search

cds-snc / simplify-privacy-statements-V2

starter-app repo based version of privacy app.
https://simplify-privacy-statements.alpha.canada.ca
MIT License
5 stars 1 forks source link

fix/fr-cf-distribution #285

Closed omartehsin1 closed 1 year ago

omartehsin1 commented 1 year ago

Summary | Résumé

Created Route53 Hosted Zone, cloudfront distribution and ACM certs for French subdomain

github-actions[bot] commented 1 year ago

Production: cloudfront

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success ⚠️   WARNING: resources will be destroyed by this change!

Plan: 10 to add, 2 to change, 5 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create ~ update in-place - destroy -/+ destroy and then create replacement Terraform will perform the following actions: # aws_acm_certificate.simplify_privacy_statement_certificate will be created + resource "aws_acm_certificate" "simplify_privacy_statement_certificate" { + arn = (known after apply) + domain_name = "simplify-privacy-statements.alpha.canada.ca" + domain_validation_options = [ + { + domain_name = "*.simplify-privacy-statements.alpha.canada.ca" + resource_record_name = (known after apply) + resource_record_type = (known after apply) + resource_record_value = (known after apply) }, + { + domain_name = "simplify-privacy-statements.alpha.canada.ca" + resource_record_name = (known after apply) + resource_record_type = (known after apply) + resource_record_value = (known after apply) }, ] + id = (known after apply) + key_algorithm = (known after apply) + not_after = (known after apply) + not_before = (known after apply) + pending_renewal = (known after apply) + renewal_eligibility = (known after apply) + renewal_summary = (known after apply) + status = (known after apply) + subject_alternative_names = [ + "*.simplify-privacy-statements.alpha.canada.ca", + "simplify-privacy-statements.alpha.canada.ca", ] + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + type = (known after apply) + validation_emails = (known after apply) + validation_method = "DNS" + options { + certificate_transparency_logging_preference = (known after apply) } } # aws_acm_certificate.simplify_privacy_statement_certificate (deposed object a36a5bfa) will be destroyed # (left over from a partially-failed replacement of this instance) - resource "aws_acm_certificate" "simplify_privacy_statement_certificate" { - arn = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> null - domain_name = "simplify-privacy-statements.alpha.canada.ca" -> null - domain_validation_options = [ - { - domain_name = "*.simplify-privacy-statements.alpha.canada.ca" - resource_record_name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca." - resource_record_type = "CNAME" - resource_record_value = "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws." }, - { - domain_name = "simplify-privacy-statements.alpha.canada.ca" - resource_record_name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca." - resource_record_type = "CNAME" - resource_record_value = "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws." }, ] -> null - id = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> null - key_algorithm = "RSA_2048" -> null - not_after = "2024-05-01T23:59:59Z" -> null - not_before = "2023-04-03T00:00:00Z" -> null - pending_renewal = false -> null - renewal_eligibility = "ELIGIBLE" -> null - renewal_summary = [] -> null - status = "ISSUED" -> null - subject_alternative_names = [ - "*.simplify-privacy-statements.alpha.canada.ca", - "simplify-privacy-statements.alpha.canada.ca", ] -> null - tags = { - "CostCentre" = "simplify-privacy-statements-production" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "simplify-privacy-statements-production" - "Terraform" = "true" } -> null - type = "AMAZON_ISSUED" -> null - validation_emails = [] -> null - validation_method = "DNS" -> null - options { - certificate_transparency_logging_preference = "ENABLED" -> null } } # aws_acm_certificate.simplify_privacy_statement_fr_certificate will be created + resource "aws_acm_certificate" "simplify_privacy_statement_fr_certificate" { + arn = (known after apply) + domain_name = "simplification-avis-confidentialite.alpha.canada.ca" + domain_validation_options = [ + { + domain_name = "*.simplification-avis-confidentialite.alpha.canada.ca" + resource_record_name = (known after apply) + resource_record_type = (known after apply) + resource_record_value = (known after apply) }, + { + domain_name = "simplification-avis-confidentialite.alpha.canada.ca" + resource_record_name = (known after apply) + resource_record_type = (known after apply) + resource_record_value = (known after apply) }, ] + id = (known after apply) + key_algorithm = (known after apply) + not_after = (known after apply) + not_before = (known after apply) + pending_renewal = (known after apply) + renewal_eligibility = (known after apply) + renewal_summary = (known after apply) + status = (known after apply) + subject_alternative_names = [ + "*.simplification-avis-confidentialite.alpha.canada.ca", + "simplification-avis-confidentialite.alpha.canada.ca", ] + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + type = (known after apply) + validation_emails = (known after apply) + validation_method = "DNS" + options { + certificate_transparency_logging_preference = (known after apply) } } # aws_acm_certificate_validation.simplify_privacy_statement_certificate_validation will be created + resource "aws_acm_certificate_validation" "simplify_privacy_statement_certificate_validation" { + certificate_arn = (known after apply) + id = (known after apply) + validation_record_fqdns = (known after apply) } # aws_acm_certificate_validation.simplify_privacy_statement_fr_certificate_validation will be created + resource "aws_acm_certificate_validation" "simplify_privacy_statement_fr_certificate_validation" { + certificate_arn = (known after apply) + id = (known after apply) + validation_record_fqdns = (known after apply) } # aws_cloudfront_distribution.simplify_privacy_app_cf_distribution will be updated in-place ~ resource "aws_cloudfront_distribution" "simplify_privacy_app_cf_distribution" { id = "E2KDGWZI9S6D8X" tags = { "CostCentre" = "simplify-privacy-statements-production" "Terraform" = "true" } # (20 unchanged attributes hidden) origin { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } ~ viewer_certificate { ~ acm_certificate_arn = "arn:aws:acm:us-east-1:414662622316:certificate/1861f75e-4c5f-4752-b012-01738304a76b" -> (known after apply) # (3 unchanged attributes hidden) } # (3 unchanged blocks hidden) } # aws_cloudfront_distribution.simplify_privacy_app_fr_cf_distribution will be created + resource "aws_cloudfront_distribution" "simplify_privacy_app_fr_cf_distribution" { + aliases = [ + "simplification-avis-confidentialite.alpha.canada.ca", ] + arn = (known after apply) + caller_reference = (known after apply) + domain_name = (known after apply) + enabled = true + etag = (known after apply) + hosted_zone_id = (known after apply) + http_version = "http2" + id = (known after apply) + in_progress_validation_batches = (known after apply) + is_ipv6_enabled = false + last_modified_time = (known after apply) + price_class = "PriceClass_100" + retain_on_delete = false + status = (known after apply) + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + trusted_key_groups = (known after apply) + trusted_signers = (known after apply) + wait_for_deployment = true + web_acl_id = "arn:aws:wafv2:us-east-1:414662622316:global/webacl/simplify_privacy_statements_waf/9bf34e99-b15f-4f28-9630-812dd5aa0cf9" + default_cache_behavior { + allowed_methods = [ + "DELETE", + "GET", + "HEAD", + "OPTIONS", + "PATCH", + "POST", + "PUT", ] + cached_methods = [ + "GET", + "HEAD", ] + compress = false + default_ttl = (known after apply) + max_ttl = (known after apply) + min_ttl = 0 + response_headers_policy_id = "15cb4030-2708-406b-a7ba-92df299a954d" + target_origin_id = "generated_statement_lambda_function" + trusted_key_groups = (known after apply) + trusted_signers = (known after apply) + viewer_protocol_policy = "redirect-to-https" + forwarded_values { + headers = (known after apply) + query_string = true + query_string_cache_keys = (known after apply) + cookies { + forward = "all" + whitelisted_names = (known after apply) } } } + logging_config { + bucket = "simplify-privacy-statements-production-logs.s3.amazonaws.com" + include_cookies = false + prefix = "cloudfront" } + origin { # At least one attribute in this block is (or was) sensitive, # so its contents will not be displayed. } + restrictions { + geo_restriction { + locations = (known after apply) + restriction_type = "none" } } + viewer_certificate { + acm_certificate_arn = (known after apply) + minimum_protocol_version = "TLSv1.2_2021" + ssl_support_method = "sni-only" } } # aws_cloudfront_response_headers_policy.simplify_privacy_app_headers_policy will be updated in-place ~ resource "aws_cloudfront_response_headers_policy" "simplify_privacy_app_headers_policy" { id = "15cb4030-2708-406b-a7ba-92df299a954d" name = "simplify-privacy-app-headers" # (1 unchanged attribute hidden) ~ security_headers_config { ~ content_security_policy { ~ content_security_policy = "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://simplify-privacy-statements.alpha.canada.ca/dist/js/ https://edbi6zcop5ta2t5wb6hb5y6kja0rsajp.lambda-url.ca-central-1.on.aws/dist/js/questions-1.3e7d142ac08d78a0424a.js; default-src 'self'; base-uri 'none'; font-src 'self' https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';" -> "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://simplify-privacy-statements.alpha.canada.ca/dist/js/ https://simplification-avis-confidentialite.alpha.canada.ca/dist/js/ https://edbi6zcop5ta2t5wb6hb5y6kja0rsajp.lambda-url.ca-central-1.on.aws/dist/js/questions-1.3e7d142ac08d78a0424a.js; default-src 'self'; base-uri 'none'; font-src 'self' https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } } # aws_route53_record.simplify_privacy_statement_dns_validation["*.simplify-privacy-statements.alpha.canada.ca"] must be replaced -/+ resource "aws_route53_record" "simplify_privacy_statement_dns_validation" { ~ fqdn = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) ~ id = "Z00174733BS8YALDB9F5X__dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) # forces replacement ~ records = [ - "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws.", ] -> (known after apply) ~ type = "CNAME" -> (known after apply) # (3 unchanged attributes hidden) } # aws_route53_record.simplify_privacy_statement_dns_validation["simplify-privacy-statements.alpha.canada.ca"] must be replaced -/+ resource "aws_route53_record" "simplify_privacy_statement_dns_validation" { ~ fqdn = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) ~ id = "Z00174733BS8YALDB9F5X__dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "_dcf5483eb09e84041710833f1d9ac991.simplify-privacy-statements.alpha.canada.ca" -> (known after apply) # forces replacement ~ records = [ - "_98fad60b3f1dbea50909273dd1b22e47.sggfvksfyf.acm-validations.aws.", ] -> (known after apply) ~ type = "CNAME" -> (known after apply) # (3 unchanged attributes hidden) } # aws_route53_record.simplify_privacy_statement_fr_dns_validation["*.simplification-avis-confidentialite.alpha.canada.ca"] must be replaced -/+ resource "aws_route53_record" "simplify_privacy_statement_fr_dns_validation" { ~ fqdn = "_31a9ddd0d4f4d7d8fa2149d13ea8b1f1.simplification-avis-confidentialite.alpha.canada.ca" -> (known after apply) ~ id = "Z0014308D84CBSIFU3DF__31a9ddd0d4f4d7d8fa2149d13ea8b1f1.simplification-avis-confidentialite.alpha.canada.ca._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "_31a9ddd0d4f4d7d8fa2149d13ea8b1f1.simplification-avis-confidentialite.alpha.canada.ca" -> (known after apply) # forces replacement ~ records = [ - "_cb730b07bc01631c1d866cac9c1082b0.tctzzymbbs.acm-validations.aws.", ] -> (known after apply) ~ type = "CNAME" -> (known after apply) # (3 unchanged attributes hidden) } # aws_route53_record.simplify_privacy_statement_fr_dns_validation["simplification-avis-confidentialite.alpha.canada.ca"] must be replaced -/+ resource "aws_route53_record" "simplify_privacy_statement_fr_dns_validation" { ~ fqdn = "_31a9ddd0d4f4d7d8fa2149d13ea8b1f1.simplification-avis-confidentialite.alpha.canada.ca" -> (known after apply) ~ id = "Z0014308D84CBSIFU3DF__31a9ddd0d4f4d7d8fa2149d13ea8b1f1.simplification-avis-confidentialite.alpha.canada.ca._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "_31a9ddd0d4f4d7d8fa2149d13ea8b1f1.simplification-avis-confidentialite.alpha.canada.ca" -> (known after apply) # forces replacement ~ records = [ - "_cb730b07bc01631c1d866cac9c1082b0.tctzzymbbs.acm-validations.aws.", ] -> (known after apply) ~ type = "CNAME" -> (known after apply) # (3 unchanged attributes hidden) } # aws_route53_record.simplify_privacy_statements_fr_A will be created + resource "aws_route53_record" "simplify_privacy_statements_fr_A" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "simplification-avis-confidentialite.alpha.canada.ca" + type = "A" + zone_id = "Z0014308D84CBSIFU3DF" + alias { + evaluate_target_health = false + name = (known after apply) + zone_id = (known after apply) } } Plan: 10 to add, 2 to change, 5 to destroy. Warning: Argument is deprecated with module.log_bucket.aws_s3_bucket.this, on .terraform/modules/log_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 3 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh 18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions ```