:policy/EtlLambdaAccess",
          - "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "metrics_csv_lambda_role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {} -> null
      - unique_id             = "AROA356WXQFGIV2GRLHFI" -> null

      - inline_policy {}
    }

  # aws_iam_role_policy_attachment.etl_policies will be destroyed
  - resource "aws_iam_role_policy_attachment" "etl_policies" {
      - id         = "metrics_csv_lambda_role-20210519202244195100000001" -> null
      - policy_arn = "arn:aws:iam::820252213580:policy/EtlLambdaAccess" -> null
      - role       = "metrics_csv_lambda_role" -> null
    }

  # aws_iam_role_policy_attachment.lambda_insights will be destroyed
  - resource "aws_iam_role_policy_attachment" "lambda_insights" {
      - id         = "metrics_csv_lambda_role-20210526134833317700000001" -> null
      - policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" -> null
      - role       = "metrics_csv_lambda_role" -> null
    }

  # aws_lambda_permission.allow-cloudwatch-to-call-masked_metrics will be destroyed
  - resource "aws_lambda_permission" "allow-cloudwatch-to-call-masked_metrics" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "masked_metrics" -> null
      - id            = "AllowExecutionFromCloudWatch" -> null
      - principal     = "events.amazonaws.com" -> null
      - source_arn    = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - statement_id  = "AllowExecutionFromCloudWatch" -> null
    }

  # aws_lambda_permission.allow-cloudwatch-to-call-unmasked_metrics will be destroyed
  - resource "aws_lambda_permission" "allow-cloudwatch-to-call-unmasked_metrics" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "unmasked_metrics" -> null
      - id            = "AllowExecutionFromCloudWatch" -> null
      - principal     = "events.amazonaws.com" -> null
      - source_arn    = "arn:aws:events:ca-central-1:820252213580:rule/twice-a-day" -> null
      - statement_id  = "AllowExecutionFromCloudWatch" -> null
    }

  # module.masked_metrics.aws_cloudwatch_log_group.metric_log will be destroyed
  - resource "aws_cloudwatch_log_group" "metric_log" {
      - arn               = "arn:aws:logs:ca-central-1:820252213580:log-group:/aws/lambda/masked_metrics" -> null
      - id                = "/aws/lambda/masked_metrics" -> null
      - name              = "/aws/lambda/masked_metrics" -> null
      - retention_in_days = 14 -> null
      - tags              = {} -> null
      - tags_all          = {} -> null
    }

  # module.masked_metrics.aws_efs_access_point.access_point_for_lambda will be destroyed
  - resource "aws_efs_access_point" "access_point_for_lambda" {
      - arn             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-0320df5e73bc78c10" -> null
      - file_system_arn = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - file_system_id  = "fs-61b9848c" -> null
      - id              = "fsap-0320df5e73bc78c10" -> null
      - owner_id        = "820252213580" -> null
      - tags            = {} -> null
      - tags_all        = {} -> null

      - posix_user {
          - gid            = 1000 -> null
          - secondary_gids = [] -> null
          - uid            = 1000 -> null
        }

      - root_directory {
          - path = "/lambda" -> null

          - creation_info {
              - owner_gid   = 1000 -> null
              - owner_uid   = 1000 -> null
              - permissions = "777" -> null
            }
        }
    }

  # module.masked_metrics.aws_efs_file_system.efs_for_lambda will be destroyed
  - resource "aws_efs_file_system" "efs_for_lambda" {
      - arn                             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - creation_token                  = "terraform-20210521225218804700000001" -> null
      - dns_name                        = "fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - encrypted                       = true -> null
      - id                              = "fs-61b9848c" -> null
      - kms_key_id                      = "arn:aws:kms:ca-central-1:820252213580:key/1052ecd5-f5c8-432c-a761-b394e546187b" -> null
      - number_of_mount_targets         = 1 -> null
      - owner_id                        = "820252213580" -> null
      - performance_mode                = "generalPurpose" -> null
      - provisioned_throughput_in_mibps = 0 -> null
      - size_in_bytes                   = [
          - {
              - value             = 987086848
              - value_in_ia       = 0
              - value_in_standard = 987086848
            },
        ] -> null
      - tags                            = {
          - "Name" = "masked_metrics_efs"
        } -> null
      - tags_all                        = {
          - "Name" = "masked_metrics_efs"
        } -> null
      - throughput_mode                 = "bursting" -> null
    }

  # module.masked_metrics.aws_efs_mount_target.mt will be destroyed
  - resource "aws_efs_mount_target" "mt" {
      - availability_zone_id   = "cac1-az2" -> null
      - availability_zone_name = "ca-central-1b" -> null
      - dns_name               = "fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - file_system_arn        = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-61b9848c" -> null
      - file_system_id         = "fs-61b9848c" -> null
      - id                     = "fsmt-22f34dcf" -> null
      - ip_address             = "10.0.1.138" -> null
      - mount_target_dns_name  = "ca-central-1b.fs-61b9848c.efs.ca-central-1.amazonaws.com" -> null
      - network_interface_id   = "eni-01b7a0c0761072f36" -> null
      - owner_id               = "820252213580" -> null
      - security_groups        = [
          - "sg-0601b86c6c8a63c5d",
        ] -> null
      - subnet_id              = "subnet-06fcfc328ffe9f5d0" -> null
    }

  # module.masked_metrics.aws_lambda_function.lambda will be destroyed
  - resource "aws_lambda_function" "lambda" {
      - arn                            = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics" -> null
      - function_name                  = "masked_metrics" -> null
      - id                             = "masked_metrics" -> null
      - image_uri                      = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:6fbb890e8a7cdfd19d3b3de1ed8885f5ac7442ef" -> null
      - invoke_arn                     = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics/invocations" -> null
      - last_modified                  = "2021-05-28T13:14:28.989+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 10240 -> null
      - package_type                   = "Image" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:ca-central-1:820252213580:function:masked_metrics:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - source_code_hash               = "06b15b64e863e4cb0d35600748b5a4200c11a027e175bd62293a9decf7b4693d" -> null
      - source_code_size               = 0 -> null
      - tags                           = {} -> null
      - tags_all                       = {} -> null
      - timeout                        = 900 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "BUCKET_NAME"    = "masked-metrics-tdvfd-production"
              - "ENVIRONMENT"    = "production"
              - "IN_MEMORY_DATA" = "True"
              - "MASK_DATA"      = "true"
              - "TMP_PATH"       = "/mnt/efs"
            } -> null
        }

      - file_system_config {
          - arn              = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-0320df5e73bc78c10" -> null
          - local_mount_path = "/mnt/efs" -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0b77afa7e1b78c3c2",
            ] -> null
          - subnet_ids         = [
              - "subnet-06fcfc328ffe9f5d0",
            ] -> null
          - vpc_id             = "vpc-086a4997479cf5b10" -> null
        }
    }

  # module.unmasked_metrics.aws_cloudwatch_log_group.metric_log will be destroyed
  - resource "aws_cloudwatch_log_group" "metric_log" {
      - arn               = "arn:aws:logs:ca-central-1:820252213580:log-group:/aws/lambda/unmasked_metrics" -> null
      - id                = "/aws/lambda/unmasked_metrics" -> null
      - name              = "/aws/lambda/unmasked_metrics" -> null
      - retention_in_days = 14 -> null
      - tags              = {} -> null
      - tags_all          = {} -> null
    }

  # module.unmasked_metrics.aws_efs_access_point.access_point_for_lambda will be destroyed
  - resource "aws_efs_access_point" "access_point_for_lambda" {
      - arn             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-089530abd87ad4b95" -> null
      - file_system_arn = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - file_system_id  = "fs-60b9848d" -> null
      - id              = "fsap-089530abd87ad4b95" -> null
      - owner_id        = "820252213580" -> null
      - tags            = {} -> null
      - tags_all        = {} -> null

      - posix_user {
          - gid            = 1000 -> null
          - secondary_gids = [] -> null
          - uid            = 1000 -> null
        }

      - root_directory {
          - path = "/lambda" -> null

          - creation_info {
              - owner_gid   = 1000 -> null
              - owner_uid   = 1000 -> null
              - permissions = "777" -> null
            }
        }
    }

  # module.unmasked_metrics.aws_efs_file_system.efs_for_lambda will be destroyed
  - resource "aws_efs_file_system" "efs_for_lambda" {
      - arn                             = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - creation_token                  = "terraform-20210521225218807600000002" -> null
      - dns_name                        = "fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - encrypted                       = true -> null
      - id                              = "fs-60b9848d" -> null
      - kms_key_id                      = "arn:aws:kms:ca-central-1:820252213580:key/1052ecd5-f5c8-432c-a761-b394e546187b" -> null
      - number_of_mount_targets         = 1 -> null
      - owner_id                        = "820252213580" -> null
      - performance_mode                = "generalPurpose" -> null
      - provisioned_throughput_in_mibps = 0 -> null
      - size_in_bytes                   = [
          - {
              - value             = 961015808
              - value_in_ia       = 0
              - value_in_standard = 961015808
            },
        ] -> null
      - tags                            = {
          - "Name" = "unmasked_metrics_efs"
        } -> null
      - tags_all                        = {
          - "Name" = "unmasked_metrics_efs"
        } -> null
      - throughput_mode                 = "bursting" -> null
    }

  # module.unmasked_metrics.aws_efs_mount_target.mt will be destroyed
  - resource "aws_efs_mount_target" "mt" {
      - availability_zone_id   = "cac1-az2" -> null
      - availability_zone_name = "ca-central-1b" -> null
      - dns_name               = "fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - file_system_arn        = "arn:aws:elasticfilesystem:ca-central-1:820252213580:file-system/fs-60b9848d" -> null
      - file_system_id         = "fs-60b9848d" -> null
      - id                     = "fsmt-23f34dce" -> null
      - ip_address             = "10.0.1.226" -> null
      - mount_target_dns_name  = "ca-central-1b.fs-60b9848d.efs.ca-central-1.amazonaws.com" -> null
      - network_interface_id   = "eni-03392ade9ee4f1415" -> null
      - owner_id               = "820252213580" -> null
      - security_groups        = [
          - "sg-0601b86c6c8a63c5d",
        ] -> null
      - subnet_id              = "subnet-06fcfc328ffe9f5d0" -> null
    }

  # module.unmasked_metrics.aws_lambda_function.lambda will be destroyed
  - resource "aws_lambda_function" "lambda" {
      - arn                            = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics" -> null
      - function_name                  = "unmasked_metrics" -> null
      - id                             = "unmasked_metrics" -> null
      - image_uri                      = "820252213580.dkr.ecr.ca-central-1.amazonaws.com/covid-server/metrics-server:6fbb890e8a7cdfd19d3b3de1ed8885f5ac7442ef" -> null
      - invoke_arn                     = "arn:aws:apigateway:ca-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics/invocations" -> null
      - last_modified                  = "2021-05-27T17:08:52.000+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 10240 -> null
      - package_type                   = "Image" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:ca-central-1:820252213580:function:unmasked_metrics:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::820252213580:role/metrics_csv_lambda_role" -> null
      - source_code_hash               = "06b15b64e863e4cb0d35600748b5a4200c11a027e175bd62293a9decf7b4693d" -> null
      - source_code_size               = 0 -> null
      - tags                           = {} -> null
      - tags_all                       = {} -> null
      - timeout                        = 900 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "BUCKET_NAME"    = "unmasked-metrics-tdvfd-production"
              - "ENVIRONMENT"    = "production"
              - "IN_MEMORY_DATA" = "True"
              - "MASK_DATA"      = "false"
              - "TMP_PATH"       = "/mnt/efs"
            } -> null
        }

      - file_system_config {
          - arn              = "arn:aws:elasticfilesystem:ca-central-1:820252213580:access-point/fsap-089530abd87ad4b95" -> null
          - local_mount_path = "/mnt/efs" -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }

      - vpc_config {
          - security_group_ids = [
              - "sg-0b77afa7e1b78c3c2",
            ] -> null
          - subnet_ids         = [
              - "subnet-06fcfc328ffe9f5d0",
            ] -> null
          - vpc_id             = "vpc-086a4997479cf5b10" -> null
        }
    }

Plan: 0 to add, 0 to change, 19 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in an hour

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: network

✅   Terraform Format: success ✅   Terraform Plan: success

⚠️   WARNING: resources will be destroyed by this change!

Plan: 7 to add, 1 to change, 2 to destroy

<details> <summary>Show Plan</summary>

aws_vpc.main: Refreshing state... [id=vpc-086a4997479cf5b10]
aws_eip.lambda: Refreshing state... [id=eipalloc-0e14bda1148801041]
aws_internet_gateway.gw: Refreshing state... [id=igw-00e00ca5f9d0d9bb1]
aws_default_route_table.default: Refreshing state... [id=rtb-0808af644864c76fc]
aws_default_security_group.default: Refreshing state... [id=sg-05da359a059d41cdd]
aws_subnet.public: Refreshing state... [id=subnet-0f56eba7c1dbfdbe1]
aws_subnet.private: Refreshing state... [id=subnet-06fcfc328ffe9f5d0]
aws_default_network_acl.default: Refreshing state... [id=acl-0549ea64c0a5dd244]
aws_security_group.efs: Refreshing state... [id=sg-0601b86c6c8a63c5d]
aws_security_group.lambda: Refreshing state... [id=sg-0b77afa7e1b78c3c2]
aws_route_table.public: Refreshing state... [id=rtb-03b21c36e7aa3f06d]
aws_security_group_rule.inet_egress: Refreshing state... [id=sgrule-2790156866]
aws_security_group_rule.efs_egress: Refreshing state... [id=sgrule-3197137894]
aws_security_group_rule.efs_ingress: Refreshing state... [id=sgrule-3307242864]
aws_nat_gateway.nat_gateway: Refreshing state... [id=nat-0330af1b2a402ec33]
aws_network_acl.main: Refreshing state... [id=acl-03ffeb664fa756d29]
aws_vpc_endpoint.dynamodb: Refreshing state... [id=vpce-00dc3084b7f725d68]
aws_route_table_association.public: Refreshing state... [id=rtbassoc-0e9f78a27f7846671]
aws_vpc_endpoint.s3: Refreshing state... [id=vpce-06674ae7bb78e969f]
aws_route_table.private: Refreshing state... [id=rtb-00da3a96f8b34217a]
aws_route_table_association.a: Refreshing state... [id=rtbassoc-06527543e55cc4b21]
aws_security_group_rule.s3_private_link: Refreshing state... [id=sgrule-1374877533]
aws_security_group_rule.dynamodb_privatelink: Refreshing state... [id=sgrule-2378049180]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.vpc_metrics_flow_logs_write will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "vpc_metrics_flow_logs_write"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:DescribeLogGroups",
              + "logs:DescribeLogStreams",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # aws_cloudwatch_log_group.vpc_metrics_flow_logs will be created
  + resource "aws_cloudwatch_log_group" "vpc_metrics_flow_logs" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "vpc_metrics_flow_logs"
      + retention_in_days = 30
      + tags_all          = (known after apply)
    }

  # aws_flow_log.vpc_metrics_flow_logs will be created
  + resource "aws_flow_log" "vpc_metrics_flow_logs" {
      + arn                      = (known after apply)
      + iam_role_arn             = (known after apply)
      + id                       = (known after apply)
      + log_destination          = (known after apply)
      + log_destination_type     = "cloud-watch-logs"
      + log_format               = (known after apply)
      + log_group_name           = (known after apply)
      + max_aggregation_interval = 600
      + tags_all                 = (known after apply)
      + traffic_type             = "ALL"
      + vpc_id                   = "vpc-086a4997479cf5b10"
    }

  # aws_iam_policy.vpc_metrics_flow_logs_write will be created
  + resource "aws_iam_policy" "vpc_metrics_flow_logs_write" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "CovidAlertMetricsVpcFlowLogs"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
      + tags_all  = (known after apply)
    }

  # aws_iam_role.vpc_metrics_flow_logs will be created
  + resource "aws_iam_role" "vpc_metrics_flow_logs" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "vpc-flow-logs.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "vpc_metrics_flow_logs"
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write will be created
  + resource "aws_iam_role_policy_attachment" "vpc_metrics_flow_logs_write" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "vpc_metrics_flow_logs"
    }

  # aws_network_acl.main will be updated in-place
  ~ resource "aws_network_acl" "main" {
        id         = "acl-03ffeb664fa756d29"
      ~ subnet_ids = [
          - "subnet-06fcfc328ffe9f5d0",
          - "subnet-0f56eba7c1dbfdbe1",
        ] -> (known after apply)
        tags       = {
            "Name" = "metricsstaging_main_nacl"
        }
        # (6 unchanged attributes hidden)
    }

  # aws_route_table_association.a must be replaced
-/+ resource "aws_route_table_association" "a" {
      ~ id             = "rtbassoc-06527543e55cc4b21" -> (known after apply)
      ~ subnet_id      = "subnet-06fcfc328ffe9f5d0" -> (known after apply) # forces replacement
        # (1 unchanged attribute hidden)
    }

  # aws_subnet.private must be replaced
-/+ resource "aws_subnet" "private" {
      ~ arn                             = "arn:aws:ec2:ca-central-1:820252213580:subnet/subnet-06fcfc328ffe9f5d0" -> (known after apply)
      ~ availability_zone               = "ca-central-1b" -> "ca-central-1a" # forces replacement
      ~ availability_zone_id            = "cac1-az2" -> (known after apply)
      ~ id                              = "subnet-06fcfc328ffe9f5d0" -> (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      - map_customer_owned_ip_on_launch = false -> null
      ~ owner_id                        = "820252213580" -> (known after apply)
        tags                            = {
            "Name" = "metricsstaging_private_subnet"
        }
        # (5 unchanged attributes hidden)
    }

Plan: 7 to add, 1 to change, 2 to destroy.

Changes to Outputs:
  ~ private_subnet_id = "subnet-06fcfc328ffe9f5d0" -> (known after apply)

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

Releasing state lock. This may take a few moments...

</details>

CalvinRodo

comment created time in an hour

pull request commentcds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Production: s3

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 2 to add, 0 to change, 0 to destroy

<details> <summary>Show Plan</summary>

random_string.bucket_random_id: Refreshing state... [id=tdvfd]
module.masked_metrics.aws_s3_bucket.masked_metrics: Refreshing state... [id=masked-metrics-tdvfd-production]
module.unmasked_metrics.aws_s3_bucket.masked_metrics: Refreshing state... [id=unmasked-metrics-tdvfd-production]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.masked_metrics.aws_s3_bucket_public_access_block.masked_metrics will be created
  + resource "aws_s3_bucket_public_access_block" "masked_metrics" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "masked-metrics-tdvfd-production"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.unmasked_metrics.aws_s3_bucket_public_access_block.masked_metrics will be created
  + resource "aws_s3_bucket_public_access_block" "masked_metrics" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "unmasked-metrics-tdvfd-production"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

Plan: 2 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in an hour

PR opened cds-snc/covid-alert-metrics-terraform

feat: update to version 1.0.25

Adds ECS module Removes ETL_Lambda's

Expected changes ETL_Lambda deletions Adding Scheduled tasks and an ECS Cluster for in-app metrics.

+141 -1

0 comment

4 changed files

pr created time in an hour

create barnchcds-snc/covid-alert-metrics-terraform

branch : feat/deploy_to_ecs

created branch time in an hour

created tagcds-snc/covid-alert-metrics-terraform

tagv1.0.25

created time in an hour

push eventcds-snc/covid-alert-metrics-terraform

CalvinRodo

commit sha 9a51ac5da6f75346081c53a64784bb15ea057ee8

fix: adding back the task execution role

view details

Calvin Rodo

commit sha 99c3b15f5e2a11fc7c124808731d32e938844937

Merge pull request #113 from cds-snc/fix/pass_role_task_exec fix: adding back the task execution role

view details

push time in 2 hours

delete branch cds-snc/covid-alert-metrics-terraform

delete branch : fix/pass_role_task_exec

delete time in 2 hours

PR merged cds-snc/covid-alert-metrics-terraform

fix: adding back the task execution role

Re-adds the ability to pass the task execution role on, as I never should have removed it in the first place.

+1 -1

2 comments

1 changed file

CalvinRodo

pr closed time in 2 hours

pull request commentcds-snc/covid-alert-metrics-terraform

fix: adding back the task execution role

🏁 Plans are complete for this run

CalvinRodo

comment created time in 2 hours

pull request commentcds-snc/covid-alert-metrics-terraform

fix: adding back the task execution role

Staging: ecs

✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 0 to add, 2 to change, 0 to destroy

<details> <summary>Show Plan</summary>

module.unmasked_metrics.aws_cloudwatch_event_rule.event_rule: Refreshing state... [id=unmasked_metrics_event_rule]
module.masked_metrics.aws_cloudwatch_log_group.log: Refreshing state... [id=/aws/ecs/masked_metrics_ecs]
module.masked_metrics.aws_cloudwatch_event_rule.event_rule: Refreshing state... [id=masked_metrics_event_rule]
aws_ecs_cluster.in_app_metrics: Refreshing state... [id=arn:aws:ecs:ca-central-1:005133826942:cluster/in-app-metrics]
module.unmasked_metrics.aws_cloudwatch_log_group.log: Refreshing state... [id=/aws/ecs/unmasked_metrics_ecs]
aws_iam_role.scheduled_task_cw_event_role: Refreshing state... [id=etl-st-cw-role]
aws_iam_role.task_execution_role: Refreshing state... [id=metrics_task_execution_role]
aws_iam_role.container_execution_role: Refreshing state... [id=container_execution_role]
module.masked_metrics.aws_ecs_task_definition.task_def: Refreshing state... [id=masked_metrics]
module.unmasked_metrics.aws_ecs_task_definition.task_def: Refreshing state... [id=unmasked_metrics]
aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy: Refreshing state... [id=etl-st-cw-role:etl-st-cw-policy]
module.unmasked_metrics.aws_cloudwatch_event_target.ecs_scheduled_task: Refreshing state... [id=unmasked_metrics_event_rule-terraform-20210617204945092200000001]
aws_iam_policy.etl_policies: Refreshing state... [id=arn:aws:iam::005133826942:policy/ETLTaskExecutionPolicies]
module.masked_metrics.aws_cloudwatch_event_target.ecs_scheduled_task: Refreshing state... [id=masked_metrics_event_rule-terraform-20210617204945093200000002]
aws_iam_role_policy_attachment.te_etl_policies: Refreshing state... [id=metrics_task_execution_role-20210614163001316100000003]
aws_iam_role_policy_attachment.ce_cs: Refreshing state... [id=container_execution_role-20210614144933509400000001]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_role_policy.scheduled_task_cw_event_role_cloudwatch_policy will be updated in-place
  ~ resource "aws_iam_role_policy" "scheduled_task_cw_event_role_cloudwatch_policy" {
        id     = "etl-st-cw-role:etl-st-cw-policy"
        name   = "etl-st-cw-policy"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    {
                        Action   = "ecs:RunTask"
                        Effect   = "Allow"
                        Resource = "*"
                        Sid      = ""
                    },
                  ~ {
                      ~ Resource = "arn:aws:iam::005133826942:role/container_execution_role" -> [
                          + "arn:aws:iam::005133826942:role/metrics_task_execution_role",
                          + "arn:aws:iam::005133826942:role/container_execution_role",
                        ]
                        # (3 unchanged elements hidden)
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.masked_metrics.aws_cloudwatch_event_rule.event_rule will be updated in-place
  ~ resource "aws_cloudwatch_event_rule" "event_rule" {
        id                  = "masked_metrics_event_rule"
        name                = "masked_metrics_event_rule"
      ~ schedule_expression = "rate(1 minute)" -> "rate(24 hours)"
        tags                = {
            "Name" = "masked_metrics-cw-event-rule"
        }
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: /home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary

To perform exactly these actions, run the following command to apply:
    terraform apply "/home/runner/work/covid-alert-metrics-terraform/covid-alert-metrics-terraform/tfplan.binary"

</details>

CalvinRodo

comment created time in 2 hours

PR opened cds-snc/covid-alert-metrics-terraform

fix: adding back the task execution role

Re-adds the ability to pass the task execution role on, as I never should have removed it in the first place.

+1 -1

0 comment

1 changed file

pr created time in 2 hours

create barnchcds-snc/covid-alert-metrics-terraform

branch : fix/pass_role_task_exec

created branch time in 2 hours

push eventcds-snc/covid-alert-metrics-terraform

CalvinRodo

commit sha 6ca4eb210f684db8315c945f72d6b69eeeba3351

fix: use container exec role instead of task

view details

Calvin Rodo

commit sha 97d0d872be3119c6e7898bb6ef4acb7a6a380569

Merge pull request #112 from cds-snc/fix/pass_role fix: use container exec role instead of task

view details

push time in 3 hours