release 2.13.11

[ben851]

Summary | Résumé

Prod DNS migration release

Related Issues | Cartes liées

• https://app.zenhub.com/workspaces/notify-planning-core-6411dfb7c95fb80014e0cab0/issues/gh/cds-snc/notification-planning-core/36

Test instructions | Instructions pour tester la modification

TF Apply works

Release Instructions | Instructions pour le déploiement

Import the DNS entries.

Reviewer checklist | Liste de vérification du réviseur

• [x] This PR does not break existing functionality.
• [x] This PR does not violate GCNotify's privacy policies.
• [x] This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
• [x] This PR does not significantly alter performance.
• [ ] Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

[github-actions[bot]]

Production: newrelic

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 0 to add, 3 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|--------------------------------------------------------------------------| | update | `newrelic_nrql_alert_condition.admin_error_percentage` | | | `newrelic_nrql_alert_condition.lambda_api_error_percentage_fuzzy_attack` | | | `newrelic_workflow.terraform_notify_workflow` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # newrelic_nrql_alert_condition.admin_error_percentage will be updated in-place ~ resource "newrelic_nrql_alert_condition" "admin_error_percentage" { id = "5471833:43099765" name = "[Admin] Error percentage" # (15 unchanged attributes hidden) ~ warning { ~ threshold = 0.01 -> 0.5 ~ threshold_duration = 60 -> 600 # (3 unchanged attributes hidden) } # (2 unchanged blocks hidden) } # newrelic_nrql_alert_condition.lambda_api_error_percentage_fuzzy_attack will be updated in-place ~ resource "newrelic_nrql_alert_condition" "lambda_api_error_percentage_fuzzy_attack" { id = "5471833:43099761" name = "[Lambda API] Error percentage (Fuzzy attack)" # (15 unchanged attributes hidden) - critical { - duration = 0 -> null - operator = "above" -> null - threshold = 99 -> null - threshold_duration = 36000 -> null - threshold_occurrences = "all" -> null } # (2 unchanged blocks hidden) } # newrelic_workflow.terraform_notify_workflow will be updated in-place ~ resource "newrelic_workflow" "terraform_notify_workflow" { id = "b6ee8bdc-d939-4091-8e82-6212776c580b" name = "Notify Workflow - production" # (8 unchanged attributes hidden) - destination { - channel_id = "718ee534-9e6b-4e30-9c97-fd7ff2b066db" -> null - name = "Terraform Notify Slack Channel - production" -> null - notification_triggers = [ - "ACKNOWLEDGED", - "ACTIVATED", - "CLOSED", ] -> null - type = "SLACK_LEGACY" -> null - update_original_message = true -> null } + destination { + channel_id = "718ee534-9e6b-4e30-9c97-fd7ff2b066db" + name = (known after apply) + notification_triggers = (known after apply) + type = (known after apply) + update_original_message = true } # (1 unchanged block hidden) } Plan: 0 to add, 3 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

[github-actions[bot]]

Production: dns

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|----------------------------------------------| | update | `aws_route53_zone.notification-canada-ca[0]` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_route53_zone.notification-canada-ca[0] will be updated in-place ~ resource "aws_route53_zone" "notification-canada-ca" { + comment = "Managed by Terraform" id = "Z1XG153PQF3VV5" name = "notification.canada.ca" tags = { "Project" = "dns" } # (6 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Changes to Outputs: - production_route_53_zone_arn = "Z1XG153PQF3VV5" -> null ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.internal_dns"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.internal_dns"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.notification-canada-ca[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.internal_dns_cert_base64"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.internal_dns_fqdn"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.internal_dns_key_base64"] 25 tests, 19 passed, 6 warnings, 0 failures, 0 exceptions ```

[github-actions[bot]]

Production: ses_validation_dns_entries

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 9 to add, 6 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-------------------------------------------------------------------------------------------------------------------------------------| | add | `aws_route53_record.ses_cic_trvapply_vrtdemande_dkim_record["trvapply-vrtdemande.apps.cic.gc.ca.kgdyxcvfrxzxx2ayrgtg4fgiscu4dqbp"]` | | | `aws_route53_record.ses_cic_trvapply_vrtdemande_dkim_record["trvapply-vrtdemande.apps.cic.gc.ca.tk2jbluolly3nkaauguzpe25qdnk5ezt"]` | | | `aws_route53_record.ses_cic_trvapply_vrtdemande_dkim_record["trvapply-vrtdemande.apps.cic.gc.ca.vj475sskkyqysudjoemon3watmv4f4oe"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["notification.gov.bc.ca.om56oqvtknft7qeocs5offdcqcwvbpiu"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["notification.gov.bc.ca.pypemga4ooemc3thf5h4p6jpcv5ieme2"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["notification.gov.bc.ca.wp5wrojykc637go6gqaag7debuvk7suc"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["notify.novascotia.ca.3xxbqbyriwlz52t6wmydijkqtrwmikru"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["notify.novascotia.ca.jit2blavxo37qnw3ekgn2ph4gazq3ufb"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["notify.novascotia.ca.r7e7juygsbrvjaj3ceuvpnjwksgi7vrs"]` | | update | `aws_route53_record.notification_canada_ca_dkim_record["h2d5mnabqwlnowww7rkgpoagtrxt7d4z"]` | | | `aws_route53_record.notification_canada_ca_dkim_record["wrs6wsp65k764hnaouax5t66vfqrbrst"]` | | | `aws_route53_record.notification_canada_ca_dkim_record["wrtaqi2wdu42zqjzyf3ikn46kzos4f76"]` | | | `aws_route53_record.notification_canada_ca_receiving_dkim_record["iymb7ahbsrpfy7ktku4tpibh2n3a2hdk"]` | | | `aws_route53_record.notification_canada_ca_receiving_dkim_record["pjmdrlcl2vsjodh4ruc4v2oogw5cs2cl"]` | | | `aws_route53_record.notification_canada_ca_receiving_dkim_record["z7ujljo4n4hbl4slxawnomvstjhlbgx2"]` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # aws_route53_record.notification_canada_ca_dkim_record["h2d5mnabqwlnowww7rkgpoagtrxt7d4z"] will be updated in-place ~ resource "aws_route53_record" "notification_canada_ca_dkim_record" { + allow_overwrite = true id = "Z1XG153PQF3VV5_h2d5mnabqwlnowww7rkgpoagtrxt7d4z._domainkey.notification.canada.ca_CNAME" name = "h2d5mnabqwlnowww7rkgpoagtrxt7d4z._domainkey.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_dkim_record["wrs6wsp65k764hnaouax5t66vfqrbrst"] will be updated in-place ~ resource "aws_route53_record" "notification_canada_ca_dkim_record" { + allow_overwrite = true id = "Z1XG153PQF3VV5_wrs6wsp65k764hnaouax5t66vfqrbrst._domainkey.notification.canada.ca_CNAME" name = "wrs6wsp65k764hnaouax5t66vfqrbrst._domainkey.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_dkim_record["wrtaqi2wdu42zqjzyf3ikn46kzos4f76"] will be updated in-place ~ resource "aws_route53_record" "notification_canada_ca_dkim_record" { + allow_overwrite = true id = "Z1XG153PQF3VV5_wrtaqi2wdu42zqjzyf3ikn46kzos4f76._domainkey.notification.canada.ca_CNAME" name = "wrtaqi2wdu42zqjzyf3ikn46kzos4f76._domainkey.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_receiving_dkim_record["iymb7ahbsrpfy7ktku4tpibh2n3a2hdk"] will be updated in-place ~ resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" { + allow_overwrite = true id = "Z1XG153PQF3VV5_iymb7ahbsrpfy7ktku4tpibh2n3a2hdk._domainkey.notification.canada.ca_CNAME" name = "iymb7ahbsrpfy7ktku4tpibh2n3a2hdk._domainkey.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_receiving_dkim_record["pjmdrlcl2vsjodh4ruc4v2oogw5cs2cl"] will be updated in-place ~ resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" { + allow_overwrite = true id = "Z1XG153PQF3VV5_pjmdrlcl2vsjodh4ruc4v2oogw5cs2cl._domainkey.notification.canada.ca_CNAME" name = "pjmdrlcl2vsjodh4ruc4v2oogw5cs2cl._domainkey.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_receiving_dkim_record["z7ujljo4n4hbl4slxawnomvstjhlbgx2"] will be updated in-place ~ resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" { + allow_overwrite = true id = "Z1XG153PQF3VV5_z7ujljo4n4hbl4slxawnomvstjhlbgx2._domainkey.notification.canada.ca_CNAME" name = "z7ujljo4n4hbl4slxawnomvstjhlbgx2._domainkey.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.ses_cic_trvapply_vrtdemande_dkim_record["trvapply-vrtdemande.apps.cic.gc.ca.kgdyxcvfrxzxx2ayrgtg4fgiscu4dqbp"] will be created + resource "aws_route53_record" "ses_cic_trvapply_vrtdemande_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "kgdyxcvfrxzxx2ayrgtg4fgiscu4dqbp._domainkey.trvapply-vrtdemande.apps.cic.gc.ca" + records = [ + "kgdyxcvfrxzxx2ayrgtg4fgiscu4dqbp.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_cic_trvapply_vrtdemande_dkim_record["trvapply-vrtdemande.apps.cic.gc.ca.tk2jbluolly3nkaauguzpe25qdnk5ezt"] will be created + resource "aws_route53_record" "ses_cic_trvapply_vrtdemande_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "tk2jbluolly3nkaauguzpe25qdnk5ezt._domainkey.trvapply-vrtdemande.apps.cic.gc.ca" + records = [ + "tk2jbluolly3nkaauguzpe25qdnk5ezt.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_cic_trvapply_vrtdemande_dkim_record["trvapply-vrtdemande.apps.cic.gc.ca.vj475sskkyqysudjoemon3watmv4f4oe"] will be created + resource "aws_route53_record" "ses_cic_trvapply_vrtdemande_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "vj475sskkyqysudjoemon3watmv4f4oe._domainkey.trvapply-vrtdemande.apps.cic.gc.ca" + records = [ + "vj475sskkyqysudjoemon3watmv4f4oe.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_custom_domain_dkim_record["notification.gov.bc.ca.om56oqvtknft7qeocs5offdcqcwvbpiu"] will be created + resource "aws_route53_record" "ses_custom_domain_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "om56oqvtknft7qeocs5offdcqcwvbpiu._domainkey.notification.gov.bc.ca" + records = [ + "om56oqvtknft7qeocs5offdcqcwvbpiu.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_custom_domain_dkim_record["notification.gov.bc.ca.pypemga4ooemc3thf5h4p6jpcv5ieme2"] will be created + resource "aws_route53_record" "ses_custom_domain_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "pypemga4ooemc3thf5h4p6jpcv5ieme2._domainkey.notification.gov.bc.ca" + records = [ + "pypemga4ooemc3thf5h4p6jpcv5ieme2.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_custom_domain_dkim_record["notification.gov.bc.ca.wp5wrojykc637go6gqaag7debuvk7suc"] will be created + resource "aws_route53_record" "ses_custom_domain_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "wp5wrojykc637go6gqaag7debuvk7suc._domainkey.notification.gov.bc.ca" + records = [ + "wp5wrojykc637go6gqaag7debuvk7suc.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_custom_domain_dkim_record["notify.novascotia.ca.3xxbqbyriwlz52t6wmydijkqtrwmikru"] will be created + resource "aws_route53_record" "ses_custom_domain_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "3xxbqbyriwlz52t6wmydijkqtrwmikru._domainkey.notify.novascotia.ca" + records = [ + "3xxbqbyriwlz52t6wmydijkqtrwmikru.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_custom_domain_dkim_record["notify.novascotia.ca.jit2blavxo37qnw3ekgn2ph4gazq3ufb"] will be created + resource "aws_route53_record" "ses_custom_domain_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "jit2blavxo37qnw3ekgn2ph4gazq3ufb._domainkey.notify.novascotia.ca" + records = [ + "jit2blavxo37qnw3ekgn2ph4gazq3ufb.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.ses_custom_domain_dkim_record["notify.novascotia.ca.r7e7juygsbrvjaj3ceuvpnjwksgi7vrs"] will be created + resource "aws_route53_record" "ses_custom_domain_dkim_record" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "r7e7juygsbrvjaj3ceuvpnjwksgi7vrs._domainkey.notify.novascotia.ca" + records = [ + "r7e7juygsbrvjaj3ceuvpnjwksgi7vrs.dkim.amazonses.com", ] + ttl = 600 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } Plan: 9 to add, 6 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh 20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions ```

[github-actions[bot]]

Production: eks

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 6 to add, 5 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|--------------------------------------------------------------------------------------------| | update | `aws_route53_record.notification-canada-ca["*.api.notification.canada.ca"]` | | | `aws_route53_record.notification-canada-ca["*.document.notification.canada.ca"]` | | | `aws_route53_record.notification-canada-ca["*.notification.canada.ca"]` | | | `aws_route53_record.notification-canada-ca["api.notification.canada.ca"]` | | | `aws_route53_record.notification-canada-ca["notification.canada.ca"]` | | add | `aws_route53_record.notificatio-root-WC` | | | `aws_route53_record.notification-canada-ca-alt["*.api.notification.alpha.canada.ca"]` | | | `aws_route53_record.notification-canada-ca-alt["*.document.notification.alpha.canada.ca"]` | | | `aws_route53_record.notification-canada-ca-alt["*.notification.alpha.canada.ca"]` | | | `aws_route53_record.notification-canada-ca-alt["api.notification.alpha.canada.ca"]` | | | `aws_route53_record.notification-canada-ca-alt["notification.alpha.canada.ca"]` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # aws_route53_record.notificatio-root-WC will be created + resource "aws_route53_record" "notificatio-root-WC" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "*.notification.canada.ca" + type = "A" + zone_id = "Z1XG153PQF3VV5" + alias { + evaluate_target_health = false + name = "notification-production-alb-1685085140.ca-central-1.elb.amazonaws.com" + zone_id = "ZQSVJUPU6J1EY" } } # aws_route53_record.notification-canada-ca["*.api.notification.canada.ca"] will be updated in-place ~ resource "aws_route53_record" "notification-canada-ca" { + allow_overwrite = true id = "Z1XG153PQF3VV5__902cdb1a2cb8214fc698261ee3085b64.api.notification.canada.ca_CNAME" name = "_902cdb1a2cb8214fc698261ee3085b64.api.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["*.document.notification.canada.ca"] will be updated in-place ~ resource "aws_route53_record" "notification-canada-ca" { + allow_overwrite = true id = "Z1XG153PQF3VV5__db43d1cf891afd4671fb913d18ef0a0e.document.notification.canada.ca_CNAME" name = "_db43d1cf891afd4671fb913d18ef0a0e.document.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["*.notification.canada.ca"] will be updated in-place ~ resource "aws_route53_record" "notification-canada-ca" { + allow_overwrite = true id = "Z1XG153PQF3VV5__2115a5004ab7895234c60254e152046b.notification.canada.ca_CNAME" name = "_2115a5004ab7895234c60254e152046b.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["api.notification.canada.ca"] will be updated in-place ~ resource "aws_route53_record" "notification-canada-ca" { + allow_overwrite = true id = "Z1XG153PQF3VV5__902cdb1a2cb8214fc698261ee3085b64.api.notification.canada.ca_CNAME" name = "_902cdb1a2cb8214fc698261ee3085b64.api.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["notification.canada.ca"] will be updated in-place ~ resource "aws_route53_record" "notification-canada-ca" { + allow_overwrite = true id = "Z1XG153PQF3VV5__2115a5004ab7895234c60254e152046b.notification.canada.ca_CNAME" name = "_2115a5004ab7895234c60254e152046b.notification.canada.ca" # (6 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca-alt["*.api.notification.alpha.canada.ca"] will be created + resource "aws_route53_record" "notification-canada-ca-alt" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "_5d022a2aee7df473fcb75e0e12b47220.api.notification.alpha.canada.ca" + records = [ + "_f52039e56b4219e56f5e258613b5c77d.mqzgcdqkwq.acm-validations.aws.", ] + ttl = 60 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.notification-canada-ca-alt["*.document.notification.alpha.canada.ca"] will be created + resource "aws_route53_record" "notification-canada-ca-alt" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "_35e023fab08debc90c4312ec398d5458.document.notification.alpha.canada.ca" + records = [ + "_851a551fec0bff7d31f336583a3138e7.wggjkglgrm.acm-validations.aws.", ] + ttl = 60 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.notification-canada-ca-alt["*.notification.alpha.canada.ca"] will be created + resource "aws_route53_record" "notification-canada-ca-alt" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "_c04744a360b120e8b7431728784deab4.notification.alpha.canada.ca" + records = [ + "_70060f7d839ca6659556126a3224d85b.wggjkglgrm.acm-validations.aws.", ] + ttl = 60 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.notification-canada-ca-alt["api.notification.alpha.canada.ca"] will be created + resource "aws_route53_record" "notification-canada-ca-alt" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "_5d022a2aee7df473fcb75e0e12b47220.api.notification.alpha.canada.ca" + records = [ + "_f52039e56b4219e56f5e258613b5c77d.mqzgcdqkwq.acm-validations.aws.", ] + ttl = 60 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } # aws_route53_record.notification-canada-ca-alt["notification.alpha.canada.ca"] will be created + resource "aws_route53_record" "notification-canada-ca-alt" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = "_c04744a360b120e8b7431728784deab4.notification.alpha.canada.ca" + records = [ + "_70060f7d839ca6659556126a3224d85b.wggjkglgrm.acm-validations.aws.", ] + ttl = 60 + type = "CNAME" + zone_id = "Z1XG153PQF3VV5" } Plan: 6 to add, 5 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.celery-error[0]"] WARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.scanfiles-timeout[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.client_vpn"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca-alt[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_alb.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.internal_alb_tls"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.internal_nginx_http"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-admin"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-api"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document-api"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-documentation"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-cluster-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-evicted-pods[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-cpu-warning[0]"] WARN - plan.json - main -... ```

[github-actions[bot]]

Production: quicksight

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 1 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-------------------------------------------------| | add | `aws_quicksight_refresh_schedule.notifications` | | update | `aws_s3_object.manifest_file` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # aws_quicksight_refresh_schedule.notifications will be created + resource "aws_quicksight_refresh_schedule" "notifications" { + arn = (known after apply) + aws_account_id = (known after apply) + data_set_id = "notifications" + id = (known after apply) + schedule_id = "schedule-notifications" + schedule { + refresh_type = "FULL_REFRESH" + start_after_date_time = (known after apply) + schedule_frequency { + interval = "DAILY" + time_of_the_day = "05:10" + timezone = (known after apply) } } } # aws_s3_object.manifest_file will be updated in-place ~ resource "aws_s3_object" "manifest_file" { ~ etag = "3696c2177cd9e1be28ff597c24b10ae0" -> "221f592f333f2fc284626cfdb8c4bc80" id = "quicksight/s3-manifest-sms-usage.json" tags = {} + version_id = (known after apply) # (12 unchanged attributes hidden) } Plan: 1 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_cloudformation_stack.sms-usage-notifications"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight-rds"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight-s3-usage"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight_vpc_connection_ec2"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight_vpc_connection_iam"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.quicksight"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.vpc_connection_role"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.jobs"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.login_events"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.notifications"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.organisation"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.services"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.sms_usage"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.templates"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.users"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_source.rds"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_source.s3_sms_usage"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_vpc_connection.rds"] WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.manifest_file"] 38 tests, 19 passed, 19 warnings, 0 failures, 0 exceptions ```

[ben851]

Production: ses_validation_dns_entries

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 9 to add, 6 to change, 0 to destroy

Show summary Show plan Show Conftest results

The 9 to add are custom domain DKIM records that don't exist because we don't control those custom domains. These are essentially useless records, but we can create them for now. I plan on tuning this to get rid of them in the future (didn't want to crowd the PR)

[ben851]

Production: eks

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 6 to add, 5 to change, 0 to destroy

As with the ses_dns_validation entries, these alt-domain records that are being created are useless and will be fixed in the future. There is no negative effect other than not being necessary.