issues
search
bcgov
/
ets-cpf-ea-onboarding
Apache License 2.0
0
stars
1
forks
source link
Update license plate
#3
Closed
ashtonmeuser
closed
3 years ago
github-actions[bot]
commented
3 years ago
Terraform Plan: ✅
Show
```terraform [command]/home/runner/work/_temp/a9705098-892e-4e89-a2de-99d30dcf0980/terraform-bin plan Running plan in the remote backend. Output will stream here. Pressing Ctrl-C will stop streaming the logs, but will not stop the plan running remotely. Preparing the remote plan... To view this run in a browser, visit: https://app.terraform.io/app/bcgov/klwrig-dev/runs/run-sjNVzQj8ZoHCvxLR Waiting for the plan to start... Terraform v0.14.4 Configuring remote state backend... Initializing Terraform configuration... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_alb.main will be created + resource "aws_alb" "main" { + arn = (known after apply) + arn_suffix = (known after apply) + dns_name = (known after apply) + drop_invalid_header_fields = false + enable_deletion_protection = false + enable_http2 = true + id = (known after apply) + idle_timeout = 60 + internal = true + ip_address_type = (known after apply) + load_balancer_type = "application" + name = "sample-load-balancer" + security_groups = (known after apply) + subnets = [ + "subnet-0077fd92d83bfff33", + "subnet-089c577af80110363", ] + tags = { + "Application" = "Startup Sample" } + vpc_id = (known after apply) + zone_id = (known after apply) + subnet_mapping { + allocation_id = (known after apply) + outpost_id = (known after apply) + private_ipv4_address = (known after apply) + subnet_id = (known after apply) } } # aws_alb_listener.front_end will be created + resource "aws_alb_listener" "front_end" { + arn = (known after apply) + certificate_arn = "arn:aws:acm:ca-central-1:560234080437:certificate/9b3bc8d6-c71f-4e14-8f2e-3889f734b7da" + id = (known after apply) + load_balancer_arn = (known after apply) + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + default_action { + order = (known after apply) + target_group_arn = (known after apply) + type = "forward" } } # aws_alb_target_group.app will be created + resource "aws_alb_target_group" "app" { + arn = (known after apply) + arn_suffix = (known after apply) + deregistration_delay = 30 + id = (known after apply) + lambda_multi_value_headers_enabled = false + load_balancing_algorithm_type = (known after apply) + name = "sample-target-group" + port = 80 + protocol = "HTTP" + proxy_protocol_v2 = false + slow_start = 0 + tags = { + "Application" = "Startup Sample" } + target_type = "ip" + vpc_id = "vpc-018906cab60cf165b" + health_check { + enabled = true + healthy_threshold = 2 + interval = 5 + matcher = "200" + path = "/" + port = "traffic-port" + protocol = "HTTP" + timeout = 3 + unhealthy_threshold = 2 } + stickiness { + cookie_duration = (known after apply) + enabled = (known after apply) + type = (known after apply) } } # aws_appautoscaling_policy.down[0] will be created + resource "aws_appautoscaling_policy" "down" { + arn = (known after apply) + id = (known after apply) + name = "sample_scale_down" + policy_type = "StepScaling" + resource_id = "service/sample-cluster/sample-service" + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + step_scaling_policy_configuration { + adjustment_type = "ChangeInCapacity" + cooldown = 60 + metric_aggregation_type = "Maximum" + step_adjustment { + metric_interval_upper_bound = "0" + scaling_adjustment = -1 } } } # aws_appautoscaling_policy.up[0] will be created + resource "aws_appautoscaling_policy" "up" { + arn = (known after apply) + id = (known after apply) + name = "sample_scale_up" + policy_type = "StepScaling" + resource_id = "service/sample-cluster/sample-service" + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + step_scaling_policy_configuration { + adjustment_type = "ChangeInCapacity" + cooldown = 60 + metric_aggregation_type = "Maximum" + step_adjustment { + metric_interval_lower_bound = "0" + scaling_adjustment = 1 } } } # aws_appautoscaling_target.target[0] will be created + resource "aws_appautoscaling_target" "target" { + id = (known after apply) + max_capacity = 6 + min_capacity = 1 + resource_id = "service/sample-cluster/sample-service" + role_arn = (known after apply) + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" } # aws_budgets_budget.cost will be created + resource "aws_budgets_budget" "cost" { + account_id = (known after apply) + budget_type = "COST" + cost_filters = { + "TagKeyValue" = "user:Project$Startup Sample" } + id = (known after apply) + limit_amount = "100.0" + limit_unit = "USD" + name = "startup-sample-monthly" + name_prefix = (known after apply) + time_period_end = "2087-06-15_00:00" + time_period_start = (known after apply) + time_unit = "MONTHLY" + cost_types { + include_credit = (known after apply) + include_discount = (known after apply) + include_other_subscription = (known after apply) + include_recurring = (known after apply) + include_refund = (known after apply) + include_subscription = (known after apply) + include_support = (known after apply) + include_tax = (known after apply) + include_upfront = (known after apply) + use_amortized = (known after apply) + use_blended = (known after apply) } + notification { + comparison_operator = "GREATER_THAN" + notification_type = "FORECASTED" + subscriber_email_addresses = [] + subscriber_sns_topic_arns = (known after apply) + threshold = 75 + threshold_type = "PERCENTAGE" } } # aws_cloudwatch_metric_alarm.service_cpu_high[0] will be created + resource "aws_cloudwatch_metric_alarm" "service_cpu_high" { + actions_enabled = true + alarm_actions = (known after apply) + alarm_name = "sample_cpu_utilization_high" + arn = (known after apply) + comparison_operator = "GreaterThanOrEqualToThreshold" + dimensions = { + "ClusterName" = "sample-cluster" + "ServiceName" = "sample-service" } + evaluate_low_sample_count_percentiles = (known after apply) + evaluation_periods = 2 + id = (known after apply) + metric_name = "CPUUtilization" + namespace = "AWS/ECS" + period = 60 + statistic = "Average" + tags = { + "Application" = "Startup Sample" } + threshold = 85 + treat_missing_data = "missing" } # aws_cloudwatch_metric_alarm.service_cpu_low[0] will be created + resource "aws_cloudwatch_metric_alarm" "service_cpu_low" { + actions_enabled = true + alarm_actions = (known after apply) + alarm_name = "sample_cpu_utilization_low" + arn = (known after apply) + comparison_operator = "LessThanOrEqualToThreshold" + dimensions = { + "ClusterName" = "sample-cluster" + "ServiceName" = "sample-service" } + evaluate_low_sample_count_percentiles = (known after apply) + evaluation_periods = 2 + id = (known after apply) + metric_name = "CPUUtilization" + namespace = "AWS/ECS" + period = 60 + statistic = "Average" + tags = { + "Application" = "Startup Sample" } + threshold = 10 + treat_missing_data = "missing" } # aws_dynamodb_table.startup_sample_table will be created + resource "aws_dynamodb_table" "startup_sample_table" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "pid" + id = (known after apply) + name = "ssp-greetings" + range_key = "createdAt" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "Application" = "Startup Sample" } + write_capacity = 1 + attribute { + name = "createdAt" + type = "S" } + attribute { + name = "pid" + type = "S" } + point_in_time_recovery { + enabled = (known after apply) } + server_side_encryption { + enabled = (known after apply) + kms_key_arn = (known after apply) } } # aws_ecs_cluster.main will be created + resource "aws_ecs_cluster" "main" { + arn = (known after apply) + capacity_providers = [ + "FARGATE_SPOT", ] + id = (known after apply) + name = "sample-cluster" + tags = { + "Application" = "Startup Sample" } + default_capacity_provider_strategy { + capacity_provider = "FARGATE_SPOT" + weight = 100 } + setting { + name = (known after apply) + value = (known after apply) } } # aws_ecs_service.main[0] will be created + resource "aws_ecs_service" "main" { + cluster = (known after apply) + deployment_maximum_percent = 200 + deployment_minimum_healthy_percent = 100 + desired_count = 2 + enable_ecs_managed_tags = true + health_check_grace_period_seconds = 60 + iam_role = (known after apply) + id = (known after apply) + launch_type = (known after apply) + name = "sample-service" + platform_version = (known after apply) + propagate_tags = "TASK_DEFINITION" + scheduling_strategy = "REPLICA" + tags = { + "Application" = "Startup Sample" } + task_definition = (known after apply) + wait_for_steady_state = true + capacity_provider_strategy { + capacity_provider = "FARGATE_SPOT" + weight = 100 } + load_balancer { + container_name = "sample-client-app" + container_port = 80 + target_group_arn = (known after apply) } + network_configuration { + assign_public_ip = false + security_groups = (known after apply) + subnets = [ + "subnet-048e25be105ae01d3", + "subnet-0896ff158c3ecdc53", ] } } # aws_ecs_task_definition.app[0] will be created + resource "aws_ecs_task_definition" "app" { + arn = (known after apply) + container_definitions = jsonencode( [ + { + cpu = 512 + environment = [ + { + name = "AWS_REGION" + value = "ca-central-1" }, + { + name = "DB_NAME" + value = "ssp-greetings" }, ] + essential = true + image = "ghcr.io/bcgov/ets-cpf-ea-onboarding:86cc1fe275c00493dec5f0fd75088165480b8791" + logConfiguration = { + logDriver = "awslogs" + options = { + awslogs-create-group = "true" + awslogs-group = "/ecs/sample-app" + awslogs-region = "ca-central-1" + awslogs-stream-prefix = "ecs" } } + memory = 1024 + mountPoints = [] + name = "sample-client-app" + portMappings = [ + { + containerPort = 80 + hostPort = 80 + protocol = "tcp" }, ] + volumesFrom = [] }, ] ) + cpu = "512" + execution_role_arn = (known after apply) + family = "sample-app-task" + id = (known after apply) + memory = "1024" + network_mode = "awsvpc" + requires_compatibilities = [ + "FARGATE", ] + revision = (known after apply) + tags = { + "Application" = "Startup Sample" } + task_role_arn = (known after apply) } # aws_iam_role.ecs_task_execution_role will be created + resource "aws_iam_role" "ecs_task_execution_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ecs-tasks.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + max_session_duration = 3600 + name = "startupSampleEcsTaskExecutionRole" + path = "/" + tags = { + "Application" = "Startup Sample" } + unique_id = (known after apply) } # aws_iam_role.sample_app_container_role will be created + resource "aws_iam_role" "sample_app_container_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ecs-tasks.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + max_session_duration = 3600 + name = "sample_app_container_role" + path = "/" + tags = { + "Application" = "Startup Sample" } + unique_id = (known after apply) } # aws_iam_role_policy.ecs_task_execution_cwlogs will be created + resource "aws_iam_role_policy" "ecs_task_execution_cwlogs" { + id = (known after apply) + name = "ecs_task_execution_cwlogs" + policy = jsonencode( { + Statement = [ + { + Action = [ + "logs:CreateLogGroup", ] + Effect = "Allow" + Resource = [ + "arn:aws:logs:*:*:*", ] }, ] + Version = "2012-10-17" } ) + role = (known after apply) } # aws_iam_role_policy.sample_app_container_cwlogs will be created + resource "aws_iam_role_policy" "sample_app_container_cwlogs" { + id = (known after apply) + name = "sample_app_container_cwlogs" + policy = jsonencode( { + Statement = [ + { + Action = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", ] + Effect = "Allow" + Resource = [ + "arn:aws:logs:*:*:*", ] }, ] + Version = "2012-10-17" } ) + role = (known after apply) } # aws_iam_role_policy.sample_app_dynamodb will be created + resource "aws_iam_role_policy" "sample_app_dynamodb" { + id = (known after apply) + name = "sample_app_dynamodb" + policy = (known after apply) + role = (known after apply) } # aws_iam_role_policy_attachment.ecs_task_execution_role will be created + resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" + role = "startupSampleEcsTaskExecutionRole" } # aws_security_group.ecs_tasks will be created + resource "aws_security_group" "ecs_tasks" { + arn = (known after apply) + description = "allow inbound access from the ALB only" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [] + description = "" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = (known after apply) + self = false + to_port = 80 }, ] + name = "sample-ecs-tasks-security-group" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Application" = "Startup Sample" } + vpc_id = "vpc-018906cab60cf165b" } # aws_security_group.endpoints will be created + resource "aws_security_group" "endpoints" { + arn = (known after apply) + description = "allow inbound access" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 443 }, ] + name = "sample-endpoints-security-group" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Application" = "Startup Sample" } + vpc_id = "vpc-018906cab60cf165b" } # aws_security_group.lb will be created + resource "aws_security_group" "lb" { + arn = (known after apply) + description = "controls access to the ALB" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 443 }, + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 80 }, ] + name = "sample-load-balancer-security-group" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Application" = "Startup Sample" } + vpc_id = "vpc-018906cab60cf165b" } # aws_sns_topic.billing_alert_topic will be created + resource "aws_sns_topic" "billing_alert_topic" { + arn = (known after apply) + id = (known after apply) + name = "startup-sample-billing-alert-topic" + policy = (known after apply) } Plan: 23 to add, 0 to change, 0 to destroy. Changes to Outputs: + alb_hostname = (known after apply) + sns_topic = (known after apply) Warning: Version constraints inside provider configuration blocks are deprecated on main.tf line 3, in provider "aws": 3: version = "~> 3.11" Terraform 0.13 and earlier allowed provider version constraints inside the provider configuration block, but that is now deprecated and will be removed in a future version of Terraform. To silence this warning, move the provider version constraint into the required_providers block. ------------------------------------------------------------------------ Cost estimation: Waiting for cost estimate to complete... Resources: 4 of 6 estimated $17.920320000000000144/mo +$17.920320000000000144 ::debug::Terraform exited with code 0. ::debug::stdout: Running plan in the remote backend. Output will stream here. Pressing Ctrl-C%0Awill stop streaming the logs, but will not stop the plan running remotely.%0A%0APreparing the remote plan...%0A%0ATo view this run in a browser, visit:%0Ahttps://app.terraform.io/app/bcgov/klwrig-dev/runs/run-sjNVzQj8ZoHCvxLR%0A%0AWaiting for the plan to start...%0A%0ATerraform v0.14.4%0AConfiguring remote state backend...%0AInitializing Terraform configuration...%0A%0AAn execution plan has been generated and is shown below.%0AResource actions are indicated with the following symbols:%0A + create%0A%0ATerraform will perform the following actions:%0A%0A # aws_alb.main will be created%0A + resource "aws_alb" "main" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + dns_name = (known after apply)%0A + drop_invalid_header_fields = false%0A + enable_deletion_protection = false%0A + enable_http2 = true%0A + id = (known after apply)%0A + idle_timeout = 60%0A + internal = true%0A + ip_address_type = (known after apply)%0A + load_balancer_type = "application"%0A + name = "sample-load-balancer"%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-0077fd92d83bfff33",%0A + "subnet-089c577af80110363",%0A ]%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = (known after apply)%0A + zone_id = (known after apply)%0A%0A + subnet_mapping {%0A + allocation_id = (known after apply)%0A + outpost_id = (known after apply)%0A + private_ipv4_address = (known after apply)%0A + subnet_id = (known after apply)%0A }%0A }%0A%0A # aws_alb_listener.front_end will be created%0A + resource "aws_alb_listener" "front_end" {%0A + arn = (known after apply)%0A + certificate_arn = "arn:aws:acm:ca-central-1:560234080437:certificate/9b3bc8d6-c71f-4e14-8f2e-3889f734b7da"%0A + id = (known after apply)%0A + load_balancer_arn = (known after apply)%0A + port = 443%0A + protocol = "HTTPS"%0A + ssl_policy = "ELBSecurityPolicy-2016-08"%0A%0A + default_action {%0A + order = (known after apply)%0A + target_group_arn = (known after apply)%0A + type = "forward"%0A }%0A }%0A%0A # aws_alb_target_group.app will be created%0A + resource "aws_alb_target_group" "app" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + deregistration_delay = 30%0A + id = (known after apply)%0A + lambda_multi_value_headers_enabled = false%0A + load_balancing_algorithm_type = (known after apply)%0A + name = "sample-target-group"%0A + port = 80%0A + protocol = "HTTP"%0A + proxy_protocol_v2 = false%0A + slow_start = 0%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + target_type = "ip"%0A + vpc_id = "vpc-018906cab60cf165b"%0A%0A + health_check {%0A + enabled = true%0A + healthy_threshold = 2%0A + interval = 5%0A + matcher = "200"%0A + path = "/"%0A + port = "traffic-port"%0A + protocol = "HTTP"%0A + timeout = 3%0A + unhealthy_threshold = 2%0A }%0A%0A + stickiness {%0A + cookie_duration = (known after apply)%0A + enabled = (known after apply)%0A + type = (known after apply)%0A }%0A }%0A%0A # aws_appautoscaling_policy.down[0] will be created%0A + resource "aws_appautoscaling_policy" "down" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_down"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_upper_bound = "0"%0A + scaling_adjustment = -1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_policy.up[0] will be created%0A + resource "aws_appautoscaling_policy" "up" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_up"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_lower_bound = "0"%0A + scaling_adjustment = 1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_target.target[0] will be created%0A + resource "aws_appautoscaling_target" "target" {%0A + id = (known after apply)%0A + max_capacity = 6%0A + min_capacity = 1%0A + resource_id = "service/sample-cluster/sample-service"%0A + role_arn = (known after apply)%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A }%0A%0A # aws_budgets_budget.cost will be created%0A + resource "aws_budgets_budget" "cost" {%0A + account_id = (known after apply)%0A + budget_type = "COST"%0A + cost_filters = {%0A + "TagKeyValue" = "user:Project$Startup Sample"%0A }%0A + id = (known after apply)%0A + limit_amount = "100.0"%0A + limit_unit = "USD"%0A + name = "startup-sample-monthly"%0A + name_prefix = (known after apply)%0A + time_period_end = "2087-06-15_00:00"%0A + time_period_start = (known after apply)%0A + time_unit = "MONTHLY"%0A%0A + cost_types {%0A + include_credit = (known after apply)%0A + include_discount = (known after apply)%0A + include_other_subscription = (known after apply)%0A + include_recurring = (known after apply)%0A + include_refund = (known after apply)%0A + include_subscription = (known after apply)%0A + include_support = (known after apply)%0A + include_tax = (known after apply)%0A + include_upfront = (known after apply)%0A + use_amortized = (known after apply)%0A + use_blended = (known after apply)%0A }%0A%0A + notification {%0A + comparison_operator = "GREATER_THAN"%0A + notification_type = "FORECASTED"%0A + subscriber_email_addresses = []%0A + subscriber_sns_topic_arns = (known after apply)%0A + threshold = 75%0A + threshold_type = "PERCENTAGE"%0A }%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_high[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_high" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_high"%0A + arn = (known after apply)%0A + comparison_operator = "GreaterThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 85%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_low[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_low" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_low"%0A + arn = (known after apply)%0A + comparison_operator = "LessThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 10%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_dynamodb_table.startup_sample_table will be created%0A + resource "aws_dynamodb_table" "startup_sample_table" {%0A + arn = (known after apply)%0A + billing_mode = "PROVISIONED"%0A + hash_key = "pid"%0A + id = (known after apply)%0A + name = "ssp-greetings"%0A + range_key = "createdAt"%0A + read_capacity = 1%0A + stream_arn = (known after apply)%0A + stream_label = (known after apply)%0A + stream_view_type = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + write_capacity = 1%0A%0A + attribute {%0A + name = "createdAt"%0A + type = "S"%0A }%0A + attribute {%0A + name = "pid"%0A + type = "S"%0A }%0A%0A + point_in_time_recovery {%0A + enabled = (known after apply)%0A }%0A%0A + server_side_encryption {%0A + enabled = (known after apply)%0A + kms_key_arn = (known after apply)%0A }%0A }%0A%0A # aws_ecs_cluster.main will be created%0A + resource "aws_ecs_cluster" "main" {%0A + arn = (known after apply)%0A + capacity_providers = [%0A + "FARGATE_SPOT",%0A ]%0A + id = (known after apply)%0A + name = "sample-cluster"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A%0A + default_capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + setting {%0A + name = (known after apply)%0A + value = (known after apply)%0A }%0A }%0A%0A # aws_ecs_service.main[0] will be created%0A + resource "aws_ecs_service" "main" {%0A + cluster = (known after apply)%0A + deployment_maximum_percent = 200%0A + deployment_minimum_healthy_percent = 100%0A + desired_count = 2%0A + enable_ecs_managed_tags = true%0A + health_check_grace_period_seconds = 60%0A + iam_role = (known after apply)%0A + id = (known after apply)%0A + launch_type = (known after apply)%0A + name = "sample-service"%0A + platform_version = (known after apply)%0A + propagate_tags = "TASK_DEFINITION"%0A + scheduling_strategy = "REPLICA"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_definition = (known after apply)%0A + wait_for_steady_state = true%0A%0A + capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + load_balancer {%0A + container_name = "sample-client-app"%0A + container_port = 80%0A + target_group_arn = (known after apply)%0A }%0A%0A + network_configuration {%0A + assign_public_ip = false%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-048e25be105ae01d3",%0A + "subnet-0896ff158c3ecdc53",%0A ]%0A }%0A }%0A%0A # aws_ecs_task_definition.app[0] will be created%0A + resource "aws_ecs_task_definition" "app" {%0A + arn = (known after apply)%0A + container_definitions = jsonencode(%0A [%0A + {%0A + cpu = 512%0A + environment = [%0A + {%0A + name = "AWS_REGION"%0A + value = "ca-central-1"%0A },%0A + {%0A + name = "DB_NAME"%0A + value = "ssp-greetings"%0A },%0A ]%0A + essential = true%0A + image = "ghcr.io/bcgov/ets-cpf-ea-onboarding:86cc1fe275c00493dec5f0fd75088165480b8791"%0A + logConfiguration = {%0A + logDriver = "awslogs"%0A + options = {%0A + awslogs-create-group = "true"%0A + awslogs-group = "/ecs/sample-app"%0A + awslogs-region = "ca-central-1"%0A + awslogs-stream-prefix = "ecs"%0A }%0A }%0A + memory = 1024%0A + mountPoints = []%0A + name = "sample-client-app"%0A + portMappings = [%0A + {%0A + containerPort = 80%0A + hostPort = 80%0A + protocol = "tcp"%0A },%0A ]%0A + volumesFrom = []%0A },%0A ]%0A )%0A + cpu = "512"%0A + execution_role_arn = (known after apply)%0A + family = "sample-app-task"%0A + id = (known after apply)%0A + memory = "1024"%0A + network_mode = "awsvpc"%0A + requires_compatibilities = [%0A + "FARGATE",%0A ]%0A + revision = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_role_arn = (known after apply)%0A }%0A%0A # aws_iam_role.ecs_task_execution_role will be created%0A + resource "aws_iam_role" "ecs_task_execution_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "startupSampleEcsTaskExecutionRole"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role.sample_app_container_role will be created%0A + resource "aws_iam_role" "sample_app_container_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "sample_app_container_role"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role_policy.ecs_task_execution_cwlogs will be created%0A + resource "aws_iam_role_policy" "ecs_task_execution_cwlogs" {%0A + id = (known after apply)%0A + name = "ecs_task_execution_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_container_cwlogs will be created%0A + resource "aws_iam_role_policy" "sample_app_container_cwlogs" {%0A + id = (known after apply)%0A + name = "sample_app_container_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A + "logs:CreateLogStream",%0A + "logs:PutLogEvents",%0A + "logs:DescribeLogStreams",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_dynamodb will be created%0A + resource "aws_iam_role_policy" "sample_app_dynamodb" {%0A + id = (known after apply)%0A + name = "sample_app_dynamodb"%0A + policy = (known after apply)%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy_attachment.ecs_task_execution_role will be created%0A + resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" {%0A + id = (known after apply)%0A + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"%0A + role = "startupSampleEcsTaskExecutionRole"%0A }%0A%0A # aws_security_group.ecs_tasks will be created%0A + resource "aws_security_group" "ecs_tasks" {%0A + arn = (known after apply)%0A + description = "allow inbound access from the ALB only"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = []%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = (known after apply)%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-ecs-tasks-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.endpoints will be created%0A + resource "aws_security_group" "endpoints" {%0A + arn = (known after apply)%0A + description = "allow inbound access"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A ]%0A + name = "sample-endpoints-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.lb will be created%0A + resource "aws_security_group" "lb" {%0A + arn = (known after apply)%0A + description = "controls access to the ALB"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-load-balancer-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_sns_topic.billing_alert_topic will be created%0A + resource "aws_sns_topic" "billing_alert_topic" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "startup-sample-billing-alert-topic"%0A + policy = (known after apply)%0A }%0A%0APlan: 23 to add, 0 to change, 0 to destroy.%0A%0AChanges to Outputs:%0A + alb_hostname = (known after apply)%0A + sns_topic = (known after apply)%0A%0AWarning: Version constraints inside provider configuration blocks are deprecated%0A%0A on main.tf line 3, in provider "aws":%0A 3: version = "~> 3.11"%0A%0ATerraform 0.13 and earlier allowed provider version constraints inside the%0Aprovider configuration block, but that is now deprecated and will be removed%0Ain a future version of Terraform. To silence this warning, move the provider%0Aversion constraint into the required_providers block.%0A%0A%0A------------------------------------------------------------------------%0A%0ACost estimation:%0A%0AWaiting for cost estimate to complete...%0A%0AResources: 4 of 6 estimated%0A $17.920320000000000144/mo +$17.920320000000000144%0A ::debug::stderr: ::debug::exitcode: 0 ::set-output name=stdout::Running plan in the remote backend. Output will stream here. Pressing Ctrl-C%0Awill stop streaming the logs, but will not stop the plan running remotely.%0A%0APreparing the remote plan...%0A%0ATo view this run in a browser, visit:%0Ahttps://app.terraform.io/app/bcgov/klwrig-dev/runs/run-sjNVzQj8ZoHCvxLR%0A%0AWaiting for the plan to start...%0A%0ATerraform v0.14.4%0AConfiguring remote state backend...%0AInitializing Terraform configuration...%0A%0AAn execution plan has been generated and is shown below.%0AResource actions are indicated with the following symbols:%0A + create%0A%0ATerraform will perform the following actions:%0A%0A # aws_alb.main will be created%0A + resource "aws_alb" "main" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + dns_name = (known after apply)%0A + drop_invalid_header_fields = false%0A + enable_deletion_protection = false%0A + enable_http2 = true%0A + id = (known after apply)%0A + idle_timeout = 60%0A + internal = true%0A + ip_address_type = (known after apply)%0A + load_balancer_type = "application"%0A + name = "sample-load-balancer"%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-0077fd92d83bfff33",%0A + "subnet-089c577af80110363",%0A ]%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = (known after apply)%0A + zone_id = (known after apply)%0A%0A + subnet_mapping {%0A + allocation_id = (known after apply)%0A + outpost_id = (known after apply)%0A + private_ipv4_address = (known after apply)%0A + subnet_id = (known after apply)%0A }%0A }%0A%0A # aws_alb_listener.front_end will be created%0A + resource "aws_alb_listener" "front_end" {%0A + arn = (known after apply)%0A + certificate_arn = "arn:aws:acm:ca-central-1:560234080437:certificate/9b3bc8d6-c71f-4e14-8f2e-3889f734b7da"%0A + id = (known after apply)%0A + load_balancer_arn = (known after apply)%0A + port = 443%0A + protocol = "HTTPS"%0A + ssl_policy = "ELBSecurityPolicy-2016-08"%0A%0A + default_action {%0A + order = (known after apply)%0A + target_group_arn = (known after apply)%0A + type = "forward"%0A }%0A }%0A%0A # aws_alb_target_group.app will be created%0A + resource "aws_alb_target_group" "app" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + deregistration_delay = 30%0A + id = (known after apply)%0A + lambda_multi_value_headers_enabled = false%0A + load_balancing_algorithm_type = (known after apply)%0A + name = "sample-target-group"%0A + port = 80%0A + protocol = "HTTP"%0A + proxy_protocol_v2 = false%0A + slow_start = 0%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + target_type = "ip"%0A + vpc_id = "vpc-018906cab60cf165b"%0A%0A + health_check {%0A + enabled = true%0A + healthy_threshold = 2%0A + interval = 5%0A + matcher = "200"%0A + path = "/"%0A + port = "traffic-port"%0A + protocol = "HTTP"%0A + timeout = 3%0A + unhealthy_threshold = 2%0A }%0A%0A + stickiness {%0A + cookie_duration = (known after apply)%0A + enabled = (known after apply)%0A + type = (known after apply)%0A }%0A }%0A%0A # aws_appautoscaling_policy.down[0] will be created%0A + resource "aws_appautoscaling_policy" "down" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_down"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_upper_bound = "0"%0A + scaling_adjustment = -1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_policy.up[0] will be created%0A + resource "aws_appautoscaling_policy" "up" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_up"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_lower_bound = "0"%0A + scaling_adjustment = 1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_target.target[0] will be created%0A + resource "aws_appautoscaling_target" "target" {%0A + id = (known after apply)%0A + max_capacity = 6%0A + min_capacity = 1%0A + resource_id = "service/sample-cluster/sample-service"%0A + role_arn = (known after apply)%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A }%0A%0A # aws_budgets_budget.cost will be created%0A + resource "aws_budgets_budget" "cost" {%0A + account_id = (known after apply)%0A + budget_type = "COST"%0A + cost_filters = {%0A + "TagKeyValue" = "user:Project$Startup Sample"%0A }%0A + id = (known after apply)%0A + limit_amount = "100.0"%0A + limit_unit = "USD"%0A + name = "startup-sample-monthly"%0A + name_prefix = (known after apply)%0A + time_period_end = "2087-06-15_00:00"%0A + time_period_start = (known after apply)%0A + time_unit = "MONTHLY"%0A%0A + cost_types {%0A + include_credit = (known after apply)%0A + include_discount = (known after apply)%0A + include_other_subscription = (known after apply)%0A + include_recurring = (known after apply)%0A + include_refund = (known after apply)%0A + include_subscription = (known after apply)%0A + include_support = (known after apply)%0A + include_tax = (known after apply)%0A + include_upfront = (known after apply)%0A + use_amortized = (known after apply)%0A + use_blended = (known after apply)%0A }%0A%0A + notification {%0A + comparison_operator = "GREATER_THAN"%0A + notification_type = "FORECASTED"%0A + subscriber_email_addresses = []%0A + subscriber_sns_topic_arns = (known after apply)%0A + threshold = 75%0A + threshold_type = "PERCENTAGE"%0A }%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_high[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_high" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_high"%0A + arn = (known after apply)%0A + comparison_operator = "GreaterThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 85%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_low[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_low" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_low"%0A + arn = (known after apply)%0A + comparison_operator = "LessThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 10%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_dynamodb_table.startup_sample_table will be created%0A + resource "aws_dynamodb_table" "startup_sample_table" {%0A + arn = (known after apply)%0A + billing_mode = "PROVISIONED"%0A + hash_key = "pid"%0A + id = (known after apply)%0A + name = "ssp-greetings"%0A + range_key = "createdAt"%0A + read_capacity = 1%0A + stream_arn = (known after apply)%0A + stream_label = (known after apply)%0A + stream_view_type = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + write_capacity = 1%0A%0A + attribute {%0A + name = "createdAt"%0A + type = "S"%0A }%0A + attribute {%0A + name = "pid"%0A + type = "S"%0A }%0A%0A + point_in_time_recovery {%0A + enabled = (known after apply)%0A }%0A%0A + server_side_encryption {%0A + enabled = (known after apply)%0A + kms_key_arn = (known after apply)%0A }%0A }%0A%0A # aws_ecs_cluster.main will be created%0A + resource "aws_ecs_cluster" "main" {%0A + arn = (known after apply)%0A + capacity_providers = [%0A + "FARGATE_SPOT",%0A ]%0A + id = (known after apply)%0A + name = "sample-cluster"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A%0A + default_capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + setting {%0A + name = (known after apply)%0A + value = (known after apply)%0A }%0A }%0A%0A # aws_ecs_service.main[0] will be created%0A + resource "aws_ecs_service" "main" {%0A + cluster = (known after apply)%0A + deployment_maximum_percent = 200%0A + deployment_minimum_healthy_percent = 100%0A + desired_count = 2%0A + enable_ecs_managed_tags = true%0A + health_check_grace_period_seconds = 60%0A + iam_role = (known after apply)%0A + id = (known after apply)%0A + launch_type = (known after apply)%0A + name = "sample-service"%0A + platform_version = (known after apply)%0A + propagate_tags = "TASK_DEFINITION"%0A + scheduling_strategy = "REPLICA"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_definition = (known after apply)%0A + wait_for_steady_state = true%0A%0A + capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + load_balancer {%0A + container_name = "sample-client-app"%0A + container_port = 80%0A + target_group_arn = (known after apply)%0A }%0A%0A + network_configuration {%0A + assign_public_ip = false%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-048e25be105ae01d3",%0A + "subnet-0896ff158c3ecdc53",%0A ]%0A }%0A }%0A%0A # aws_ecs_task_definition.app[0] will be created%0A + resource "aws_ecs_task_definition" "app" {%0A + arn = (known after apply)%0A + container_definitions = jsonencode(%0A [%0A + {%0A + cpu = 512%0A + environment = [%0A + {%0A + name = "AWS_REGION"%0A + value = "ca-central-1"%0A },%0A + {%0A + name = "DB_NAME"%0A + value = "ssp-greetings"%0A },%0A ]%0A + essential = true%0A + image = "ghcr.io/bcgov/ets-cpf-ea-onboarding:86cc1fe275c00493dec5f0fd75088165480b8791"%0A + logConfiguration = {%0A + logDriver = "awslogs"%0A + options = {%0A + awslogs-create-group = "true"%0A + awslogs-group = "/ecs/sample-app"%0A + awslogs-region = "ca-central-1"%0A + awslogs-stream-prefix = "ecs"%0A }%0A }%0A + memory = 1024%0A + mountPoints = []%0A + name = "sample-client-app"%0A + portMappings = [%0A + {%0A + containerPort = 80%0A + hostPort = 80%0A + protocol = "tcp"%0A },%0A ]%0A + volumesFrom = []%0A },%0A ]%0A )%0A + cpu = "512"%0A + execution_role_arn = (known after apply)%0A + family = "sample-app-task"%0A + id = (known after apply)%0A + memory = "1024"%0A + network_mode = "awsvpc"%0A + requires_compatibilities = [%0A + "FARGATE",%0A ]%0A + revision = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_role_arn = (known after apply)%0A }%0A%0A # aws_iam_role.ecs_task_execution_role will be created%0A + resource "aws_iam_role" "ecs_task_execution_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "startupSampleEcsTaskExecutionRole"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role.sample_app_container_role will be created%0A + resource "aws_iam_role" "sample_app_container_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "sample_app_container_role"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role_policy.ecs_task_execution_cwlogs will be created%0A + resource "aws_iam_role_policy" "ecs_task_execution_cwlogs" {%0A + id = (known after apply)%0A + name = "ecs_task_execution_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_container_cwlogs will be created%0A + resource "aws_iam_role_policy" "sample_app_container_cwlogs" {%0A + id = (known after apply)%0A + name = "sample_app_container_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A + "logs:CreateLogStream",%0A + "logs:PutLogEvents",%0A + "logs:DescribeLogStreams",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_dynamodb will be created%0A + resource "aws_iam_role_policy" "sample_app_dynamodb" {%0A + id = (known after apply)%0A + name = "sample_app_dynamodb"%0A + policy = (known after apply)%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy_attachment.ecs_task_execution_role will be created%0A + resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" {%0A + id = (known after apply)%0A + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"%0A + role = "startupSampleEcsTaskExecutionRole"%0A }%0A%0A # aws_security_group.ecs_tasks will be created%0A + resource "aws_security_group" "ecs_tasks" {%0A + arn = (known after apply)%0A + description = "allow inbound access from the ALB only"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = []%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = (known after apply)%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-ecs-tasks-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.endpoints will be created%0A + resource "aws_security_group" "endpoints" {%0A + arn = (known after apply)%0A + description = "allow inbound access"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A ]%0A + name = "sample-endpoints-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.lb will be created%0A + resource "aws_security_group" "lb" {%0A + arn = (known after apply)%0A + description = "controls access to the ALB"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-load-balancer-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_sns_topic.billing_alert_topic will be created%0A + resource "aws_sns_topic" "billing_alert_topic" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "startup-sample-billing-alert-topic"%0A + policy = (known after apply)%0A }%0A%0APlan: 23 to add, 0 to change, 0 to destroy.%0A%0AChanges to Outputs:%0A + alb_hostname = (known after apply)%0A + sns_topic = (known after apply)%0A%0AWarning: Version constraints inside provider configuration blocks are deprecated%0A%0A on main.tf line 3, in provider "aws":%0A 3: version = "~> 3.11"%0A%0ATerraform 0.13 and earlier allowed provider version constraints inside the%0Aprovider configuration block, but that is now deprecated and will be removed%0Ain a future version of Terraform. To silence this warning, move the provider%0Aversion constraint into the required_providers block.%0A%0A%0A------------------------------------------------------------------------%0A%0ACost estimation:%0A%0AWaiting for cost estimate to complete...%0A%0AResources: 4 of 6 estimated%0A $17.920320000000000144/mo +$17.920320000000000144%0A ::set-output name=stderr:: ::set-output name=exitcode::0 ```
Pusher:
@ashtonmeuser,
Action:
Terraform Plan: #1
Terraform Plan: ✅
Show
```terraform [command]/home/runner/work/_temp/a9705098-892e-4e89-a2de-99d30dcf0980/terraform-bin plan Running plan in the remote backend. Output will stream here. Pressing Ctrl-C will stop streaming the logs, but will not stop the plan running remotely. Preparing the remote plan... To view this run in a browser, visit: https://app.terraform.io/app/bcgov/klwrig-dev/runs/run-sjNVzQj8ZoHCvxLR Waiting for the plan to start... Terraform v0.14.4 Configuring remote state backend... Initializing Terraform configuration... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_alb.main will be created + resource "aws_alb" "main" { + arn = (known after apply) + arn_suffix = (known after apply) + dns_name = (known after apply) + drop_invalid_header_fields = false + enable_deletion_protection = false + enable_http2 = true + id = (known after apply) + idle_timeout = 60 + internal = true + ip_address_type = (known after apply) + load_balancer_type = "application" + name = "sample-load-balancer" + security_groups = (known after apply) + subnets = [ + "subnet-0077fd92d83bfff33", + "subnet-089c577af80110363", ] + tags = { + "Application" = "Startup Sample" } + vpc_id = (known after apply) + zone_id = (known after apply) + subnet_mapping { + allocation_id = (known after apply) + outpost_id = (known after apply) + private_ipv4_address = (known after apply) + subnet_id = (known after apply) } } # aws_alb_listener.front_end will be created + resource "aws_alb_listener" "front_end" { + arn = (known after apply) + certificate_arn = "arn:aws:acm:ca-central-1:560234080437:certificate/9b3bc8d6-c71f-4e14-8f2e-3889f734b7da" + id = (known after apply) + load_balancer_arn = (known after apply) + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + default_action { + order = (known after apply) + target_group_arn = (known after apply) + type = "forward" } } # aws_alb_target_group.app will be created + resource "aws_alb_target_group" "app" { + arn = (known after apply) + arn_suffix = (known after apply) + deregistration_delay = 30 + id = (known after apply) + lambda_multi_value_headers_enabled = false + load_balancing_algorithm_type = (known after apply) + name = "sample-target-group" + port = 80 + protocol = "HTTP" + proxy_protocol_v2 = false + slow_start = 0 + tags = { + "Application" = "Startup Sample" } + target_type = "ip" + vpc_id = "vpc-018906cab60cf165b" + health_check { + enabled = true + healthy_threshold = 2 + interval = 5 + matcher = "200" + path = "/" + port = "traffic-port" + protocol = "HTTP" + timeout = 3 + unhealthy_threshold = 2 } + stickiness { + cookie_duration = (known after apply) + enabled = (known after apply) + type = (known after apply) } } # aws_appautoscaling_policy.down[0] will be created + resource "aws_appautoscaling_policy" "down" { + arn = (known after apply) + id = (known after apply) + name = "sample_scale_down" + policy_type = "StepScaling" + resource_id = "service/sample-cluster/sample-service" + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + step_scaling_policy_configuration { + adjustment_type = "ChangeInCapacity" + cooldown = 60 + metric_aggregation_type = "Maximum" + step_adjustment { + metric_interval_upper_bound = "0" + scaling_adjustment = -1 } } } # aws_appautoscaling_policy.up[0] will be created + resource "aws_appautoscaling_policy" "up" { + arn = (known after apply) + id = (known after apply) + name = "sample_scale_up" + policy_type = "StepScaling" + resource_id = "service/sample-cluster/sample-service" + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + step_scaling_policy_configuration { + adjustment_type = "ChangeInCapacity" + cooldown = 60 + metric_aggregation_type = "Maximum" + step_adjustment { + metric_interval_lower_bound = "0" + scaling_adjustment = 1 } } } # aws_appautoscaling_target.target[0] will be created + resource "aws_appautoscaling_target" "target" { + id = (known after apply) + max_capacity = 6 + min_capacity = 1 + resource_id = "service/sample-cluster/sample-service" + role_arn = (known after apply) + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" } # aws_budgets_budget.cost will be created + resource "aws_budgets_budget" "cost" { + account_id = (known after apply) + budget_type = "COST" + cost_filters = { + "TagKeyValue" = "user:Project$Startup Sample" } + id = (known after apply) + limit_amount = "100.0" + limit_unit = "USD" + name = "startup-sample-monthly" + name_prefix = (known after apply) + time_period_end = "2087-06-15_00:00" + time_period_start = (known after apply) + time_unit = "MONTHLY" + cost_types { + include_credit = (known after apply) + include_discount = (known after apply) + include_other_subscription = (known after apply) + include_recurring = (known after apply) + include_refund = (known after apply) + include_subscription = (known after apply) + include_support = (known after apply) + include_tax = (known after apply) + include_upfront = (known after apply) + use_amortized = (known after apply) + use_blended = (known after apply) } + notification { + comparison_operator = "GREATER_THAN" + notification_type = "FORECASTED" + subscriber_email_addresses = [] + subscriber_sns_topic_arns = (known after apply) + threshold = 75 + threshold_type = "PERCENTAGE" } } # aws_cloudwatch_metric_alarm.service_cpu_high[0] will be created + resource "aws_cloudwatch_metric_alarm" "service_cpu_high" { + actions_enabled = true + alarm_actions = (known after apply) + alarm_name = "sample_cpu_utilization_high" + arn = (known after apply) + comparison_operator = "GreaterThanOrEqualToThreshold" + dimensions = { + "ClusterName" = "sample-cluster" + "ServiceName" = "sample-service" } + evaluate_low_sample_count_percentiles = (known after apply) + evaluation_periods = 2 + id = (known after apply) + metric_name = "CPUUtilization" + namespace = "AWS/ECS" + period = 60 + statistic = "Average" + tags = { + "Application" = "Startup Sample" } + threshold = 85 + treat_missing_data = "missing" } # aws_cloudwatch_metric_alarm.service_cpu_low[0] will be created + resource "aws_cloudwatch_metric_alarm" "service_cpu_low" { + actions_enabled = true + alarm_actions = (known after apply) + alarm_name = "sample_cpu_utilization_low" + arn = (known after apply) + comparison_operator = "LessThanOrEqualToThreshold" + dimensions = { + "ClusterName" = "sample-cluster" + "ServiceName" = "sample-service" } + evaluate_low_sample_count_percentiles = (known after apply) + evaluation_periods = 2 + id = (known after apply) + metric_name = "CPUUtilization" + namespace = "AWS/ECS" + period = 60 + statistic = "Average" + tags = { + "Application" = "Startup Sample" } + threshold = 10 + treat_missing_data = "missing" } # aws_dynamodb_table.startup_sample_table will be created + resource "aws_dynamodb_table" "startup_sample_table" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "pid" + id = (known after apply) + name = "ssp-greetings" + range_key = "createdAt" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "Application" = "Startup Sample" } + write_capacity = 1 + attribute { + name = "createdAt" + type = "S" } + attribute { + name = "pid" + type = "S" } + point_in_time_recovery { + enabled = (known after apply) } + server_side_encryption { + enabled = (known after apply) + kms_key_arn = (known after apply) } } # aws_ecs_cluster.main will be created + resource "aws_ecs_cluster" "main" { + arn = (known after apply) + capacity_providers = [ + "FARGATE_SPOT", ] + id = (known after apply) + name = "sample-cluster" + tags = { + "Application" = "Startup Sample" } + default_capacity_provider_strategy { + capacity_provider = "FARGATE_SPOT" + weight = 100 } + setting { + name = (known after apply) + value = (known after apply) } } # aws_ecs_service.main[0] will be created + resource "aws_ecs_service" "main" { + cluster = (known after apply) + deployment_maximum_percent = 200 + deployment_minimum_healthy_percent = 100 + desired_count = 2 + enable_ecs_managed_tags = true + health_check_grace_period_seconds = 60 + iam_role = (known after apply) + id = (known after apply) + launch_type = (known after apply) + name = "sample-service" + platform_version = (known after apply) + propagate_tags = "TASK_DEFINITION" + scheduling_strategy = "REPLICA" + tags = { + "Application" = "Startup Sample" } + task_definition = (known after apply) + wait_for_steady_state = true + capacity_provider_strategy { + capacity_provider = "FARGATE_SPOT" + weight = 100 } + load_balancer { + container_name = "sample-client-app" + container_port = 80 + target_group_arn = (known after apply) } + network_configuration { + assign_public_ip = false + security_groups = (known after apply) + subnets = [ + "subnet-048e25be105ae01d3", + "subnet-0896ff158c3ecdc53", ] } } # aws_ecs_task_definition.app[0] will be created + resource "aws_ecs_task_definition" "app" { + arn = (known after apply) + container_definitions = jsonencode( [ + { + cpu = 512 + environment = [ + { + name = "AWS_REGION" + value = "ca-central-1" }, + { + name = "DB_NAME" + value = "ssp-greetings" }, ] + essential = true + image = "ghcr.io/bcgov/ets-cpf-ea-onboarding:86cc1fe275c00493dec5f0fd75088165480b8791" + logConfiguration = { + logDriver = "awslogs" + options = { + awslogs-create-group = "true" + awslogs-group = "/ecs/sample-app" + awslogs-region = "ca-central-1" + awslogs-stream-prefix = "ecs" } } + memory = 1024 + mountPoints = [] + name = "sample-client-app" + portMappings = [ + { + containerPort = 80 + hostPort = 80 + protocol = "tcp" }, ] + volumesFrom = [] }, ] ) + cpu = "512" + execution_role_arn = (known after apply) + family = "sample-app-task" + id = (known after apply) + memory = "1024" + network_mode = "awsvpc" + requires_compatibilities = [ + "FARGATE", ] + revision = (known after apply) + tags = { + "Application" = "Startup Sample" } + task_role_arn = (known after apply) } # aws_iam_role.ecs_task_execution_role will be created + resource "aws_iam_role" "ecs_task_execution_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ecs-tasks.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + max_session_duration = 3600 + name = "startupSampleEcsTaskExecutionRole" + path = "/" + tags = { + "Application" = "Startup Sample" } + unique_id = (known after apply) } # aws_iam_role.sample_app_container_role will be created + resource "aws_iam_role" "sample_app_container_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ecs-tasks.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + max_session_duration = 3600 + name = "sample_app_container_role" + path = "/" + tags = { + "Application" = "Startup Sample" } + unique_id = (known after apply) } # aws_iam_role_policy.ecs_task_execution_cwlogs will be created + resource "aws_iam_role_policy" "ecs_task_execution_cwlogs" { + id = (known after apply) + name = "ecs_task_execution_cwlogs" + policy = jsonencode( { + Statement = [ + { + Action = [ + "logs:CreateLogGroup", ] + Effect = "Allow" + Resource = [ + "arn:aws:logs:*:*:*", ] }, ] + Version = "2012-10-17" } ) + role = (known after apply) } # aws_iam_role_policy.sample_app_container_cwlogs will be created + resource "aws_iam_role_policy" "sample_app_container_cwlogs" { + id = (known after apply) + name = "sample_app_container_cwlogs" + policy = jsonencode( { + Statement = [ + { + Action = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", ] + Effect = "Allow" + Resource = [ + "arn:aws:logs:*:*:*", ] }, ] + Version = "2012-10-17" } ) + role = (known after apply) } # aws_iam_role_policy.sample_app_dynamodb will be created + resource "aws_iam_role_policy" "sample_app_dynamodb" { + id = (known after apply) + name = "sample_app_dynamodb" + policy = (known after apply) + role = (known after apply) } # aws_iam_role_policy_attachment.ecs_task_execution_role will be created + resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" + role = "startupSampleEcsTaskExecutionRole" } # aws_security_group.ecs_tasks will be created + resource "aws_security_group" "ecs_tasks" { + arn = (known after apply) + description = "allow inbound access from the ALB only" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [] + description = "" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = (known after apply) + self = false + to_port = 80 }, ] + name = "sample-ecs-tasks-security-group" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Application" = "Startup Sample" } + vpc_id = "vpc-018906cab60cf165b" } # aws_security_group.endpoints will be created + resource "aws_security_group" "endpoints" { + arn = (known after apply) + description = "allow inbound access" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 443 }, ] + name = "sample-endpoints-security-group" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Application" = "Startup Sample" } + vpc_id = "vpc-018906cab60cf165b" } # aws_security_group.lb will be created + resource "aws_security_group" "lb" { + arn = (known after apply) + description = "controls access to the ALB" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 443 }, + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 80 }, ] + name = "sample-load-balancer-security-group" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Application" = "Startup Sample" } + vpc_id = "vpc-018906cab60cf165b" } # aws_sns_topic.billing_alert_topic will be created + resource "aws_sns_topic" "billing_alert_topic" { + arn = (known after apply) + id = (known after apply) + name = "startup-sample-billing-alert-topic" + policy = (known after apply) } Plan: 23 to add, 0 to change, 0 to destroy. Changes to Outputs: + alb_hostname = (known after apply) + sns_topic = (known after apply) Warning: Version constraints inside provider configuration blocks are deprecated on main.tf line 3, in provider "aws": 3: version = "~> 3.11" Terraform 0.13 and earlier allowed provider version constraints inside the provider configuration block, but that is now deprecated and will be removed in a future version of Terraform. To silence this warning, move the provider version constraint into the required_providers block. ------------------------------------------------------------------------ Cost estimation: Waiting for cost estimate to complete... Resources: 4 of 6 estimated $17.920320000000000144/mo +$17.920320000000000144 ::debug::Terraform exited with code 0. ::debug::stdout: Running plan in the remote backend. Output will stream here. Pressing Ctrl-C%0Awill stop streaming the logs, but will not stop the plan running remotely.%0A%0APreparing the remote plan...%0A%0ATo view this run in a browser, visit:%0Ahttps://app.terraform.io/app/bcgov/klwrig-dev/runs/run-sjNVzQj8ZoHCvxLR%0A%0AWaiting for the plan to start...%0A%0ATerraform v0.14.4%0AConfiguring remote state backend...%0AInitializing Terraform configuration...%0A%0AAn execution plan has been generated and is shown below.%0AResource actions are indicated with the following symbols:%0A + create%0A%0ATerraform will perform the following actions:%0A%0A # aws_alb.main will be created%0A + resource "aws_alb" "main" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + dns_name = (known after apply)%0A + drop_invalid_header_fields = false%0A + enable_deletion_protection = false%0A + enable_http2 = true%0A + id = (known after apply)%0A + idle_timeout = 60%0A + internal = true%0A + ip_address_type = (known after apply)%0A + load_balancer_type = "application"%0A + name = "sample-load-balancer"%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-0077fd92d83bfff33",%0A + "subnet-089c577af80110363",%0A ]%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = (known after apply)%0A + zone_id = (known after apply)%0A%0A + subnet_mapping {%0A + allocation_id = (known after apply)%0A + outpost_id = (known after apply)%0A + private_ipv4_address = (known after apply)%0A + subnet_id = (known after apply)%0A }%0A }%0A%0A # aws_alb_listener.front_end will be created%0A + resource "aws_alb_listener" "front_end" {%0A + arn = (known after apply)%0A + certificate_arn = "arn:aws:acm:ca-central-1:560234080437:certificate/9b3bc8d6-c71f-4e14-8f2e-3889f734b7da"%0A + id = (known after apply)%0A + load_balancer_arn = (known after apply)%0A + port = 443%0A + protocol = "HTTPS"%0A + ssl_policy = "ELBSecurityPolicy-2016-08"%0A%0A + default_action {%0A + order = (known after apply)%0A + target_group_arn = (known after apply)%0A + type = "forward"%0A }%0A }%0A%0A # aws_alb_target_group.app will be created%0A + resource "aws_alb_target_group" "app" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + deregistration_delay = 30%0A + id = (known after apply)%0A + lambda_multi_value_headers_enabled = false%0A + load_balancing_algorithm_type = (known after apply)%0A + name = "sample-target-group"%0A + port = 80%0A + protocol = "HTTP"%0A + proxy_protocol_v2 = false%0A + slow_start = 0%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + target_type = "ip"%0A + vpc_id = "vpc-018906cab60cf165b"%0A%0A + health_check {%0A + enabled = true%0A + healthy_threshold = 2%0A + interval = 5%0A + matcher = "200"%0A + path = "/"%0A + port = "traffic-port"%0A + protocol = "HTTP"%0A + timeout = 3%0A + unhealthy_threshold = 2%0A }%0A%0A + stickiness {%0A + cookie_duration = (known after apply)%0A + enabled = (known after apply)%0A + type = (known after apply)%0A }%0A }%0A%0A # aws_appautoscaling_policy.down[0] will be created%0A + resource "aws_appautoscaling_policy" "down" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_down"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_upper_bound = "0"%0A + scaling_adjustment = -1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_policy.up[0] will be created%0A + resource "aws_appautoscaling_policy" "up" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_up"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_lower_bound = "0"%0A + scaling_adjustment = 1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_target.target[0] will be created%0A + resource "aws_appautoscaling_target" "target" {%0A + id = (known after apply)%0A + max_capacity = 6%0A + min_capacity = 1%0A + resource_id = "service/sample-cluster/sample-service"%0A + role_arn = (known after apply)%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A }%0A%0A # aws_budgets_budget.cost will be created%0A + resource "aws_budgets_budget" "cost" {%0A + account_id = (known after apply)%0A + budget_type = "COST"%0A + cost_filters = {%0A + "TagKeyValue" = "user:Project$Startup Sample"%0A }%0A + id = (known after apply)%0A + limit_amount = "100.0"%0A + limit_unit = "USD"%0A + name = "startup-sample-monthly"%0A + name_prefix = (known after apply)%0A + time_period_end = "2087-06-15_00:00"%0A + time_period_start = (known after apply)%0A + time_unit = "MONTHLY"%0A%0A + cost_types {%0A + include_credit = (known after apply)%0A + include_discount = (known after apply)%0A + include_other_subscription = (known after apply)%0A + include_recurring = (known after apply)%0A + include_refund = (known after apply)%0A + include_subscription = (known after apply)%0A + include_support = (known after apply)%0A + include_tax = (known after apply)%0A + include_upfront = (known after apply)%0A + use_amortized = (known after apply)%0A + use_blended = (known after apply)%0A }%0A%0A + notification {%0A + comparison_operator = "GREATER_THAN"%0A + notification_type = "FORECASTED"%0A + subscriber_email_addresses = []%0A + subscriber_sns_topic_arns = (known after apply)%0A + threshold = 75%0A + threshold_type = "PERCENTAGE"%0A }%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_high[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_high" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_high"%0A + arn = (known after apply)%0A + comparison_operator = "GreaterThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 85%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_low[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_low" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_low"%0A + arn = (known after apply)%0A + comparison_operator = "LessThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 10%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_dynamodb_table.startup_sample_table will be created%0A + resource "aws_dynamodb_table" "startup_sample_table" {%0A + arn = (known after apply)%0A + billing_mode = "PROVISIONED"%0A + hash_key = "pid"%0A + id = (known after apply)%0A + name = "ssp-greetings"%0A + range_key = "createdAt"%0A + read_capacity = 1%0A + stream_arn = (known after apply)%0A + stream_label = (known after apply)%0A + stream_view_type = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + write_capacity = 1%0A%0A + attribute {%0A + name = "createdAt"%0A + type = "S"%0A }%0A + attribute {%0A + name = "pid"%0A + type = "S"%0A }%0A%0A + point_in_time_recovery {%0A + enabled = (known after apply)%0A }%0A%0A + server_side_encryption {%0A + enabled = (known after apply)%0A + kms_key_arn = (known after apply)%0A }%0A }%0A%0A # aws_ecs_cluster.main will be created%0A + resource "aws_ecs_cluster" "main" {%0A + arn = (known after apply)%0A + capacity_providers = [%0A + "FARGATE_SPOT",%0A ]%0A + id = (known after apply)%0A + name = "sample-cluster"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A%0A + default_capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + setting {%0A + name = (known after apply)%0A + value = (known after apply)%0A }%0A }%0A%0A # aws_ecs_service.main[0] will be created%0A + resource "aws_ecs_service" "main" {%0A + cluster = (known after apply)%0A + deployment_maximum_percent = 200%0A + deployment_minimum_healthy_percent = 100%0A + desired_count = 2%0A + enable_ecs_managed_tags = true%0A + health_check_grace_period_seconds = 60%0A + iam_role = (known after apply)%0A + id = (known after apply)%0A + launch_type = (known after apply)%0A + name = "sample-service"%0A + platform_version = (known after apply)%0A + propagate_tags = "TASK_DEFINITION"%0A + scheduling_strategy = "REPLICA"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_definition = (known after apply)%0A + wait_for_steady_state = true%0A%0A + capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + load_balancer {%0A + container_name = "sample-client-app"%0A + container_port = 80%0A + target_group_arn = (known after apply)%0A }%0A%0A + network_configuration {%0A + assign_public_ip = false%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-048e25be105ae01d3",%0A + "subnet-0896ff158c3ecdc53",%0A ]%0A }%0A }%0A%0A # aws_ecs_task_definition.app[0] will be created%0A + resource "aws_ecs_task_definition" "app" {%0A + arn = (known after apply)%0A + container_definitions = jsonencode(%0A [%0A + {%0A + cpu = 512%0A + environment = [%0A + {%0A + name = "AWS_REGION"%0A + value = "ca-central-1"%0A },%0A + {%0A + name = "DB_NAME"%0A + value = "ssp-greetings"%0A },%0A ]%0A + essential = true%0A + image = "ghcr.io/bcgov/ets-cpf-ea-onboarding:86cc1fe275c00493dec5f0fd75088165480b8791"%0A + logConfiguration = {%0A + logDriver = "awslogs"%0A + options = {%0A + awslogs-create-group = "true"%0A + awslogs-group = "/ecs/sample-app"%0A + awslogs-region = "ca-central-1"%0A + awslogs-stream-prefix = "ecs"%0A }%0A }%0A + memory = 1024%0A + mountPoints = []%0A + name = "sample-client-app"%0A + portMappings = [%0A + {%0A + containerPort = 80%0A + hostPort = 80%0A + protocol = "tcp"%0A },%0A ]%0A + volumesFrom = []%0A },%0A ]%0A )%0A + cpu = "512"%0A + execution_role_arn = (known after apply)%0A + family = "sample-app-task"%0A + id = (known after apply)%0A + memory = "1024"%0A + network_mode = "awsvpc"%0A + requires_compatibilities = [%0A + "FARGATE",%0A ]%0A + revision = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_role_arn = (known after apply)%0A }%0A%0A # aws_iam_role.ecs_task_execution_role will be created%0A + resource "aws_iam_role" "ecs_task_execution_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "startupSampleEcsTaskExecutionRole"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role.sample_app_container_role will be created%0A + resource "aws_iam_role" "sample_app_container_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "sample_app_container_role"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role_policy.ecs_task_execution_cwlogs will be created%0A + resource "aws_iam_role_policy" "ecs_task_execution_cwlogs" {%0A + id = (known after apply)%0A + name = "ecs_task_execution_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_container_cwlogs will be created%0A + resource "aws_iam_role_policy" "sample_app_container_cwlogs" {%0A + id = (known after apply)%0A + name = "sample_app_container_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A + "logs:CreateLogStream",%0A + "logs:PutLogEvents",%0A + "logs:DescribeLogStreams",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_dynamodb will be created%0A + resource "aws_iam_role_policy" "sample_app_dynamodb" {%0A + id = (known after apply)%0A + name = "sample_app_dynamodb"%0A + policy = (known after apply)%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy_attachment.ecs_task_execution_role will be created%0A + resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" {%0A + id = (known after apply)%0A + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"%0A + role = "startupSampleEcsTaskExecutionRole"%0A }%0A%0A # aws_security_group.ecs_tasks will be created%0A + resource "aws_security_group" "ecs_tasks" {%0A + arn = (known after apply)%0A + description = "allow inbound access from the ALB only"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = []%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = (known after apply)%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-ecs-tasks-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.endpoints will be created%0A + resource "aws_security_group" "endpoints" {%0A + arn = (known after apply)%0A + description = "allow inbound access"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A ]%0A + name = "sample-endpoints-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.lb will be created%0A + resource "aws_security_group" "lb" {%0A + arn = (known after apply)%0A + description = "controls access to the ALB"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-load-balancer-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_sns_topic.billing_alert_topic will be created%0A + resource "aws_sns_topic" "billing_alert_topic" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "startup-sample-billing-alert-topic"%0A + policy = (known after apply)%0A }%0A%0APlan: 23 to add, 0 to change, 0 to destroy.%0A%0AChanges to Outputs:%0A + alb_hostname = (known after apply)%0A + sns_topic = (known after apply)%0A%0AWarning: Version constraints inside provider configuration blocks are deprecated%0A%0A on main.tf line 3, in provider "aws":%0A 3: version = "~> 3.11"%0A%0ATerraform 0.13 and earlier allowed provider version constraints inside the%0Aprovider configuration block, but that is now deprecated and will be removed%0Ain a future version of Terraform. To silence this warning, move the provider%0Aversion constraint into the required_providers block.%0A%0A%0A------------------------------------------------------------------------%0A%0ACost estimation:%0A%0AWaiting for cost estimate to complete...%0A%0AResources: 4 of 6 estimated%0A $17.920320000000000144/mo +$17.920320000000000144%0A ::debug::stderr: ::debug::exitcode: 0 ::set-output name=stdout::Running plan in the remote backend. Output will stream here. Pressing Ctrl-C%0Awill stop streaming the logs, but will not stop the plan running remotely.%0A%0APreparing the remote plan...%0A%0ATo view this run in a browser, visit:%0Ahttps://app.terraform.io/app/bcgov/klwrig-dev/runs/run-sjNVzQj8ZoHCvxLR%0A%0AWaiting for the plan to start...%0A%0ATerraform v0.14.4%0AConfiguring remote state backend...%0AInitializing Terraform configuration...%0A%0AAn execution plan has been generated and is shown below.%0AResource actions are indicated with the following symbols:%0A + create%0A%0ATerraform will perform the following actions:%0A%0A # aws_alb.main will be created%0A + resource "aws_alb" "main" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + dns_name = (known after apply)%0A + drop_invalid_header_fields = false%0A + enable_deletion_protection = false%0A + enable_http2 = true%0A + id = (known after apply)%0A + idle_timeout = 60%0A + internal = true%0A + ip_address_type = (known after apply)%0A + load_balancer_type = "application"%0A + name = "sample-load-balancer"%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-0077fd92d83bfff33",%0A + "subnet-089c577af80110363",%0A ]%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = (known after apply)%0A + zone_id = (known after apply)%0A%0A + subnet_mapping {%0A + allocation_id = (known after apply)%0A + outpost_id = (known after apply)%0A + private_ipv4_address = (known after apply)%0A + subnet_id = (known after apply)%0A }%0A }%0A%0A # aws_alb_listener.front_end will be created%0A + resource "aws_alb_listener" "front_end" {%0A + arn = (known after apply)%0A + certificate_arn = "arn:aws:acm:ca-central-1:560234080437:certificate/9b3bc8d6-c71f-4e14-8f2e-3889f734b7da"%0A + id = (known after apply)%0A + load_balancer_arn = (known after apply)%0A + port = 443%0A + protocol = "HTTPS"%0A + ssl_policy = "ELBSecurityPolicy-2016-08"%0A%0A + default_action {%0A + order = (known after apply)%0A + target_group_arn = (known after apply)%0A + type = "forward"%0A }%0A }%0A%0A # aws_alb_target_group.app will be created%0A + resource "aws_alb_target_group" "app" {%0A + arn = (known after apply)%0A + arn_suffix = (known after apply)%0A + deregistration_delay = 30%0A + id = (known after apply)%0A + lambda_multi_value_headers_enabled = false%0A + load_balancing_algorithm_type = (known after apply)%0A + name = "sample-target-group"%0A + port = 80%0A + protocol = "HTTP"%0A + proxy_protocol_v2 = false%0A + slow_start = 0%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + target_type = "ip"%0A + vpc_id = "vpc-018906cab60cf165b"%0A%0A + health_check {%0A + enabled = true%0A + healthy_threshold = 2%0A + interval = 5%0A + matcher = "200"%0A + path = "/"%0A + port = "traffic-port"%0A + protocol = "HTTP"%0A + timeout = 3%0A + unhealthy_threshold = 2%0A }%0A%0A + stickiness {%0A + cookie_duration = (known after apply)%0A + enabled = (known after apply)%0A + type = (known after apply)%0A }%0A }%0A%0A # aws_appautoscaling_policy.down[0] will be created%0A + resource "aws_appautoscaling_policy" "down" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_down"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_upper_bound = "0"%0A + scaling_adjustment = -1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_policy.up[0] will be created%0A + resource "aws_appautoscaling_policy" "up" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "sample_scale_up"%0A + policy_type = "StepScaling"%0A + resource_id = "service/sample-cluster/sample-service"%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A%0A + step_scaling_policy_configuration {%0A + adjustment_type = "ChangeInCapacity"%0A + cooldown = 60%0A + metric_aggregation_type = "Maximum"%0A%0A + step_adjustment {%0A + metric_interval_lower_bound = "0"%0A + scaling_adjustment = 1%0A }%0A }%0A }%0A%0A # aws_appautoscaling_target.target[0] will be created%0A + resource "aws_appautoscaling_target" "target" {%0A + id = (known after apply)%0A + max_capacity = 6%0A + min_capacity = 1%0A + resource_id = "service/sample-cluster/sample-service"%0A + role_arn = (known after apply)%0A + scalable_dimension = "ecs:service:DesiredCount"%0A + service_namespace = "ecs"%0A }%0A%0A # aws_budgets_budget.cost will be created%0A + resource "aws_budgets_budget" "cost" {%0A + account_id = (known after apply)%0A + budget_type = "COST"%0A + cost_filters = {%0A + "TagKeyValue" = "user:Project$Startup Sample"%0A }%0A + id = (known after apply)%0A + limit_amount = "100.0"%0A + limit_unit = "USD"%0A + name = "startup-sample-monthly"%0A + name_prefix = (known after apply)%0A + time_period_end = "2087-06-15_00:00"%0A + time_period_start = (known after apply)%0A + time_unit = "MONTHLY"%0A%0A + cost_types {%0A + include_credit = (known after apply)%0A + include_discount = (known after apply)%0A + include_other_subscription = (known after apply)%0A + include_recurring = (known after apply)%0A + include_refund = (known after apply)%0A + include_subscription = (known after apply)%0A + include_support = (known after apply)%0A + include_tax = (known after apply)%0A + include_upfront = (known after apply)%0A + use_amortized = (known after apply)%0A + use_blended = (known after apply)%0A }%0A%0A + notification {%0A + comparison_operator = "GREATER_THAN"%0A + notification_type = "FORECASTED"%0A + subscriber_email_addresses = []%0A + subscriber_sns_topic_arns = (known after apply)%0A + threshold = 75%0A + threshold_type = "PERCENTAGE"%0A }%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_high[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_high" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_high"%0A + arn = (known after apply)%0A + comparison_operator = "GreaterThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 85%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_cloudwatch_metric_alarm.service_cpu_low[0] will be created%0A + resource "aws_cloudwatch_metric_alarm" "service_cpu_low" {%0A + actions_enabled = true%0A + alarm_actions = (known after apply)%0A + alarm_name = "sample_cpu_utilization_low"%0A + arn = (known after apply)%0A + comparison_operator = "LessThanOrEqualToThreshold"%0A + dimensions = {%0A + "ClusterName" = "sample-cluster"%0A + "ServiceName" = "sample-service"%0A }%0A + evaluate_low_sample_count_percentiles = (known after apply)%0A + evaluation_periods = 2%0A + id = (known after apply)%0A + metric_name = "CPUUtilization"%0A + namespace = "AWS/ECS"%0A + period = 60%0A + statistic = "Average"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + threshold = 10%0A + treat_missing_data = "missing"%0A }%0A%0A # aws_dynamodb_table.startup_sample_table will be created%0A + resource "aws_dynamodb_table" "startup_sample_table" {%0A + arn = (known after apply)%0A + billing_mode = "PROVISIONED"%0A + hash_key = "pid"%0A + id = (known after apply)%0A + name = "ssp-greetings"%0A + range_key = "createdAt"%0A + read_capacity = 1%0A + stream_arn = (known after apply)%0A + stream_label = (known after apply)%0A + stream_view_type = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + write_capacity = 1%0A%0A + attribute {%0A + name = "createdAt"%0A + type = "S"%0A }%0A + attribute {%0A + name = "pid"%0A + type = "S"%0A }%0A%0A + point_in_time_recovery {%0A + enabled = (known after apply)%0A }%0A%0A + server_side_encryption {%0A + enabled = (known after apply)%0A + kms_key_arn = (known after apply)%0A }%0A }%0A%0A # aws_ecs_cluster.main will be created%0A + resource "aws_ecs_cluster" "main" {%0A + arn = (known after apply)%0A + capacity_providers = [%0A + "FARGATE_SPOT",%0A ]%0A + id = (known after apply)%0A + name = "sample-cluster"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A%0A + default_capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + setting {%0A + name = (known after apply)%0A + value = (known after apply)%0A }%0A }%0A%0A # aws_ecs_service.main[0] will be created%0A + resource "aws_ecs_service" "main" {%0A + cluster = (known after apply)%0A + deployment_maximum_percent = 200%0A + deployment_minimum_healthy_percent = 100%0A + desired_count = 2%0A + enable_ecs_managed_tags = true%0A + health_check_grace_period_seconds = 60%0A + iam_role = (known after apply)%0A + id = (known after apply)%0A + launch_type = (known after apply)%0A + name = "sample-service"%0A + platform_version = (known after apply)%0A + propagate_tags = "TASK_DEFINITION"%0A + scheduling_strategy = "REPLICA"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_definition = (known after apply)%0A + wait_for_steady_state = true%0A%0A + capacity_provider_strategy {%0A + capacity_provider = "FARGATE_SPOT"%0A + weight = 100%0A }%0A%0A + load_balancer {%0A + container_name = "sample-client-app"%0A + container_port = 80%0A + target_group_arn = (known after apply)%0A }%0A%0A + network_configuration {%0A + assign_public_ip = false%0A + security_groups = (known after apply)%0A + subnets = [%0A + "subnet-048e25be105ae01d3",%0A + "subnet-0896ff158c3ecdc53",%0A ]%0A }%0A }%0A%0A # aws_ecs_task_definition.app[0] will be created%0A + resource "aws_ecs_task_definition" "app" {%0A + arn = (known after apply)%0A + container_definitions = jsonencode(%0A [%0A + {%0A + cpu = 512%0A + environment = [%0A + {%0A + name = "AWS_REGION"%0A + value = "ca-central-1"%0A },%0A + {%0A + name = "DB_NAME"%0A + value = "ssp-greetings"%0A },%0A ]%0A + essential = true%0A + image = "ghcr.io/bcgov/ets-cpf-ea-onboarding:86cc1fe275c00493dec5f0fd75088165480b8791"%0A + logConfiguration = {%0A + logDriver = "awslogs"%0A + options = {%0A + awslogs-create-group = "true"%0A + awslogs-group = "/ecs/sample-app"%0A + awslogs-region = "ca-central-1"%0A + awslogs-stream-prefix = "ecs"%0A }%0A }%0A + memory = 1024%0A + mountPoints = []%0A + name = "sample-client-app"%0A + portMappings = [%0A + {%0A + containerPort = 80%0A + hostPort = 80%0A + protocol = "tcp"%0A },%0A ]%0A + volumesFrom = []%0A },%0A ]%0A )%0A + cpu = "512"%0A + execution_role_arn = (known after apply)%0A + family = "sample-app-task"%0A + id = (known after apply)%0A + memory = "1024"%0A + network_mode = "awsvpc"%0A + requires_compatibilities = [%0A + "FARGATE",%0A ]%0A + revision = (known after apply)%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + task_role_arn = (known after apply)%0A }%0A%0A # aws_iam_role.ecs_task_execution_role will be created%0A + resource "aws_iam_role" "ecs_task_execution_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "startupSampleEcsTaskExecutionRole"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role.sample_app_container_role will be created%0A + resource "aws_iam_role" "sample_app_container_role" {%0A + arn = (known after apply)%0A + assume_role_policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = "sts:AssumeRole"%0A + Effect = "Allow"%0A + Principal = {%0A + Service = "ecs-tasks.amazonaws.com"%0A }%0A + Sid = ""%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + create_date = (known after apply)%0A + force_detach_policies = false%0A + id = (known after apply)%0A + max_session_duration = 3600%0A + name = "sample_app_container_role"%0A + path = "/"%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + unique_id = (known after apply)%0A }%0A%0A # aws_iam_role_policy.ecs_task_execution_cwlogs will be created%0A + resource "aws_iam_role_policy" "ecs_task_execution_cwlogs" {%0A + id = (known after apply)%0A + name = "ecs_task_execution_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_container_cwlogs will be created%0A + resource "aws_iam_role_policy" "sample_app_container_cwlogs" {%0A + id = (known after apply)%0A + name = "sample_app_container_cwlogs"%0A + policy = jsonencode(%0A {%0A + Statement = [%0A + {%0A + Action = [%0A + "logs:CreateLogGroup",%0A + "logs:CreateLogStream",%0A + "logs:PutLogEvents",%0A + "logs:DescribeLogStreams",%0A ]%0A + Effect = "Allow"%0A + Resource = [%0A + "arn:aws:logs:*:*:*",%0A ]%0A },%0A ]%0A + Version = "2012-10-17"%0A }%0A )%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy.sample_app_dynamodb will be created%0A + resource "aws_iam_role_policy" "sample_app_dynamodb" {%0A + id = (known after apply)%0A + name = "sample_app_dynamodb"%0A + policy = (known after apply)%0A + role = (known after apply)%0A }%0A%0A # aws_iam_role_policy_attachment.ecs_task_execution_role will be created%0A + resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" {%0A + id = (known after apply)%0A + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"%0A + role = "startupSampleEcsTaskExecutionRole"%0A }%0A%0A # aws_security_group.ecs_tasks will be created%0A + resource "aws_security_group" "ecs_tasks" {%0A + arn = (known after apply)%0A + description = "allow inbound access from the ALB only"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = []%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = (known after apply)%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-ecs-tasks-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.endpoints will be created%0A + resource "aws_security_group" "endpoints" {%0A + arn = (known after apply)%0A + description = "allow inbound access"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A ]%0A + name = "sample-endpoints-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_security_group.lb will be created%0A + resource "aws_security_group" "lb" {%0A + arn = (known after apply)%0A + description = "controls access to the ALB"%0A + egress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 0%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "-1"%0A + security_groups = []%0A + self = false%0A + to_port = 0%0A },%0A ]%0A + id = (known after apply)%0A + ingress = [%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 443%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 443%0A },%0A + {%0A + cidr_blocks = [%0A + "0.0.0.0/0",%0A ]%0A + description = ""%0A + from_port = 80%0A + ipv6_cidr_blocks = []%0A + prefix_list_ids = []%0A + protocol = "tcp"%0A + security_groups = []%0A + self = false%0A + to_port = 80%0A },%0A ]%0A + name = "sample-load-balancer-security-group"%0A + owner_id = (known after apply)%0A + revoke_rules_on_delete = false%0A + tags = {%0A + "Application" = "Startup Sample"%0A }%0A + vpc_id = "vpc-018906cab60cf165b"%0A }%0A%0A # aws_sns_topic.billing_alert_topic will be created%0A + resource "aws_sns_topic" "billing_alert_topic" {%0A + arn = (known after apply)%0A + id = (known after apply)%0A + name = "startup-sample-billing-alert-topic"%0A + policy = (known after apply)%0A }%0A%0APlan: 23 to add, 0 to change, 0 to destroy.%0A%0AChanges to Outputs:%0A + alb_hostname = (known after apply)%0A + sns_topic = (known after apply)%0A%0AWarning: Version constraints inside provider configuration blocks are deprecated%0A%0A on main.tf line 3, in provider "aws":%0A 3: version = "~> 3.11"%0A%0ATerraform 0.13 and earlier allowed provider version constraints inside the%0Aprovider configuration block, but that is now deprecated and will be removed%0Ain a future version of Terraform. To silence this warning, move the provider%0Aversion constraint into the required_providers block.%0A%0A%0A------------------------------------------------------------------------%0A%0ACost estimation:%0A%0AWaiting for cost estimate to complete...%0A%0AResources: 4 of 6 estimated%0A $17.920320000000000144/mo +$17.920320000000000144%0A ::set-output name=stderr:: ::set-output name=exitcode::0 ```Pusher: @ashtonmeuser, Action: Terraform Plan: #1