JesusFilm / core

JFP DS Engineering Monorepo
https://docs.core.jesusfilm.org/
19 stars 12 forks source link

chore: add hmac signing to subgraphs #3595

Closed tataihono closed 4 months ago

tataihono commented 4 months ago

depends on https://github.com/JesusFilm/core/pull/3594

This pull request introduces HMAC signature validation across various services and updates the infrastructure configuration to support this change. The main updates include adding the GATEWAY_HMAC_SECRET environment variable and incorporating the useHmacSignatureValidation plugin in the Yoga server configurations.

HMAC Signature Validation:

Infrastructure Configuration:

Gateway Configuration:

Other Changes:

linear[bot] commented 4 months ago

ENG-1112 add hmac signing to subgraphs

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #3590. To continue, delete the lock from #3590 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

github-actions[bot] commented 4 months ago
Warnings
:warning: Is this PR related to a Basecamp issue? If so link it via the PR description - https://3.basecamp.com/3105655/buckets/:projectId/todos/:todoId

Generated by :no_entry_sign: dangerJS against df7faf95ee15cdaa408c24ab57da2f5bdb705ef9

github-actions[bot] commented 4 months ago

The latest updates on your projects.

Name Status Preview Updated (UTC)
docs ✅ Ready Visit Preview Thu Oct 3 01:35:36 UTC 2024
github-actions[bot] commented 4 months ago

The latest updates on your projects.

Name Status Preview Updated (UTC)
arclight ✅ Ready Visit Preview Thu Oct 3 01:36:04 UTC 2024
github-actions[bot] commented 4 months ago

The latest updates on your projects.

Name Status Preview Updated (UTC)
journeys ✅ Ready Visit Preview Thu Oct 3 01:36:28 UTC 2024
github-actions[bot] commented 4 months ago

The latest updates on your projects.

Name Status Preview Updated (UTC)
watch ✅ Ready Visit Preview Thu Oct 3 01:37:06 UTC 2024
github-actions[bot] commented 4 months ago

The latest updates on your projects.

Name Status Preview Updated (UTC)
videos-admin ✅ Ready Visit Preview Thu Oct 3 01:37:21 UTC 2024
tataihono commented 4 months ago

atlantis plan

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

Plan Failed: This project is currently locked by an unapplied plan from pull #3594. To continue, delete the lock from #3594 or apply that plan and merge the pull request.

Once the lock is released, comment atlantis plan here to re-plan.

tataihono commented 4 months ago

atlantis plan

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

Plan Error

the default workspace at path infrastructure is currently locked by another command that is running for this pull request.
Wait until the previous command is complete and try again
jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

Plan Error

the default workspace at path infrastructure is currently locked by another command that is running for this pull request.
Wait until the previous command is complete and try again
jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

Show Output ```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place - destroy +/- create replacement and then destroy Terraform will perform the following actions: # module.prod.module.api-analytics.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/api-analytics-prod-service" name = "api-analytics-prod-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-analytics-prod:3" -> ```


Warning: Output length greater than max comment size. Continued in next comment.

jesus-film-bot commented 4 months ago

Continued plan output from previous comment.

Show Output ```diff (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.prod.module.api-analytics.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-analytics-prod:3" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-analytics-prod" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-analytics-prod:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-analytics" - dd_source = "nestjs" - dd_tags = "env:prod" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-analytics-prod-app" - portMappings = [ - { - containerPort = 4008 - hostPort = 4008 - protocol = "tcp" }, ] - secrets = [ - { - name = "PG_DATABASE_URL_ANALYTICS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-analytics/prod/PG_DATABASE_URL_ANALYTICS" }, - { - name = "PLAUSIBLE_SECRET_KEY_BASE" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-analytics/prod/PLAUSIBLE_SECRET_KEY_BASE" }, - { - name = "PRISMA_LOCATION_ANALYTICS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-analytics/prod/PRISMA_LOCATION_ANALYTICS" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:prod app:api-analytics" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-analytics-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-analytics-prod-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-analytics-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-analytics-prod-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-analytics-prod" -> (known after apply) ~ revision = 3 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.prod.module.api-analytics.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-analytics/prod/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.prod.module.api-journeys-modern.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/api-journeys-modern-prod-service" name = "api-journeys-modern-prod-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-prod:1" -> (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.prod.module.api-journeys-modern.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-prod:1" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-prod" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-journeys-modern-prod:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-journeys-modern" - dd_source = "nestjs" - dd_tags = "env:prod" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-journeys-modern-prod-app" - portMappings = [ - { - containerPort = 4004 - hostPort = 4004 - protocol = "tcp" }, ] - secrets = [ - { - name = "AWS_ACCESS_KEY_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/AWS_ACCESS_KEY_ID" }, - { - name = "AWS_SECRET_ACCESS_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/AWS_SECRET_ACCESS_KEY" }, - { - name = "CLOUDFLARE_ACCOUNT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/CLOUDFLARE_ACCOUNT_ID" }, - { - name = "CLOUDFLARE_STREAM_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/CLOUDFLARE_STREAM_TOKEN" }, - { - name = "FIREBASE_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/FIREBASE_API_KEY" }, - { - name = "GATEWAY_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/GATEWAY_URL" }, - { - name = "GIT_BRANCH" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/GIT_BRANCH" }, - { - name = "GOOGLE_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/GOOGLE_APPLICATION_JSON" }, - { - name = "GROWTH_SPACES_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/GROWTH_SPACES_URL" }, - { - name = "INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET" }, - { - name = "INTEROP_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/INTEROP_TOKEN" }, - { - name = "JOURNEYS_ADMIN_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/JOURNEYS_ADMIN_URL" }, - { - name = "MAILCHIMP_AUDIENCE_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/MAILCHIMP_AUDIENCE_ID" }, - { - name = "MAILCHIMP_MARKETING_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/MAILCHIMP_MARKETING_API_KEY" }, - { - name = "MAILCHIMP_MARKETING_API_SERVER_PREFIX" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/MAILCHIMP_MARKETING_API_SERVER_PREFIX" }, - { - name = "PG_DATABASE_URL_JOURNEYS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/PG_DATABASE_URL_JOURNEYS" }, - { - name = "PLAUSIBLE_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/PLAUSIBLE_API_KEY" }, - { - name = "PLAUSIBLE_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/PLAUSIBLE_URL" }, - { - name = "PLAYWRIGHT_USER_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/PLAYWRIGHT_USER_ID" }, - { - name = "POWER_BI_CLIENT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_CLIENT_ID" }, - { - name = "POWER_BI_CLIENT_SECRET" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_CLIENT_SECRET" }, - { - name = "POWER_BI_JOURNEYS_MULTIPLE_FULL_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_JOURNEYS_MULTIPLE_FULL_REPORT_ID" }, - { - name = "POWER_BI_JOURNEYS_MULTIPLE_SUMMARY_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_JOURNEYS_MULTIPLE_SUMMARY_REPORT_ID" }, - { - name = "POWER_BI_JOURNEYS_SINGLE_FULL_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_JOURNEYS_SINGLE_FULL_REPORT_ID" }, - { - name = "POWER_BI_JOURNEYS_SINGLE_SUMMARY_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_JOURNEYS_SINGLE_SUMMARY_REPORT_ID" }, - { - name = "POWER_BI_TENANT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_TENANT_ID" }, - { - name = "POWER_BI_WORKSPACE_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/POWER_BI_WORKSPACE_ID" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/REDIS_URL" }, - { - name = "VERCEL_JOURNEYS_PROJECT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/VERCEL_JOURNEYS_PROJECT_ID" }, - { - name = "VERCEL_TEAM_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/VERCEL_TEAM_ID" }, - { - name = "VERCEL_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/prod/VERCEL_TOKEN" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:prod app:api-journeys-modern" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-journeys-modern-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-journeys-modern-prod-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-journeys-modern-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-journeys-modern-prod-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-journeys-modern-prod" -> (known after apply) ~ revision = 1 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.prod.module.api-journeys-modern.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-journeys-modern/prod/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.prod.module.api-languages.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/api-languages-prod-service" name = "api-languages-prod-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-languages-prod:37" -> (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.prod.module.api-languages.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-languages-prod:37" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-languages-prod" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-languages-prod:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-languages" - dd_source = "nestjs" - dd_tags = "env:prod" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-languages-prod-app" - portMappings = [ - { - containerPort = 4003 - hostPort = 4003 - protocol = "tcp" }, ] - secrets = [ - { - name = "ARCLIGHT_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/ARCLIGHT_API_KEY" }, - { - name = "ARCLIGHT_V3_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/ARCLIGHT_V3_URL" }, - { - name = "BIG_QUERY_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/BIG_QUERY_APPLICATION_JSON" }, - { - name = "PG_DATABASE_URL_LANGUAGES" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/PG_DATABASE_URL_LANGUAGES" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/REDIS_URL" }, - { - name = "WESS_API_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/prod/WESS_API_TOKEN" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:prod app:api-languages" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-languages-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-languages-prod-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-languages-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-languages-prod-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-languages-prod" -> (known after apply) ~ revision = 37 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.prod.module.api-languages.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-languages/prod/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.prod.module.api-media.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/api-media-prod-service" name = "api-media-prod-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-media-prod:23" -> (known after apply) # (15 unchanged attributes hidden) # (5 unchanged blocks hidden) } # module.prod.module.api-media.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-media-prod:23" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-media-prod" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-media-prod:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-media" - dd_source = "nestjs" - dd_tags = "env:prod" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-media-prod-app" - portMappings = [ - { - containerPort = 4005 - hostPort = 4005 - protocol = "tcp" }, ] - secrets = [ - { - name = "ALGOLIA_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/ALGOLIA_API_KEY" }, - { - name = "ALGOLIA_APPLICATION_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/ALGOLIA_APPLICATION_ID" }, - { - name = "ALGOLIA_INDEX" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/ALGOLIA_INDEX" }, - { - name = "ARCLIGHT_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/ARCLIGHT_API_KEY" }, - { - name = "ARCLIGHT_V3_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/ARCLIGHT_V3_URL" }, - { - name = "BIG_QUERY_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/BIG_QUERY_APPLICATION_JSON" }, - { - name = "CLOUDFLARE_ACCOUNT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/CLOUDFLARE_ACCOUNT_ID" }, - { - name = "CLOUDFLARE_IMAGES_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/CLOUDFLARE_IMAGES_TOKEN" }, - { - name = "CLOUDFLARE_IMAGE_ACCOUNT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/CLOUDFLARE_IMAGE_ACCOUNT" }, - { - name = "CLOUDFLARE_STREAM_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/CLOUDFLARE_STREAM_TOKEN" }, - { - name = "CROWDIN_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/CROWDIN_API_KEY" }, - { - name = "GATEWAY_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/GATEWAY_URL" }, - { - name = "GOOGLE_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/GOOGLE_APPLICATION_JSON" }, - { - name = "PG_DATABASE_URL_MEDIA" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/PG_DATABASE_URL_MEDIA" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/REDIS_URL" }, - { - name = "SEGMIND_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/SEGMIND_API_KEY" }, - { - name = "UNSPLASH_ACCESS_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/UNSPLASH_ACCESS_KEY" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:prod app:api-media" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-media-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-media-prod-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-media-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-media-prod-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-media-prod" -> (known after apply) ~ revision = 23 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.prod.module.api-media.module.ecs-task.aws_ssm_parameter.parameters["CLOUDFLARE_IMAGE_ACCOUNT"] will be destroyed # (because key ["CLOUDFLARE_IMAGE_ACCOUNT"] is not in for_each map) - resource "aws_ssm_parameter" "parameters" { - arn = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/prod/CLOUDFLARE_IMAGE_ACCOUNT" -> null - data_type = "text" -> null - id = "/ecs/api-media/prod/CLOUDFLARE_IMAGE_ACCOUNT" -> null - key_id = "alias/aws/ssm" -> null - name = "/ecs/api-media/prod/CLOUDFLARE_IMAGE_ACCOUNT" -> null - overwrite = true -> null - tags = { - "name" = "CLOUDFLARE_IMAGE_ACCOUNT" } -> null - tags_all = { - "name" = "CLOUDFLARE_IMAGE_ACCOUNT" } -> null - tier = "Standard" -> null - type = "SecureString" -> null - value = (sensitive value) -> null - version = 3 -> null # (2 unchanged attributes hidden) } # module.prod.module.api-media.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-media/prod/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.prod.module.api-users.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/api-users-prod-service" name = "api-users-prod-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-users-prod:41" -> (known after apply) # (15 unchanged attributes hidden) # (5 unchanged blocks hidden) } # module.prod.module.api-users.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-users-prod:41" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-users-prod" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 512 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-users-prod:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-users" - dd_source = "nestjs" - dd_tags = "env:prod" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 1024 - mountPoints = [] - name = "jfp-api-users-prod-app" - portMappings = [ - { - containerPort = 4002 - hostPort = 4002 - protocol = "tcp" }, ] - secrets = [ - { - name = "AWS_ACCESS_KEY_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/AWS_ACCESS_KEY_ID" }, - { - name = "AWS_SECRET_ACCESS_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/AWS_SECRET_ACCESS_KEY" }, - { - name = "EXAMPLE_EMAIL_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/EXAMPLE_EMAIL_TOKEN" }, - { - name = "GOOGLE_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/GOOGLE_APPLICATION_JSON" }, - { - name = "INTEROP_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/INTEROP_TOKEN" }, - { - name = "JOURNEYS_ADMIN_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/JOURNEYS_ADMIN_URL" }, - { - name = "NAT_ADDRESSES" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/NAT_ADDRESSES" }, - { - name = "PG_DATABASE_URL_USERS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/PG_DATABASE_URL_USERS" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/prod/REDIS_URL" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:prod app:api-users" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-users-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-users-prod-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-users-prod-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-users-prod-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-users-prod" -> (known after apply) ~ revision = 41 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.prod.module.api-users.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-users/prod/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.stage.module.api-analytics.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-stage/api-analytics-stage-service" name = "api-analytics-stage-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-analytics-stage:3" -> (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.stage.module.api-analytics.module.ecs-task.aws_ecs_task_defi ```


Warning: Output length greater than max comment size. Continued in next comment.

jesus-film-bot commented 4 months ago

Continued plan output from previous comment.

Show Output ```diff nition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-analytics-stage:3" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-analytics-stage" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-analytics-stage:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-analytics" - dd_source = "nestjs" - dd_tags = "env:stage" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-analytics-stage-app" - portMappings = [ - { - containerPort = 4008 - hostPort = 4008 - protocol = "tcp" }, ] - secrets = [ - { - name = "PG_DATABASE_URL_ANALYTICS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-analytics/stage/PG_DATABASE_URL_ANALYTICS" }, - { - name = "PLAUSIBLE_SECRET_KEY_BASE" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-analytics/stage/PLAUSIBLE_SECRET_KEY_BASE" }, - { - name = "PRISMA_LOCATION_ANALYTICS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-analytics/stage/PRISMA_LOCATION_ANALYTICS" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:stage app:api-analytics" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-analytics-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-analytics-stage-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-analytics-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-analytics-stage-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-analytics-stage" -> (known after apply) ~ revision = 3 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.stage.module.api-analytics.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-analytics/stage/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.stage.module.api-journeys-modern.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-stage/api-journeys-modern-stage-service" name = "api-journeys-modern-stage-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-stage:1" -> (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.stage.module.api-journeys-modern.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-stage:1" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-stage" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-journeys-modern-stage:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-journeys-modern" - dd_source = "nestjs" - dd_tags = "env:stage" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-journeys-modern-stage-app" - portMappings = [ - { - containerPort = 4004 - hostPort = 4004 - protocol = "tcp" }, ] - secrets = [ - { - name = "AWS_ACCESS_KEY_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/AWS_ACCESS_KEY_ID" }, - { - name = "AWS_SECRET_ACCESS_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/AWS_SECRET_ACCESS_KEY" }, - { - name = "CLOUDFLARE_ACCOUNT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/CLOUDFLARE_ACCOUNT_ID" }, - { - name = "CLOUDFLARE_STREAM_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/CLOUDFLARE_STREAM_TOKEN" }, - { - name = "FIREBASE_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/FIREBASE_API_KEY" }, - { - name = "GATEWAY_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/GATEWAY_URL" }, - { - name = "GIT_BRANCH" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/GIT_BRANCH" }, - { - name = "GOOGLE_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/GOOGLE_APPLICATION_JSON" }, - { - name = "GROWTH_SPACES_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/GROWTH_SPACES_URL" }, - { - name = "INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET" }, - { - name = "INTEROP_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/INTEROP_TOKEN" }, - { - name = "JOURNEYS_ADMIN_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/JOURNEYS_ADMIN_URL" }, - { - name = "MAILCHIMP_AUDIENCE_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/MAILCHIMP_AUDIENCE_ID" }, - { - name = "MAILCHIMP_MARKETING_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/MAILCHIMP_MARKETING_API_KEY" }, - { - name = "MAILCHIMP_MARKETING_API_SERVER_PREFIX" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/MAILCHIMP_MARKETING_API_SERVER_PREFIX" }, - { - name = "PG_DATABASE_URL_JOURNEYS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/PG_DATABASE_URL_JOURNEYS" }, - { - name = "PLAUSIBLE_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/PLAUSIBLE_API_KEY" }, - { - name = "PLAUSIBLE_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/PLAUSIBLE_URL" }, - { - name = "PLAYWRIGHT_USER_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/PLAYWRIGHT_USER_ID" }, - { - name = "POWER_BI_CLIENT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_CLIENT_ID" }, - { - name = "POWER_BI_CLIENT_SECRET" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_CLIENT_SECRET" }, - { - name = "POWER_BI_JOURNEYS_MULTIPLE_FULL_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_JOURNEYS_MULTIPLE_FULL_REPORT_ID" }, - { - name = "POWER_BI_JOURNEYS_MULTIPLE_SUMMARY_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_JOURNEYS_MULTIPLE_SUMMARY_REPORT_ID" }, - { - name = "POWER_BI_JOURNEYS_SINGLE_FULL_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_JOURNEYS_SINGLE_FULL_REPORT_ID" }, - { - name = "POWER_BI_JOURNEYS_SINGLE_SUMMARY_REPORT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_JOURNEYS_SINGLE_SUMMARY_REPORT_ID" }, - { - name = "POWER_BI_TENANT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_TENANT_ID" }, - { - name = "POWER_BI_WORKSPACE_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/POWER_BI_WORKSPACE_ID" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/REDIS_URL" }, - { - name = "VERCEL_JOURNEYS_PROJECT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/VERCEL_JOURNEYS_PROJECT_ID" }, - { - name = "VERCEL_TEAM_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/VERCEL_TEAM_ID" }, - { - name = "VERCEL_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys-modern/stage/VERCEL_TOKEN" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:stage app:api-journeys-modern" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-journeys-modern-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-journeys-modern-stage-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-journeys-modern-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-journeys-modern-stage-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-journeys-modern-stage" -> (known after apply) ~ revision = 1 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.stage.module.api-journeys-modern.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-journeys-modern/stage/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.stage.module.api-languages.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-stage/api-languages-stage-service" name = "api-languages-stage-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-languages-stage:27" -> (known after apply) # (15 unchanged attributes hidden) # (5 unchanged blocks hidden) } # module.stage.module.api-languages.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-languages-stage:27" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-languages-stage" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-languages-stage:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-languages" - dd_source = "nestjs" - dd_tags = "env:stage" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-languages-stage-app" - portMappings = [ - { - containerPort = 4003 - hostPort = 4003 - protocol = "tcp" }, ] - secrets = [ - { - name = "ARCLIGHT_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/ARCLIGHT_API_KEY" }, - { - name = "ARCLIGHT_V3_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/ARCLIGHT_V3_URL" }, - { - name = "BIG_QUERY_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/BIG_QUERY_APPLICATION_JSON" }, - { - name = "PG_DATABASE_URL_LANGUAGES" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/PG_DATABASE_URL_LANGUAGES" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/REDIS_URL" }, - { - name = "WESS_API_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-languages/stage/WESS_API_TOKEN" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:stage app:api-languages" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-languages-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-languages-stage-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-languages-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-languages-stage-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-languages-stage" -> (known after apply) ~ revision = 27 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.stage.module.api-languages.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-languages/stage/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.stage.module.api-media.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-stage/api-media-stage-service" name = "api-media-stage-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-media-stage:21" -> (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.stage.module.api-media.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-media-stage:21" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-media-stage" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 1024 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-media-stage:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-media" - dd_source = "nestjs" - dd_tags = "env:stage" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 2048 - mountPoints = [] - name = "jfp-api-media-stage-app" - portMappings = [ - { - containerPort = 4005 - hostPort = 4005 - protocol = "tcp" }, ] - secrets = [ - { - name = "ALGOLIA_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/ALGOLIA_API_KEY" }, - { - name = "ALGOLIA_APPLICATION_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/ALGOLIA_APPLICATION_ID" }, - { - name = "ALGOLIA_INDEX" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/ALGOLIA_INDEX" }, - { - name = "ARCLIGHT_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/ARCLIGHT_API_KEY" }, - { - name = "ARCLIGHT_V3_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/ARCLIGHT_V3_URL" }, - { - name = "BIG_QUERY_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/BIG_QUERY_APPLICATION_JSON" }, - { - name = "CLOUDFLARE_ACCOUNT_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/CLOUDFLARE_ACCOUNT_ID" }, - { - name = "CLOUDFLARE_IMAGES_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/CLOUDFLARE_IMAGES_TOKEN" }, - { - name = "CLOUDFLARE_IMAGE_ACCOUNT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/CLOUDFLARE_IMAGE_ACCOUNT" }, - { - name = "CLOUDFLARE_STREAM_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/CLOUDFLARE_STREAM_TOKEN" }, - { - name = "CROWDIN_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/CROWDIN_API_KEY" }, - { - name = "GATEWAY_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/GATEWAY_URL" }, - { - name = "GOOGLE_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/GOOGLE_APPLICATION_JSON" }, - { - name = "PG_DATABASE_URL_MEDIA" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/PG_DATABASE_URL_MEDIA" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/REDIS_URL" }, - { - name = "SEGMIND_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/SEGMIND_API_KEY" }, - { - name = "UNSPLASH_ACCESS_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/UNSPLASH_ACCESS_KEY" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:stage app:api-media" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-media-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-media-stage-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-media-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-media-stage-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-media-stage" -> (known after apply) ~ revision = 21 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.stage.module.api-media.module.ecs-task.aws_ssm_parameter.parameters["CLOUDFLARE_IMAGE_ACCOUNT"] will be destroyed # (because key ["CLOUDFLARE_IMAGE_ACCOUNT"] is not in for_each map) - resource "aws_ssm_parameter" "parameters" { - arn = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-media/stage/CLOUDFLARE_IMAGE_ACCOUNT" -> null - data_type = "text" -> null - id = "/ecs/api-media/stage/CLOUDFLARE_IMAGE_ACCOUNT" -> null - key_id = "alias/aws/ssm" -> null - name = "/ecs/api-media/stage/CLOUDFLARE_IMAGE_ACCOUNT" -> null - overwrite = true -> null - tags = { - "name" = "CLOUDFLARE_IMAGE_ACCOUNT" } -> null - tags_all = { - "name" = "CLOUDFLARE_IMAGE_ACCOUNT" } -> null - tier = "Standard" -> null - type = "SecureString" -> null - value = (sensitive value) -> null - version = 2 -> null # (2 unchanged attributes hidden) } # module.stage.module.api-media.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-media/stage/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.stage.module.api-users.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place ~ resource "aws_ecs_service" "ecs_service" { id = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-stage/api-users-stage-service" name = "api-users-stage-service" tags = {} ~ task_definition = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-users-stage:31" -> (known after apply) # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.stage.module.api-users.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced +/- resource "aws_ecs_task_definition" "ecs_task_definition" { ~ arn = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-users-stage:31" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-users-stage" -> (known after apply) ~ container_definitions = jsonencode( [ - { - cpu = 512 - environment = [ - { - name = "NODE_ENV" - value = "production" }, ] - essential = true - image = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-users-stage:latest" - logConfiguration = { - logDriver = "awsfirelens" - options = { - Host = "http-intake.logs.datadoghq.com" - Name = "datadog" - TLS = "on" - compress = "gzip" - dd_service = "api-users" - dd_source = "nestjs" - dd_tags = "env:stage" - provider = "ecs" - retry_limit = "2" } - secretOptions = [ - { - name = "apikey" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] } - memory = 1024 - mountPoints = [] - name = "jfp-api-users-stage-app" - portMappings = [ - { - containerPort = 4002 - hostPort = 4002 - protocol = "tcp" }, ] - secrets = [ - { - name = "AWS_ACCESS_KEY_ID" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/AWS_ACCESS_KEY_ID" }, - { - name = "AWS_SECRET_ACCESS_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/AWS_SECRET_ACCESS_KEY" }, - { - name = "EXAMPLE_EMAIL_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/EXAMPLE_EMAIL_TOKEN" }, - { - name = "GOOGLE_APPLICATION_JSON" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/GOOGLE_APPLICATION_JSON" }, - { - name = "INTEROP_TOKEN" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/INTEROP_TOKEN" }, - { - name = "JOURNEYS_ADMIN_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/JOURNEYS_ADMIN_URL" }, - { - name = "NAT_ADDRESSES" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/NAT_ADDRESSES" }, - { - name = "PG_DATABASE_URL_USERS" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/PG_DATABASE_URL_USERS" }, - { - name = "REDIS_PORT" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/REDIS_PORT" }, - { - name = "REDIS_URL" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-users/stage/REDIS_URL" }, - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [ - { - name = "DD_APM_ENABLED" - value = "true" }, - { - name = "DD_APM_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC" - value = "true" }, - { - name = "DD_LOGS_INJECTION" - value = "true" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT" - value = "0.0.0.0:4317" }, - { - name = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT" - value = "0.0.0.0:4318" }, - { - name = "DD_PROCESS_AGENT_ENABLED" - value = "true" }, - { - name = "DD_PROFILING_ENABLED" - value = "true" }, - { - name = "DD_RUNTIME_METRICS_ENABLED" - value = "true" }, - { - name = "DD_TAGS" - value = "env:stage app:api-users" }, - { - name = "DD_TRACE_ANALYTICS_ENABLED" - value = "true" }, - { - name = "ECS_FARGATE" - value = "true" }, ] - essential = true - image = "public.ecr.aws/datadog/agent:latest" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-users-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 128 - mountPoints = [] - name = "jfp-api-users-stage-datadog-agent" - portMappings = [ - { - containerPort = 8125 - hostPort = 8125 - protocol = "udp" }, ] - secrets = [ - { - name = "DD_API_KEY" - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY" }, ] - systemControls = [] - volumesFrom = [] }, - { - cpu = 0 - environment = [] - essential = true - firelensConfiguration = { - options = { - config-file-type = "file" - config-file-value = "/fluent-bit/configs/parse-json.conf" - enable-ecs-log-metadata = "true" } - type = "fluentbit" } - image = "amazon/aws-for-fluent-bit:stable" - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "api-users-stage-logs" - awslogs-region = "us-east-2" - awslogs-stream-prefix = "core" } } - memoryReservation = 100 - mountPoints = [] - name = "jfp-api-users-stage-log-router" - portMappings = [] - systemControls = [] - user = "0" - volumesFrom = [] }, ] ) -> (known after apply) # forces replacement ~ id = "jfp-api-users-stage" -> (known after apply) ~ revision = 31 -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (10 unchanged attributes hidden) } # module.stage.module.api-users.module.ecs-task.aws_ssm_parameter.parameters["GATEWAY_HMAC_SECRET"] will be created + resource "aws_ssm_parameter" "parameters" { + arn = (known after apply) + data_type = (known after apply) + id = (known after apply) + insecure_value = (known after apply) + key_id = (known after apply) + name = "/ecs/api-users/stage/GATEWAY_HMAC_SECRET" + overwrite = true + tags = { + "name" = "GATEWAY_HMAC_SECRET" } + tags_all = { + "name" = "GATEWAY_HMAC_SECRET" } + tier = (known after apply) + type = "SecureString" + value = (sensitive value) + version = (known after apply) } Plan: 20 to add, 10 to change, 12 to destroy. ```

codecov[bot] commented 4 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 93.62%. Comparing base (48cbafc) to head (df7faf9). Report is 2 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #3595 +/- ## ========================================== + Coverage 90.98% 93.62% +2.63% ========================================== Files 120 308 +188 Lines 1243 5549 +4306 Branches 169 752 +583 ========================================== + Hits 1131 5195 +4064 - Misses 85 279 +194 - Partials 27 75 +48 ``` | [Flag](https://app.codecov.io/gh/JesusFilm/core/pull/3595/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm) | Coverage Δ | | |---|---|---| | [apps.api-analytics](https://app.codecov.io/gh/JesusFilm/core/pull/3595/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm) | `88.97% <100.00%> (?)` | | | [apps.api-journeys](https://app.codecov.io/gh/JesusFilm/core/pull/3595/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm) | `96.03% <ø> (?)` | | | [apps.api-languages](https://app.codecov.io/gh/JesusFilm/core/pull/3595/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm) | `86.71% <100.00%> (?)` | | | [apps.api-media](https://app.codecov.io/gh/JesusFilm/core/pull/3595/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm) | `90.99% <100.00%> (+<0.01%)` | :arrow_up: | | [apps.api-users](https://app.codecov.io/gh/JesusFilm/core/pull/3595/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm) | `82.87% <100.00%> (?)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JesusFilm#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

tataihono commented 4 months ago

atlantis plan

stage-branch-merger[bot] commented 4 months ago

I see you added the "on stage" label, I'll get this merged to the stage branch!

stage-branch-merger[bot] commented 4 months ago

Merge conflict attempting to merge this into stage. Please fix manually.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

infracost[bot] commented 4 months ago

💰 Infracost report

Monthly estimate generated

This comment will be updated when code changes.

jesus-film-bot commented 4 months ago

Ran Plan for dir: infrastructure workspace: default

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

jesus-film-bot commented 4 months ago

Locks and plans deleted for the projects and workspaces modified in this pull request: