search

SeaGL / seagl-terraform

Terraform used to maintain SeaGL's VMs, RDS database, DNS, etc.
GNU Affero General Public License v3.0
1 stars 2 forks source link

Provision Dokku instance #5

Closed strugee closed 2 years ago

strugee commented 2 years ago

Here's the relevant section of plan (since plan is pretty dirty right now):

  # aws_instance.dokku will be created
  + resource "aws_instance" "dokku" {
      + ami                                  = "ami-036d46416a34a611c"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = true
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t3.small"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "AJ bootstrap key"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Name" = "dokku"
        }
      + tags_all                             = {
          + "Name" = "dokku"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (known after apply)
      + user_data_base64                     = (known after apply)
      + vpc_security_group_ids               = [
          + "sg-0e719b49f7d4d7f08",
        ]

      + capacity_reservation_specification {
          + capacity_reservation_preference = (known after apply)

          + capacity_reservation_target {
              + capacity_reservation_id = (known after apply)
            }
        }

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + tags                  = (known after apply)
          + throughput            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + enclave_options {
          + enabled = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = (known after apply)
          + http_put_response_hop_limit = (known after apply)
          + http_tokens                 = (known after apply)
          + instance_metadata_tags      = (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + tags                  = (known after apply)
          + throughput            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }
    }
github-actions[bot] commented 2 years ago

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Plan 📖success

Terraform Validation 🤖success

Show Plan ``` terraform random_password.osem_db_master_pass: Refreshing state... [id=none] aws_route53_record.route_53_root_txt: Refreshing state... [id=Z0173878287JIU5M4KB8R__TXT] aws_ses_email_identity.email: Refreshing state... [id=sre@seagl.org] aws_route53_record.route_53_dmarc_txt: Refreshing state... [id=Z0173878287JIU5M4KB8R__dmarc.seagl.org_TXT] data.aws_vpc.vpc: Reading... aws_ses_domain_identity.seagl: Refreshing state... [id=seagl.org] aws_ses_domain_identity.email_domain_identity: Refreshing state... [id=seagl.org] aws_s3_bucket.state: Refreshing state... [id=seagl-terraform] aws_db_subnet_group.osem: Refreshing state... [id=osem] aws_route53_record.seagl_amazonses_verification_record: Refreshing state... [id=Z0173878287JIU5M4KB8R__amazonses.seagl.org_TXT] aws_ses_domain_dkim.email_dkim: Refreshing state... [id=seagl.org] aws_route53_record.email_dkim_records[0]: Refreshing state... [id=Z0173878287JIU5M4KB8R_nldzqxeyq5fyslu3tzvj4ltbwbexupuj._domainkey.seagl.org_CNAME] aws_route53_record.email_dkim_records[2]: Refreshing state... [id=Z0173878287JIU5M4KB8R_o7o3tsrrlwgkmmx3a7f5njkrvi75woso._domainkey.seagl.org_CNAME] aws_route53_record.email_dkim_records[1]: Refreshing state... [id=Z0173878287JIU5M4KB8R_zjerfwsrr5wpwp5p5klnsrrzp6ralpcp._domainkey.seagl.org_CNAME] data.aws_vpc.vpc: Read complete after 2s [id=vpc-231ecb46] aws_security_group.osem_rds_security_group: Refreshing state... [id=sg-006c493d98f3c7f1a] aws_security_group_rule.private_out: Refreshing state... [id=sgrule-1612436969] aws_security_group_rule.private_in: Refreshing state... [id=sgrule-3182957500] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # aws_db_instance.osem will be created + resource "aws_db_instance" "osem" { + address = (known after apply) + allocated_storage = 30 + apply_immediately = (known after apply) + arn = (known after apply) + auto_minor_version_upgrade = true + availability_zone = (known after apply) + backup_retention_period = 7 + backup_window = (known after apply) + ca_cert_identifier = (known after apply) + character_set_name = (known after apply) + copy_tags_to_snapshot = false + db_subnet_group_name = "osem" + delete_automated_backups = true + endpoint = (known after apply) + engine = "mariadb" + engine_version = "10.6.7" + engine_version_actual = (known after apply) + hosted_zone_id = (known after apply) + id = (known after apply) + identifier = (known after apply) + identifier_prefix = (known after apply) + instance_class = "db.m5.large" + kms_key_id = (known after apply) + latest_restorable_time = (known after apply) + license_model = (known after apply) + maintenance_window = (known after apply) + max_allocated_storage = 100 + monitoring_interval = 0 + monitoring_role_arn = (known after apply) + multi_az = (known after apply) + name = "osem" + nchar_character_set_name = (known after apply) + option_group_name = (known after apply) + parameter_group_name = "default.mariadb10.6" + password = (sensitive value) + performance_insights_enabled = false + performance_insights_kms_key_id = (known after apply) + performance_insights_retention_period = (known after apply) + port = (known after apply) + publicly_accessible = false + replicas = (known after apply) + resource_id = (known after apply) + skip_final_snapshot = true + snapshot_identifier = (known after apply) + status = (known after apply) + storage_encrypted = true + storage_type = (known after apply) + tags_all = (known after apply) + timezone = (known after apply) + username = "osem" + vpc_security_group_ids = [ + "sg-006c493d98f3c7f1a", ] } # aws_instance.dokku will be created + resource "aws_instance" "dokku" { + ami = "ami-036d46416a34a611c" + arn = (known after apply) + associate_public_ip_address = true + availability_zone = (known after apply) + cpu_core_count = (known after apply) + cpu_threads_per_core = (known after apply) + disable_api_termination = (known after apply) + ebs_optimized = (known after apply) + get_password_data = false + host_id = (known after apply) + id = (known after apply) + instance_initiated_shutdown_behavior = (known after apply) + instance_state = (known after apply) + instance_type = "t3.small" + ipv6_address_count = (known after apply) + ipv6_addresses = (known after apply) + key_name = "AJ bootstrap key" + monitoring = (known after apply) + outpost_arn = (known after apply) + password_data = (known after apply) + placement_group = (known after apply) + placement_partition_number = (known after apply) + primary_network_interface_id = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + secondary_private_ips = (known after apply) + security_groups = (known after apply) + source_dest_check = true + subnet_id = (known after apply) + tags = { + "Name" = "dokku" } + tags_all = { + "Name" = "dokku" } + tenancy = (known after apply) + user_data = (known after apply) + user_data_base64 = (known after apply) + vpc_security_group_ids = [ + "sg-0e719b49f7d4d7f08", ] + capacity_reservation_specification { + capacity_reservation_preference = (known after apply) + capacity_reservation_target { + capacity_reservation_id = (known after apply) } } + ebs_block_device { + delete_on_termination = (known after apply) + device_name = (known after apply) + encrypted = (known after apply) + iops = (known after apply) + kms_key_id = (known after apply) + snapshot_id = (known after apply) + tags = (known after apply) + throughput = (known after apply) + volume_id = (known after apply) + volume_size = (known after apply) + volume_type = (known after apply) } + enclave_options { + enabled = (known after apply) } + ephemeral_block_device { + device_name = (known after apply) + no_device = (known after apply) + virtual_name = (known after apply) } + metadata_options { + http_endpoint = (known after apply) + http_put_response_hop_limit = (known after apply) + http_tokens = (known after apply) + instance_metadata_tags = (known after apply) } + network_interface { + delete_on_termination = (known after apply) + device_index = (known after apply) + network_interface_id = (known after apply) } + root_block_device { + delete_on_termination = (known after apply) + device_name = (known after apply) + encrypted = (known after apply) + iops = (known after apply) + kms_key_id = (known after apply) + tags = (known after apply) + throughput = (known after apply) + volume_id = (known after apply) + volume_size = (known after apply) + volume_type = (known after apply) } } # aws_s3_bucket.state will be updated in-place ~ resource "aws_s3_bucket" "state" { id = "seagl-terraform" tags = {} # (11 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null } } } # (1 unchanged block hidden) } # aws_s3_bucket_acl.state will be created + resource "aws_s3_bucket_acl" "state" { + acl = "private" + bucket = "seagl-terraform" + id = (known after apply) + access_control_policy { + grant { + permission = (known after apply) + grantee { + display_name = (known after apply) + email_address = (known after apply) + id = (known after apply) + type = (known after apply) + uri = (known after apply) } } + owner { + display_name = (known after apply) + id = (known after apply) } } } # aws_s3_bucket_public_access_block.state will be created + resource "aws_s3_bucket_public_access_block" "state" { + block_public_acls = true + block_public_policy = true + bucket = "seagl-terraform" + id = (known after apply) + ignore_public_acls = true + restrict_public_buckets = true } # aws_s3_bucket_versioning.state will be created + resource "aws_s3_bucket_versioning" "state" { + bucket = "seagl-terraform" + id = (known after apply) + versioning_configuration { + mfa_delete = (known after apply) + status = "Enabled" } } # aws_secretsmanager_secret.osem-db-pass will be created + resource "aws_secretsmanager_secret" "osem-db-pass" { + arn = (known after apply) + force_overwrite_replica_secret = false + id = (known after apply) + name = "db-pass-osem" + name_prefix = (known after apply) + policy = (known after apply) + recovery_window_in_days = 30 + rotation_enabled = (known after apply) + rotation_lambda_arn = (known after apply) + tags_all = (known after apply) + replica { + kms_key_id = (known after apply) + last_accessed_date = (known after apply) + region = (known after apply) + status = (known after apply) + status_message = (known after apply) } + rotation_rules { + automatically_after_days = (known after apply) } } # aws_secretsmanager_secret_version.osem-db-pass-val will be created + resource "aws_secretsmanager_secret_version" "osem-db-pass-val" { + arn = (known after apply) + id = (known after apply) + secret_id = (known after apply) + secret_string = (sensitive value) + version_id = (known after apply) + version_stages = (known after apply) } Plan: 7 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ```

Pushed by: @strugee, Action: pull_request