release: infrastructure v1.0.12

[patheard]

Summary

Remove the Route53 DNS resolver firewall as it was blocking domain name checking when there were multiple CNAME records chained.

Related

• Closes cds-snc/platform-core-services#361

• 395

[github-actions[bot]]

Production: cloudfront

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 0 to add, 0 to change, 6 to destroy

Show summary

| CHANGE | NAME | |--------|----------------------------------------------------------------------------------------------| | delete | `module.resolver_dns.aws_route53_resolver_firewall_domain_list.allowed[0]` | | | `module.resolver_dns.aws_route53_resolver_firewall_domain_list.blocked[0]` | | | `module.resolver_dns.aws_route53_resolver_firewall_rule.allowed[0]` | | | `module.resolver_dns.aws_route53_resolver_firewall_rule.blocked[0]` | | | `module.resolver_dns.aws_route53_resolver_firewall_rule_group.firewall_rules[0]` | | | `module.resolver_dns.aws_route53_resolver_firewall_rule_group_association.firewall_rules[0]` |

Show plan

```terraform Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # module.resolver_dns.aws_route53_resolver_firewall_domain_list.allowed[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_route53_resolver_firewall_domain_list" "allowed" { - arn = "arn:aws:route53resolver:ca-central-1:806721586252:firewall-domain-list/rslvr-fdl-4d3c62bad2214220" -> null - domains = [ - "*.akamaiedge.net.", - "*.amazonaws.com.", - "*.canada.ca.", - "*.edgekey.net.", - "*.gc.ca.", - "*.gg.ca.", - "canada.ca.", - "gg.ca.", ] -> null - id = "rslvr-fdl-4d3c62bad2214220" -> null - name = "AllowedDomains" -> null - tags = { - "CostCentre" = "url-shortener-production" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-production" - "Terraform" = "true" } -> null } # module.resolver_dns.aws_route53_resolver_firewall_domain_list.blocked[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_route53_resolver_firewall_domain_list" "blocked" { - arn = "arn:aws:route53resolver:ca-central-1:806721586252:firewall-domain-list/rslvr-fdl-7646731b15314a5a" -> null - domains = [ - "*.", ] -> null - id = "rslvr-fdl-7646731b15314a5a" -> null - name = "BlockedDomains" -> null - tags = { - "CostCentre" = "url-shortener-production" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-production" - "Terraform" = "true" } -> null } # module.resolver_dns.aws_route53_resolver_firewall_rule.allowed[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_route53_resolver_firewall_rule" "allowed" { - action = "ALLOW" -> null - block_override_ttl = 0 -> null - firewall_domain_list_id = "rslvr-fdl-4d3c62bad2214220" -> null - firewall_rule_group_id = "rslvr-frg-76bdd46d212149c9" -> null - id = "rslvr-frg-76bdd46d212149c9:rslvr-fdl-4d3c62bad2214220" -> null - name = "AllowedDomains" -> null - priority = 100 -> null } # module.resolver_dns.aws_route53_resolver_firewall_rule.blocked[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_route53_resolver_firewall_rule" "blocked" { - action = "BLOCK" -> null - block_override_ttl = 0 -> null - block_response = "NODATA" -> null - firewall_domain_list_id = "rslvr-fdl-7646731b15314a5a" -> null - firewall_rule_group_id = "rslvr-frg-76bdd46d212149c9" -> null - id = "rslvr-frg-76bdd46d212149c9:rslvr-fdl-7646731b15314a5a" -> null - name = "BlockedDomains" -> null - priority = 200 -> null } # module.resolver_dns.aws_route53_resolver_firewall_rule_group.firewall_rules[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_route53_resolver_firewall_rule_group" "firewall_rules" { - arn = "arn:aws:route53resolver:ca-central-1:806721586252:firewall-rule-group/rslvr-frg-76bdd46d212149c9" -> null - id = "rslvr-frg-76bdd46d212149c9" -> null - name = "FirewallRules" -> null - owner_id = "806721586252" -> null - share_status = "NOT_SHARED" -> null - tags = { - "CostCentre" = "url-shortener-production" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "url-shortener-production" - "Terraform" = "true" } -> null } # module.resolver_dns.aws_route53_resolver_firewall_rule_group_association.firewall_rules[0] will be destroyed # (because index [0] is out of range for count) - resource "aws_route53_resolver_firewall_rule_group_association" "firewall_rules" { - arn = "arn:aws:route53resolver:ca-central-1:806721586252:firewall-rule-group-association/rslvr-frgassoc-36b05ca825164a9e" -> null - firewall_rule_group_id = "rslvr-frg-76bdd46d212149c9" -> null - id = "rslvr-frgassoc-36b05ca825164a9e" -> null - mutation_protection = "DISABLED" -> null - name = "FirewallRules" -> null - priority = 101 -> null - tags = {} -> null - tags_all = {} -> null - vpc_id = "vpc-0009bdb7c0677ef88" -> null } Plan: 0 to add, 0 to change, 6 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["module.resolver_dns.aws_route53_resolver_query_log_config.route53_vpc_dns"] 18 tests, 17 passed, 1 warning, 0 failures, 0 exceptions ```