feat: add Freshdesk API key secret to API ECS task

[craigzour]

Summary | Résumé

• Adds Freshdesk API key secret to API ECS task

[github-actions[bot]]

⚠ Terrform update available

Terraform: 1.9.5 (using 1.9.2)
Terragrunt: 0.67.1 (using 0.63.2)

[craigzour]

One comment is that you'll also need to update the ECS task's IAM permission to let it read the secret:

https://github.com/cds-snc/forms-terraform/blob/132e9924f462bebec3e64272666c84179fb40dfc/aws/api/ecs.tf#L119-L131

Good catch! I added it :)

[github-actions[bot]]

Staging: api

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 1 to add, 2 to change, 1 to destroy

Show summary

| CHANGE | NAME | |----------|------------------------------------------------| | update | `module.api_ecs.aws_ecs_service.this` | | | `module.api_ecs.aws_iam_policy.this_task_exec` | | recreate | `module.api_ecs.aws_ecs_task_definition.this` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place -/+ destroy and then create replacement Terraform will perform the following actions: # module.api_ecs.aws_ecs_service.this will be updated in-place ~ resource "aws_ecs_service" "this" { id = "arn:aws:ecs:ca-central-1:687401027353:service/Forms/forms-api" name = "forms-api" tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } ~ task_definition = "forms-api:16" -> "forms-api" # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.api_ecs.aws_ecs_task_definition.this must be replaced -/+ resource "aws_ecs_task_definition" "this" { ~ arn = "arn:aws:ecs:ca-central-1:687401027353:task-definition/forms-api:12" -> (known after apply) ~ arn_without_revision = "arn:aws:ecs:ca-central-1:687401027353:task-definition/forms-api" -> (known after apply) ~ container_definitions = (sensitive value) # forces replacement ~ id = "forms-api" -> (known after apply) ~ revision = 12 -> (known after apply) tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } # (12 unchanged attributes hidden) # (1 unchanged block hidden) } # module.api_ecs.aws_iam_policy.this_task_exec will be updated in-place ~ resource "aws_iam_policy" "this_task_exec" { id = "arn:aws:iam::687401027353:policy/forms-api_ecs_task_exec_policy" name = "forms-api_ecs_task_exec_policy" ~ policy = jsonencode( ~ { ~ Statement = [ # (2 unchanged elements hidden) { Action = [ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:CreateLogStream", ] Effect = "Allow" Resource = "arn:aws:logs:ca-central-1:687401027353:log-group:/aws/ecs/Forms/forms-api:*" }, ~ { ~ Resource = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:zitadel_application_key-3hJWOl" -> [ + "arn:aws:secretsmanager:ca-central-1:687401027353:secret:zitadel_application_key-3hJWOl", + "arn:aws:secretsmanager:ca-central-1:687401027353:secret:freshdesk_api_key-JVyxop", ] # (2 unchanged attributes hidden) }, ] # (1 unchanged attribute hidden) } ) tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } # (7 unchanged attributes hidden) } Plan: 1 to add, 2 to change, 1 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh 20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions ```