search

cds-snc / simplify-privacy-statements-V2

starter-app repo based version of privacy app.
https://simplify-privacy-statements.alpha.canada.ca
MIT License
5 stars 1 forks source link

added domain name to alias, created A record #283

Closed omartehsin1 closed 1 year ago

omartehsin1 commented 1 year ago

Summary | Résumé

Updated certificate alt name and cloudfront alias. Created A record for FR

github-actions[bot] commented 1 year ago

Production: cloudfront

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success ⚠️   WARNING: resources will be destroyed by this change!

Plan: 7 to add, 1 to change, 4 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create ~ update in-place -/+ destroy and then create replacement +/- create replacement and then destroy Terraform will perform the following actions: # aws_acm_certificate.simplify_privacy_statement_certificate must be replaced +/- resource "aws_acm_certificate" "simplify_privacy_statement_certificate" { ~ arn = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> (known after apply) ~ domain_validation_options = [ - { - domain_name = "*.simplify-privacy-statements.alpha.canada.ca" - resource_record_name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca." - resource_record_type = "CNAME" - resource_record_value = "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws." }, - { - domain_name = "simplify-privacy-statements.alpha.canada.ca" - resource_record_name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca." - resource_record_type = "CNAME" - resource_record_value = "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws." }, # (4 unchanged elements hidden) ] ~ id = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> (known after apply) ~ key_algorithm = "RSA_2048" -> (known after apply) ~ not_after = "2024-05-01T23:59:59Z" -> (known after apply) ~ not_before = "2023-04-03T00:00:00Z" -> (known after apply) ~ pending_renewal = false -> (known after apply) ~ renewal_eligibility = "ELIGIBLE" -> (known after apply) ~ renewal_summary = [] -> (known after apply) ~ status = "ISSUED" -> (known after apply) ~ subject_alternative_names = [ # forces replacement + "*.simplification-avis-confidentialite.alpha.canada.ca", + "simplification-avis-confidentialite.alpha.canada.ca", # (2 unchanged elements hidden) ] tags = { "CostCentre" = "simplify-privacy-statements-production" "Terraform" = "true" } ~ type = "AMAZON_ISSUED" -> (known after apply) ~ validation_emails = [] -> (known after apply) # (3 unchanged attributes hidden) ~ options { ~ certificate_transparency_logging_preference = "ENABLED" -> (known after apply) } } # aws_acm_certificate_validation.simplify_privacy_statement_certificate_validation must be replaced -/+ resource "aws_acm_certificate_validation" "simplify_privacy_statement_certificate_validation" { ~ certificate_arn = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> (known after apply) # forces replacement ~ id = "2023-04-03 16:44:15.147 +0000 UTC" -> (known after apply) ~ validation_record_fqdns = [ - "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca", ] -> (known after apply) # forces replacement } # aws_cloudfront_distribution.simplify_privacy_app_cf_distribution will be updated in-place ~ resource "aws_cloudfront_distribution" "simplify_privacy_app_cf_distribution" { ~ aliases = [ + "simplification-avis-confidentialite.alpha.canada.ca", # (1 unchanged element hidden) ] id = "E2KDGWZI9S6D8X" tags = { "CostCentre" = "simplify-privacy-statements-production" "Terraform" = "true" } # (19 unchanged attributes hidden) origin { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } ~ viewer_certificate { ~ acm_certificate_arn = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> (known after apply) # (3 unchanged attributes hidden) } # (3 unchanged blocks hidden) } # aws_route53_record.simplify_privacy_statement_dns_validation["*.simplification-avis-confidentialite.alpha.canada.ca"] will be created + resource "aws_route53_record" "simplify_privacy_statement_dns_validation" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = (known after apply) + records = (known after apply) + ttl = 60 + type = (known after apply) + zone_id = "Z00174733BS8YALDB9F5X" } # aws_route53_record.simplify_privacy_statement_dns_validation["*.simplify-privacy-statements.alpha.canada.ca"] must be replaced -/+ resource "aws_route53_record" "simplify_privacy_statement_dns_validation" { ~ fqdn = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) ~ id = "Z00174733BS8YALDB9F5X__dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) # forces replacement ~ records = [ - "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws.", ] -> (known after apply) ~ type = "CNAME" -> (known after apply) # (3 unchanged attributes hidden) } # aws_route53_record.simplify_privacy_statement_dns_validation["simplification-avis-confidentialite.alpha.canada.ca"] will be created + resource "aws_route53_record" "simplify_privacy_statement_dns_validation" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = (known after apply) + records = (known after apply) + ttl = 60 + type = (known after apply) + zone_id = "Z00174733BS8YALDB9F5X" } # aws_route53_record.simplify_privacy_statement_dns_validation["simplify-privacy-statements.alpha.canada.ca"] must be replaced -/+ resource "aws_route53_record" "simplify_privacy_statement_dns_validation" { ~ fqdn = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) ~ id = "Z00174733BS8YALDB9F5X__dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) # forces replacement ~ records = [ - "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws.", ] -> (known after apply) ~ type = "CNAME" -> (known after apply) # (3 unchanged attributes hidden) } # aws_route53_record.simplify_privacy_statements_fr_A will be created + resource "aws_route53_record" "simplify_privacy_statements_fr_A" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "simplification-avis-confidentialite.alpha.canada.ca" + type = "A" + zone_id = "Z0014308D84CBSIFU3DF" + alias { + evaluate_target_health = false + name = "d2n4vfhctrrmqr.cloudfront.net" + zone_id = "Z2FDTNDATAQYW2" } } Plan: 7 to add, 1 to change, 4 to destroy. Warning: Argument is deprecated with module.log_bucket.aws_s3_bucket.this, on .terraform/modules/log_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 3 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh 18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions ```