search

cds-snc / simplify-privacy-statements-V2

starter-app repo based version of privacy app.
https://simplify-privacy-statements.alpha.canada.ca
MIT License
5 stars 1 forks source link

added efs and vpc modules #230

Closed omartehsin1 closed 1 year ago

omartehsin1 commented 1 year ago

Summary | Résumé

Adding EFS which will eventually be mounted onto our Lambda function. This provides Lambda with unlimited disk space in order to help be accessible over mutliple Lambda function invocations.

Added security groups to allow inbound and outbound access to our EFS.

github-actions[bot] commented 1 year ago

Production: efs

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 4 to add, 0 to change, 0 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # data.aws_iam_policy_document.efs_policy will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "efs_policy" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "elasticfilesystem:ClientMount", + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite", ] + effect = "Allow" + resources = [ + (known after apply), ] + sid = "EFSPolicy" + condition { + test = "Bool" + values = [ + "true", ] + variable = "aws:SecureTransport" } + principals { + identifiers = [ + "lambda.amazonaws.com", ] + type = "Service" } } } # aws_efs_access_point.efs_access_point will be created + resource "aws_efs_access_point" "efs_access_point" { + arn = (known after apply) + file_system_arn = (known after apply) + file_system_id = (known after apply) + id = (known after apply) + owner_id = (known after apply) + tags_all = (known after apply) + posix_user { + gid = 1000 + uid = 1000 } + root_directory { + path = "/access" + creation_info { + owner_gid = 1000 + owner_uid = 1000 + permissions = "777" } } } # aws_efs_file_system.generated_statement_efs will be created + resource "aws_efs_file_system" "generated_statement_efs" { + arn = (known after apply) + availability_zone_id = (known after apply) + availability_zone_name = (known after apply) + creation_token = "generated-statement-efs" + dns_name = (known after apply) + encrypted = true + id = (known after apply) + kms_key_id = (known after apply) + number_of_mount_targets = (known after apply) + owner_id = (known after apply) + performance_mode = "generalPurpose" + size_in_bytes = (known after apply) + tags_all = (known after apply) + throughput_mode = "bursting" } # aws_efs_file_system_policy.policy will be created + resource "aws_efs_file_system_policy" "policy" { + bypass_policy_lockout_safety_check = false + file_system_id = (known after apply) + id = (known after apply) + policy = (known after apply) } # aws_efs_mount_target.efs_mount will be created + resource "aws_efs_mount_target" "efs_mount" { + availability_zone_id = (known after apply) + availability_zone_name = (known after apply) + dns_name = (known after apply) + file_system_arn = (known after apply) + file_system_id = (known after apply) + id = (known after apply) + ip_address = (known after apply) + mount_target_dns_name = (known after apply) + network_interface_id = (known after apply) + owner_id = (known after apply) + security_groups = [ + "", ] } Plan: 4 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_efs_access_point.efs_access_point"] WARN - plan.json - main - Missing Common Tags: ["aws_efs_file_system.generated_statement_efs"] 19 tests, 17 passed, 2 warnings, 0 failures, 0 exceptions ```
github-actions[bot] commented 1 year ago

Production: vpc

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 41 to add, 0 to change, 0 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # aws_security_group.efs_access_sg will be created + resource "aws_security_group" "efs_access_sg" { + arn = (known after apply) + description = "SG for Lambda" + egress = (known after apply) + id = (known after apply) + ingress = (known after apply) + name = "efs_access_sg" + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags_all = (known after apply) + vpc_id = (known after apply) } # aws_security_group_rule.efs_ingress will be created + resource "aws_security_group_rule" "efs_ingress" { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Enables inbound traffic to the Network File System" + from_port = 2049 + id = (known after apply) + protocol = "tcp" + security_group_id = (known after apply) + security_group_rule_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 2049 + type = "ingress" } # module.vpc.data.aws_iam_policy_document.vpc_metrics_flow_logs_write[0] will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "vpc_metrics_flow_logs_write" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents", ] + effect = "Allow" + resources = [ + (known after apply), + (known after apply), ] } } # module.vpc.aws_cloudwatch_log_group.flow_logs[0] will be created + resource "aws_cloudwatch_log_group" "flow_logs" { + arn = (known after apply) + id = (known after apply) + name = "simplify-privacy-statements-vpc_flow_logs" + name_prefix = (known after apply) + retention_in_days = 30 + skip_destroy = false + tags = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } } # module.vpc.aws_default_network_acl.default will be created + resource "aws_default_network_acl" "default" { + arn = (known after apply) + default_network_acl_id = (known after apply) + id = (known after apply) + owner_id = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_default_nacl" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_default_nacl" + "Terraform" = "true" } + vpc_id = (known after apply) } # module.vpc.aws_default_route_table.default will be created + resource "aws_default_route_table" "default" { + arn = (known after apply) + default_route_table_id = (known after apply) + id = (known after apply) + owner_id = (known after apply) + route = [] + tags = { + "CostCentre" = "CostCentre" + "Terraform" = "true" + "name" = "simplify-privacy-statements-vpc_default_route_table" } + tags_all = { + "CostCentre" = "CostCentre" + "Terraform" = "true" + "name" = "simplify-privacy-statements-vpc_default_route_table" } + vpc_id = (known after apply) } # module.vpc.aws_default_security_group.default will be created + resource "aws_default_security_group" "default" { + arn = (known after apply) + description = (known after apply) + egress = (known after apply) + id = (known after apply) + ingress = (known after apply) + name = (known after apply) + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_default_sg" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_default_sg" + "Terraform" = "true" } + vpc_id = (known after apply) } # module.vpc.aws_eip.nat[0] will be created + resource "aws_eip" "nat" { + allocation_id = (known after apply) + association_id = (known after apply) + carrier_ip = (known after apply) + customer_owned_ip = (known after apply) + domain = (known after apply) + id = (known after apply) + instance = (known after apply) + network_border_group = (known after apply) + network_interface = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + public_ipv4_pool = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc-eip0" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc-eip0" + "Terraform" = "true" } + vpc = true } # module.vpc.aws_flow_log.flow_logs[0] will be created + resource "aws_flow_log" "flow_logs" { + arn = (known after apply) + iam_role_arn = (known after apply) + id = (known after apply) + log_destination = (known after apply) + log_destination_type = "cloud-watch-logs" + log_format = (known after apply) + log_group_name = (known after apply) + max_aggregation_interval = 600 + tags = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } + traffic_type = "ALL" + vpc_id = (known after apply) } # module.vpc.aws_iam_policy.vpc_metrics_flow_logs_write_policy[0] will be created + resource "aws_iam_policy" "vpc_metrics_flow_logs_write_policy" { + arn = (known after apply) + description = "IAM policy for writing flow logs in CloudWatch" + id = (known after apply) + name = "VpcMetricsFlowLogsWrite" + path = "/" + policy = (known after apply) + policy_id = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } } # module.vpc.aws_iam_role.flow_logs[0] will be created + resource "aws_iam_role" "flow_logs" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "vpc-flow-logs.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "simplify-privacy-statements-vpc_flow_logs" + name_prefix = (known after apply) + path = "/" + tags = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Terraform" = "true" } + unique_id = (known after apply) + inline_policy { + name = (known after apply) + policy = (known after apply) } } # module.vpc.aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write_policy_attach[0] will be created + resource "aws_iam_role_policy_attachment" "vpc_metrics_flow_logs_write_policy_attach" { + id = (known after apply) + policy_arn = (known after apply) + role = "simplify-privacy-statements-vpc_flow_logs" } # module.vpc.aws_internet_gateway.gw will be created + resource "aws_internet_gateway" "gw" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_internet_gateway" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_internet_gateway" + "Terraform" = "true" } + vpc_id = (known after apply) } # module.vpc.aws_nat_gateway.nat_gw[0] will be created + resource "aws_nat_gateway" "nat_gw" { + allocation_id = (known after apply) + connectivity_type = "public" + id = (known after apply) + network_interface_id = (known after apply) + private_ip = (known after apply) + public_ip = (known after apply) + subnet_id = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc-natgw-0" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc-natgw-0" + "Terraform" = "true" } } # module.vpc.aws_network_acl.main will be created + resource "aws_network_acl" "main" { + arn = (known after apply) + egress = (known after apply) + id = (known after apply) + ingress = (known after apply) + owner_id = (known after apply) + subnet_ids = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_main_nacl" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_main_nacl" + "Terraform" = "true" } + vpc_id = (known after apply) } # module.vpc.aws_network_acl_rule.block_rdp[0] will be created + resource "aws_network_acl_rule" "block_rdp" { + cidr_block = "10.0.0.0/16" + egress = false + from_port = 3389 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "deny" + rule_number = 51 + to_port = 3389 } # module.vpc.aws_network_acl_rule.block_ssh[0] will be created + resource "aws_network_acl_rule" "block_ssh" { + cidr_block = "10.0.0.0/16" + egress = false + from_port = 22 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "deny" + rule_number = 50 + to_port = 22 } # module.vpc.aws_network_acl_rule.https_request_egress_443[0] will be created + resource "aws_network_acl_rule" "https_request_egress_443" { + cidr_block = "0.0.0.0/0" + egress = true + from_port = 443 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 60 + to_port = 443 } # module.vpc.aws_network_acl_rule.https_request_in_ingress_443[0] will be created + resource "aws_network_acl_rule" "https_request_in_ingress_443" { + cidr_block = "0.0.0.0/0" + egress = false + from_port = 443 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 70 + to_port = 443 } # module.vpc.aws_network_acl_rule.https_request_in_ingress_ephemeral[0] will be created + resource "aws_network_acl_rule" "https_request_in_ingress_ephemeral" { + cidr_block = "10.0.0.0/16" + egress = false + from_port = 1024 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 71 + to_port = 65535 } # module.vpc.aws_network_acl_rule.https_request_in_response_egress_443[0] will be created + resource "aws_network_acl_rule" "https_request_in_response_egress_443" { + cidr_block = "10.0.0.0/16" + egress = true + from_port = 443 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 72 + to_port = 443 } # module.vpc.aws_network_acl_rule.https_request_in_response_egress_ephemeral[0] will be created + resource "aws_network_acl_rule" "https_request_in_response_egress_ephemeral" { + cidr_block = "0.0.0.0/0" + egress = true + from_port = 1024 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 73 + to_port = 65535 } # module.vpc.aws_network_acl_rule.https_request_out_egress_ephemeral[0] will be created + resource "aws_network_acl_rule" "https_request_out_egress_ephemeral" { + cidr_block = "10.0.0.0/16" + egress = true + from_port = 1024 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 61 + to_port = 65535 } # module.vpc.aws_network_acl_rule.https_request_out_response_ingress_443[0] will be created + resource "aws_network_acl_rule" "https_request_out_response_ingress_443" { + cidr_block = "10.0.0.0/16" + egress = false + from_port = 443 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 62 + to_port = 443 } # module.vpc.aws_network_acl_rule.https_request_out_response_ingress_ephemeral[0] will be created + resource "aws_network_acl_rule" "https_request_out_response_ingress_ephemeral" { + cidr_block = "0.0.0.0/0" + egress = false + from_port = 1024 + id = (known after apply) + network_acl_id = (known after apply) + protocol = "tcp" + rule_action = "allow" + rule_number = 63 + to_port = 65535 } # module.vpc.aws_route.private_nat_gateway[0] will be created + resource "aws_route" "private_nat_gateway" { + destination_cidr_block = "0.0.0.0/0" + id = (known after apply) + instance_id = (known after apply) + instance_owner_id = (known after apply) + nat_gateway_id = (known after apply) + network_interface_id = (known after apply) + origin = (known after apply) + route_table_id = (known after apply) + state = (known after apply) + timeouts { + create = "5m" } } # module.vpc.aws_route.public_internet_gateway will be created + resource "aws_route" "public_internet_gateway" { + destination_cidr_block = "0.0.0.0/0" + gateway_id = (known after apply) + id = (known after apply) + instance_id = (known after apply) + instance_owner_id = (known after apply) + network_interface_id = (known after apply) + origin = (known after apply) + route_table_id = (known after apply) + state = (known after apply) + timeouts { + create = "5m" } } # module.vpc.aws_route_table.private[0] will be created + resource "aws_route_table" "private" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + route = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_route_table_0" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_route_table_0" + "Terraform" = "true" } + vpc_id = (known after apply) } # module.vpc.aws_route_table.public will be created + resource "aws_route_table" "public" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + route = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_public_route_table" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_public_route_table" + "Terraform" = "true" } + vpc_id = (known after apply) } # module.vpc.aws_route_table_association.private[0] will be created + resource "aws_route_table_association" "private" { + id = (known after apply) + route_table_id = (known after apply) + subnet_id = (known after apply) } # module.vpc.aws_route_table_association.private[1] will be created + resource "aws_route_table_association" "private" { + id = (known after apply) + route_table_id = (known after apply) + subnet_id = (known after apply) } # module.vpc.aws_route_table_association.private[2] will be created + resource "aws_route_table_association" "private" { + id = (known after apply) + route_table_id = (known after apply) + subnet_id = (known after apply) } # module.vpc.aws_route_table_association.public[0] will be created + resource "aws_route_table_association" "public" { + id = (known after apply) + route_table_id = (known after apply) + subnet_id = (known after apply) } # module.vpc.aws_route_table_association.public[1] will be created + resource "aws_route_table_association" "public" { + id = (known after apply) + route_table_id = (known after apply) + subnet_id = (known after apply) } # module.vpc.aws_route_table_association.public[2] will be created + resource "aws_route_table_association" "public" { + id = (known after apply) + route_table_id = (known after apply) + subnet_id = (known after apply) } # module.vpc.aws_subnet.private[0] will be created + resource "aws_subnet" "private" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ca-central-1a" + availability_zone_id = (known after apply) + cidr_block = "10.0.0.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_subnet_ca-central-1a" + "Terraform" = "true" + "Tier" = "Private" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_subnet_ca-central-1a" + "Terraform" = "true" + "Tier" = "Private" } + vpc_id = (known after apply) + timeouts { + delete = "40m" } } # module.vpc.aws_subnet.private[1] will be created + resource "aws_subnet" "private" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ca-central-1b" + availability_zone_id = (known after apply) + cidr_block = "10.0.1.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_subnet_ca-central-1b" + "Terraform" = "true" + "Tier" = "Private" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_subnet_ca-central-1b" + "Terraform" = "true" + "Tier" = "Private" } + vpc_id = (known after apply) + timeouts { + delete = "40m" } } # module.vpc.aws_subnet.private[2] will be created + resource "aws_subnet" "private" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ca-central-1d" + availability_zone_id = (known after apply) + cidr_block = "10.0.2.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_subnet_ca-central-1d" + "Terraform" = "true" + "Tier" = "Private" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_private_subnet_ca-central-1d" + "Terraform" = "true" + "Tier" = "Private" } + vpc_id = (known after apply) + timeouts { + delete = "40m" } } # module.vpc.aws_subnet.public[0] will be created + resource "aws_subnet" "public" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ca-central-1a" + availability_zone_id = (known after apply) + cidr_block = "10.0.3.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_public_subnet_ca-central-1a" + "Terraform" = "true" + "Tier" = "Public" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_public_subnet_ca-central-1a" + "Terraform" = "true" + "Tier" = "Public" } + vpc_id = (known after apply) } # module.vpc.aws_subnet.public[1] will be created + resource "aws_subnet" "public" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ca-central-1b" + availability_zone_id = (known after apply) + cidr_block = "10.0.4.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_public_subnet_ca-central-1b" + "Terraform" = "true" + "Tier" = "Public" } + tags_all = { + "CostCentre" = "CostCentre" + "Name" = "simplify-privacy-statements-vpc_public_subnet_ca-central-1b" + "Terraform" = "true" + "Tier" = "Public" } + vpc_id =... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_security_group.efs_access_sg"] 18 tests, 17 passed, 1 warning, 0 failures, 0 exceptions ```