fix: switch IdP LB protocol to HTTP1

[patheard]

Summary

Update the IdP's load balancer target group to use HTTP1. This is being done because of a limitation with the Node library being used to send requests.

[github-actions[bot]]

⚠ Terrform update available

Terraform: 1.9.3 (using 1.9.2)
Terragrunt: 0.64.5 (using 0.63.2)

[github-actions[bot]]

Staging: idp

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 2 to add, 2 to change, 2 to destroy

Show summary

| CHANGE | NAME | |----------|---------------------------------------| | update | `aws_lb_listener.idp` | | | `module.idp_ecs.aws_ecs_service.this` | | recreate | `aws_lb_target_group.idp` | | | `random_string.idp_alb_tg_suffix` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place +/- create replacement and then destroy Terraform will perform the following actions: # aws_lb_listener.idp will be updated in-place ~ resource "aws_lb_listener" "idp" { id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:listener/app/idp/9bb4fc6f33420bc4/ab056b245c94d5c3" tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } # (7 unchanged attributes hidden) ~ default_action { ~ target_group_arn = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:targetgroup/idp-tg-fxc/1cf5a763f7977618" -> (known after apply) # (2 unchanged attributes hidden) } # (1 unchanged block hidden) } # aws_lb_target_group.idp must be replaced +/- resource "aws_lb_target_group" "idp" { ~ arn = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:targetgroup/idp-tg-fxc/1cf5a763f7977618" -> (known after apply) ~ arn_suffix = "targetgroup/idp-tg-fxc/1cf5a763f7977618" -> (known after apply) + connection_termination = (known after apply) ~ id = "arn:aws:elasticloadbalancing:ca-central-1:687401027353:targetgroup/idp-tg-fxc/1cf5a763f7977618" -> (known after apply) ~ ip_address_type = "ipv4" -> (known after apply) ~ load_balancer_arns = [ - "arn:aws:elasticloadbalancing:ca-central-1:687401027353:loadbalancer/app/idp/9bb4fc6f33420bc4", ] -> (known after apply) ~ load_balancing_algorithm_type = "round_robin" -> (known after apply) ~ load_balancing_anomaly_mitigation = "off" -> (known after apply) ~ load_balancing_cross_zone_enabled = "use_load_balancer_configuration" -> (known after apply) ~ name = "idp-tg-fxc" # forces replacement -> (known after apply) # forces replacement + name_prefix = (known after apply) + preserve_client_ip = (known after apply) ~ protocol_version = "HTTP2" -> "HTTP1" # forces replacement tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } # (9 unchanged attributes hidden) ~ health_check { ~ timeout = 5 -> (known after apply) # (8 unchanged attributes hidden) } ~ target_failover { + arn = (known after apply) + arn_suffix = (known after apply) + connection_termination = (known after apply) + deregistration_delay = (known after apply) + id = (known after apply) + ip_address_type = (known after apply) + lambda_multi_value_headers_enabled = (known after apply) + load_balancer_arns = (known after apply) + load_balancing_algorithm_type = (known after apply) + load_balancing_anomaly_mitigation = (known after apply) + load_balancing_cross_zone_enabled = (known after apply) + name = (known after apply) + name_prefix = (known after apply) + port = (known after apply) + preserve_client_ip = (known after apply) + protocol = (known after apply) + protocol_version = (known after apply) + proxy_protocol_v2 = (known after apply) + slow_start = (known after apply) + tags = (known after apply) + tags_all = (known after apply) + target_type = (known after apply) + vpc_id = (known after apply) } -> (known after apply) ~ target_group_health { + arn = (known after apply) + arn_suffix = (known after apply) + connection_termination = (known after apply) + deregistration_delay = (known after apply) + id = (known after apply) + ip_address_type = (known after apply) + lambda_multi_value_headers_enabled = (known after apply) + load_balancer_arns = (known after apply) + load_balancing_algorithm_type = (known after apply) + load_balancing_anomaly_mitigation = (known after apply) + load_balancing_cross_zone_enabled = (known after apply) + name = (known after apply) + name_prefix = (known after apply) + port = (known after apply) + preserve_client_ip = (known after apply) + protocol = (known after apply) + protocol_version = (known after apply) + proxy_protocol_v2 = (known after apply) + slow_start = (known after apply) + tags = (known after apply) + tags_all = (known after apply) + target_type = (known after apply) + vpc_id = (known after apply) } -> (known after apply) ~ target_health_state { + arn = (known after apply) + arn_suffix = (known after apply) + connection_termination = (known after apply) + deregistration_delay = (known after apply) + id = (known after apply) + ip_address_type = (known after apply) + lambda_multi_value_headers_enabled = (known after apply) + load_balancer_arns = (known after apply) + load_balancing_algorithm_type = (known after apply) + load_balancing_anomaly_mitigation = (known after apply) + load_balancing_cross_zone_enabled = (known after apply) + name = (known after apply) + name_prefix = (known after apply) + port = (known after apply) + preserve_client_ip = (known after apply) + protocol = (known after apply) + protocol_version = (known after apply) + proxy_protocol_v2 = (known after apply) + slow_start = (known after apply) + tags = (known after apply) + tags_all = (known after apply) + target_type = (known after apply) + vpc_id = (known after apply) } -> (known after apply) # (1 unchanged block hidden) } # random_string.idp_alb_tg_suffix must be replaced +/- resource "random_string" "idp_alb_tg_suffix" { ~ id = "fxc" -> (known after apply) ~ keepers = { # forces replacement ~ "protocol_version" = "HTTP2" -> "HTTP1" # (2 unchanged elements hidden) } ~ result = "fxc" -> (known after apply) # (10 unchanged attributes hidden) } # module.idp_ecs.aws_ecs_service.this will be updated in-place ~ resource "aws_ecs_service" "this" { ~ health_check_grace_period_seconds = 60 -> (known after apply) id = "arn:aws:ecs:ca-central-1:687401027353:service/idp/zitadel" name = "zitadel" tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } # (15 unchanged attributes hidden) ~ load_balancer { + cluster = (known after apply) + deployment_maximum_percent = (known after apply) + deployment_minimum_healthy_percent = (known after apply) + desired_count = (known after apply) + enable_ecs_managed_tags = (known after apply) + enable_execute_command = (known after apply) + force_new_deployment = (known after apply) + health_check_grace_period_seconds = (known after apply) + iam_role = (known after apply) + id = (known after apply) + launch_type = (known after apply) + name = (known after apply) + platform_version = (known after apply) + propagate_tags = (known after apply) + scheduling_strategy = (known after apply) + tags = (known after apply) + tags_all = (known after apply) + task_definition = (known after apply) + triggers = (known after apply) + wait_for_steady_state = (known after apply) } -> (known after apply) # (3 unchanged blocks hidden) } Plan: 2 to add, 2 to change, 2 to destroy. Changes to Outputs: ~ lb_idp_target_group_arn_suffix = "targetgroup/idp-tg-fxc/1cf5a763f7977618" -> (known after apply) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.idp_send_email"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.idp_send_email"] WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.idp"] 22 tests, 19 passed, 3 warnings, 0 failures, 0 exceptions ```