adding terraform CICD

[github-actions[bot]]

The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.networking.data.aws_availability_zones.available: Refreshing state... [id=2020-08-13 11:04:37.745719697 +0000 UTC]
module.bastion.data.aws_ami.this: Refreshing state... [id=ami-0ded330691a314693]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.bastion.aws_instance.this will be created
  + resource "aws_instance" "this" {
      + ami                          = "ami-0ded330691a314693"
      + arn                          = (known after apply)
      + associate_public_ip_address  = true
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + get_password_data            = false
      + host_id                      = (known after apply)
      + id                           = (known after apply)
      + instance_state               = (known after apply)
      + instance_type                = "t2.micro"
      + ipv6_address_count           = (known after apply)
      + ipv6_addresses               = (known after apply)
      + key_name                     = "bastion-key"
      + outpost_arn                  = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      + primary_network_interface_id = (known after apply)
      + private_dns                  = (known after apply)
      + private_ip                   = (known after apply)
      + public_dns                   = (known after apply)
      + public_ip                    = (known after apply)
      + secondary_private_ips        = (known after apply)
      + security_groups              = (known after apply)
      + source_dest_check            = true
      + subnet_id                    = (known after apply)
      + tags                         = {
          + "Name" = "Bastion"
        }
      + tenancy                      = (known after apply)
      + volume_tags                  = (known after apply)
      + vpc_security_group_ids       = (known after apply)

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = (known after apply)
          + http_put_response_hop_limit = (known after apply)
          + http_tokens                 = (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }
    }

  # module.bastion.aws_key_pair.this will be created
  + resource "aws_key_pair" "this" {
      + arn         = (known after apply)
      + fingerprint = (known after apply)
      + id          = (known after apply)
      + key_name    = "bastion-key"
      + key_pair_id = (known after apply)
      + public_key  = (known after apply)
      + tags        = {
          + "Name" = "Bastion Key"
        }
    }

  # module.bastion.aws_security_group.this will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "101.181.70.69/32",
                ]
              + description      = ""
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "bastion"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "Bastion SG"
        }
      + vpc_id                 = (known after apply)
    }

  # module.bastion.local_file.bastion_private_key will be created
  + resource "local_file" "bastion_private_key" {
      + directory_permission = "0777"
      + file_permission      = "0600"
      + filename             = "bastion.pem"
      + id                   = (known after apply)
      + sensitive_content    = (sensitive value)
    }

  # module.bastion.tls_private_key.this will be created
  + resource "tls_private_key" "this" {
      + algorithm                  = "RSA"
      + ecdsa_curve                = "P224"
      + id                         = (known after apply)
      + private_key_pem            = (sensitive value)
      + public_key_fingerprint_md5 = (known after apply)
      + public_key_openssh         = (known after apply)
      + public_key_pem             = (known after apply)
      + rsa_bits                   = 4096
    }

  # module.ecs.data.aws_ecs_task_definition.wordpress will be read during apply
  # (config refers to values not yet known)
 <= data "aws_ecs_task_definition" "wordpress"  {
      + family          = (known after apply)
      + id              = (known after apply)
      + network_mode    = (known after apply)
      + revision        = (known after apply)
      + status          = (known after apply)
      + task_definition = "2020-jun-project1-externals"
      + task_role_arn   = (known after apply)
    }

  # module.ecs.aws_alb.wp_alb will be created
  + resource "aws_alb" "wp_alb" {
      + arn                        = (known after apply)
      + arn_suffix                 = (known after apply)
      + dns_name                   = (known after apply)
      + drop_invalid_header_fields = false
      + enable_deletion_protection = false
      + enable_http2               = true
      + id                         = (known after apply)
      + idle_timeout               = 60
      + internal                   = false
      + ip_address_type            = (known after apply)
      + load_balancer_type         = "application"
      + name                       = "2020-jun-project1-externals-alb"
      + security_groups            = (known after apply)
      + subnets                    = (known after apply)
      + tags                       = {
          + "Environment" = "2020-jun-project1-externals"
          + "Name"        = "2020-jun-project1-externals-alb"
        }
      + vpc_id                     = (known after apply)
      + zone_id                    = (known after apply)

      + subnet_mapping {
          + allocation_id        = (known after apply)
          + private_ipv4_address = (known after apply)
          + subnet_id            = (known after apply)
        }
    }

  # module.ecs.aws_alb_listener.web_app will be created
  + resource "aws_alb_listener" "web_app" {
      + arn               = (known after apply)
      + certificate_arn   = "arn:aws:acm:ap-southeast-2:348248800869:certificate/0c6d4095-dd02-4717-bff1-b076303dd2cd"
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = (known after apply)

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.ecs.aws_alb_target_group.target_group will be created
  + resource "aws_alb_target_group" "target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + deregistration_delay               = 300
      + id                                 = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancing_algorithm_type      = (known after apply)
      + name                               = "wordpressalbtg01"
      + port                               = 80
      + protocol                           = "HTTP"
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 3
          + interval            = 60
          + matcher             = "200-302,404"
          + path                = "/index.html"
          + port                = "80"
          + protocol            = "HTTP"
          + timeout             = 30
          + unhealthy_threshold = 3
        }

      + stickiness {
          + cookie_duration = (known after apply)
          + enabled         = (known after apply)
          + type            = (known after apply)
        }
    }

  # module.ecs.aws_appautoscaling_policy.app_down will be created
  + resource "aws_appautoscaling_policy" "app_down" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "2020-jun-project1-externals-scale-down"
      + policy_type        = "StepScaling"
      + resource_id        = "service/2020-jun-project1-externals/2020-jun-project1-externals"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + step_scaling_policy_configuration {
          + adjustment_type         = "ChangeInCapacity"
          + cooldown                = 300
          + metric_aggregation_type = "Average"

          + step_adjustment {
              + metric_interval_upper_bound = "0"
              + scaling_adjustment          = -1
            }
        }
    }

  # module.ecs.aws_appautoscaling_policy.app_up will be created
  + resource "aws_appautoscaling_policy" "app_up" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "2020-jun-project1-externals-app-scale-up"
      + policy_type        = "StepScaling"
      + resource_id        = "service/2020-jun-project1-externals/2020-jun-project1-externals"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + step_scaling_policy_configuration {
          + adjustment_type         = "ChangeInCapacity"
          + cooldown                = 60
          + metric_aggregation_type = "Average"

          + step_adjustment {
              + metric_interval_lower_bound = "0"
              + scaling_adjustment          = 1
            }
        }
    }

  # module.ecs.aws_appautoscaling_target.app_scale_target will be created
  + resource "aws_appautoscaling_target" "app_scale_target" {
      + id                 = (known after apply)
      + max_capacity       = 4
      + min_capacity       = 2
      + resource_id        = "service/2020-jun-project1-externals/2020-jun-project1-externals"
      + role_arn           = (known after apply)
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"
    }

  # module.ecs.aws_cloudwatch_log_group.ecs will be created
  + resource "aws_cloudwatch_log_group" "ecs" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/ecs/2020-jun-project1-externals"
      + retention_in_days = 1
    }

  # module.ecs.aws_cloudwatch_metric_alarm.cpu_utilization_high will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_utilization_high" {
      + actions_enabled                       = true
      + alarm_actions                         = (known after apply)
      + alarm_name                            = "2020-jun-project1-externals-CPU-Utilization-High"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanOrEqualToThreshold"
      + dimensions                            = {
          + "ClusterName" = "2020-jun-project1-externals"
          + "ServiceName" = "2020-jun-project1-externals"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + period                                = 60
      + statistic                             = "Average"
      + threshold                             = 80
      + treat_missing_data                    = "missing"
    }

  # module.ecs.aws_cloudwatch_metric_alarm.cpu_utilization_low will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_utilization_low" {
      + actions_enabled                       = true
      + alarm_actions                         = (known after apply)
      + alarm_name                            = "2020-jun-project1-externals-CPU-Utilization-Low"
      + arn                                   = (known after apply)
      + comparison_operator                   = "LessThanThreshold"
      + dimensions                            = {
          + "ClusterName" = "2020-jun-project1-externals"
          + "ServiceName" = "2020-jun-project1-externals"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + period                                = 60
      + statistic                             = "Average"
      + threshold                             = 30
      + treat_missing_data                    = "missing"
    }

  # module.ecs.aws_ecr_repository.wprepo will be created
  + resource "aws_ecr_repository" "wprepo" {
      + arn                  = (known after apply)
      + id                   = (known after apply)
      + image_tag_mutability = "MUTABLE"
      + name                 = "wordpress"
      + registry_id          = (known after apply)
      + repository_url       = (known after apply)

      + image_scanning_configuration {
          + scan_on_push = false
        }
    }

  # module.ecs.aws_ecs_cluster.this will be created
  + resource "aws_ecs_cluster" "this" {
      + arn  = (known after apply)
      + id   = (known after apply)
      + name = "2020-jun-project1-externals"

      + setting {
          + name  = (known after apply)
          + value = (known after apply)
        }
    }

  # module.ecs.aws_ecs_service.wordpress will be created
  + resource "aws_ecs_service" "wordpress" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 2
      + enable_ecs_managed_tags            = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "2020-jun-project1-externals"
      + platform_version                   = "1.4.0"
      + scheduling_strategy                = "REPLICA"
      + task_definition                    = (known after apply)

      + load_balancer {
          + container_name   = "wordpress"
          + container_port   = 80
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = true
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.ecs.aws_ecs_task_definition.wordpress will be created
  + resource "aws_ecs_task_definition" "wordpress" {
      + arn                      = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "256"
      + execution_role_arn       = (known after apply)
      + family                   = "2020-jun-project1-externals"
      + id                       = (known after apply)
      + memory                   = "512"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)

      + volume {
          + name = "efs-volume"

          + efs_volume_configuration {
              + file_system_id = (known after apply)
              + root_directory = "/"
            }
        }
    }

  # module.ecs.aws_iam_policy.ecrpolicy will be created
  + resource "aws_iam_policy" "ecrpolicy" {
      + arn         = (known after apply)
      + description = "Policy to access ECR"
      + id          = (known after apply)
      + name        = "ecrpolicy"
      + path        = "/"
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ecr:BatchCheckLayerAvailability",
                          + "ecr:BatchGetImage",
                          + "ecr:GetDownloadUrlForLayer",
                          + "ecr:GetAuthorizationToken",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
    }

  # module.ecs.aws_iam_role.ecs will be created
  + resource "aws_iam_role" "ecs" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2008-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = "2020-jun-project1-externals-ecs-role"
      + path                  = "/"
      + unique_id             = (known after apply)
    }

  # module.ecs.aws_iam_role_policy_attachment.ecs1 will be created
  + resource "aws_iam_role_policy_attachment" "ecs1" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
      + role       = "2020-jun-project1-externals-ecs-role"
    }

  # module.ecs.aws_iam_role_policy_attachment.ecs2 will be created
  + resource "aws_iam_role_policy_attachment" "ecs2" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "2020-jun-project1-externals-ecs-role"
    }

  # module.ecs.aws_route53_record.wp_route53 will be created
  + resource "aws_route53_record" "wp_route53" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "wp"
      + type            = "A"
      + zone_id         = "ZZ90LZK3RNF5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # module.ecs.aws_security_group.wordpress will be created
  + resource "aws_security_group" "wordpress" {
      + arn                    = (known after apply)
      + description            = "ECS Security Group"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = ""
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
        ]
      + name                   = "project1_ext1_ecs_sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # module.ecs.aws_security_group.wpalb_sg will be created
  + resource "aws_security_group" "wpalb_sg" {
      + arn                    = (known after apply)
      + description            = "ALB Security Group"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "project1_ext1_wpalb_sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "project1_ext1_wpalb_sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.efs.aws_efs_access_point.ap will be created
  + resource "aws_efs_access_point" "ap" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "Name" = "wordpress"
        }

      + root_directory {
          + path = "/wordpress"

          + creation_info {
              + owner_gid   = (known after apply)
              + owner_uid   = (known after apply)
              + permissions = (known after apply)
            }
        }
    }

  # module.efs.aws_efs_file_system.this will be created
  + resource "aws_efs_file_system" "this" {
      + arn              = (known after apply)
      + creation_token   = "wordpress"
      + dns_name         = (known after apply)
      + encrypted        = (known after apply)
      + id               = (known after apply)
      + kms_key_id       = (known after apply)
      + performance_mode = "generalPurpose"
      + tags             = {
          + "Name" = "wordpress"
        }
      + throughput_mode  = "bursting"
    }

  # module.efs.aws_efs_mount_target.mnt1 will be created
  + resource "aws_efs_mount_target" "mnt1" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.efs.aws_efs_mount_target.mnt2 will be created
  + resource "aws_efs_mount_target" "mnt2" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.efs.aws_security_group.efs_sg will be created
  + resource "aws_security_group" "efs_sg" {
      + arn                    = (known after apply)
      + description            = "EFS Security Group"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 2049
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = (known after apply)
              + self             = false
              + to_port          = 2049
            },
        ]
      + name                   = "project1_ext1_efs_sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # module.networking.data.aws_availability_zones.available will be read during apply
  # (config refers to values not yet known)
 <= data "aws_availability_zones" "available"  {
        group_names = [
            "ap-southeast-2",
        ]
      ~ id          = "2020-08-13 11:04:46.302853298 +0000 UTC" -> "2020-08-13 11:04:49.488639085 +0000 UTC"
        names       = [
            "ap-southeast-2a",
            "ap-southeast-2b",
            "ap-southeast-2c",
        ]
        zone_ids    = [
            "apse2-az3",
            "apse2-az1",
            "apse2-az2",
        ]
    }

  # module.networking.aws_eip.this will be created
  + resource "aws_eip" "this" {
      + allocation_id     = (known after apply)
      + association_id    = (known after apply)
      + customer_owned_ip = (known after apply)
      + domain            = (known after apply)
      + id                = (known after apply)
      + instance          = (known after apply)
      + network_interface = (known after apply)
      + private_dns       = (known after apply)
      + private_ip        = (known after apply)
      + public_dns        = (known after apply)
      + public_ip         = (known after apply)
      + public_ipv4_pool  = (known after apply)
      + vpc               = true
    }

  # module.networking.aws_internet_gateway.this will be created
  + resource "aws_internet_gateway" "this" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name" = "wp_igw"
        }
      + vpc_id   = (known after apply)
    }

  # module.networking.aws_nat_gateway.this will be created
  + resource "aws_nat_gateway" "this" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
      + tags                 = {
          + "Name" = "wp_nat_gateway"
        }
    }

  # module.networking.aws_network_acl.private will be created
  + resource "aws_network_acl" "private" {
      + arn        = (known after apply)
      + egress     = (known after apply)
      + id         = (known after apply)
      + ingress    = (known after apply)
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Name" = "wp_private_nacl"
        }
      + vpc_id     = (known after apply)
    }

  # module.networking.aws_network_acl.public will be created
  + resource "aws_network_acl" "public" {
      + arn        = (known after apply)
      + egress     = (known after apply)
      + id         = (known after apply)
      + ingress    = (known after apply)
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Name" = "wp_public_nacl"
        }
      + vpc_id     = (known after apply)
    }

  # module.networking.aws_network_acl_rule.private_egress_Allow_all_traffic will be created
  + resource "aws_network_acl_rule" "private_egress_Allow_all_traffic" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 500
      + to_port        = 0
    }

  # module.networking.aws_network_acl_rule.private_egress_ephemeral_vpc will be created
  + resource "aws_network_acl_rule" "private_egress_ephemeral_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = true
      + from_port      = 1024
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 200
      + to_port        = 65535
    }

  # module.networking.aws_network_acl_rule.private_egress_http_vpc will be created
  + resource "aws_network_acl_rule" "private_egress_http_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = true
      + from_port      = 80
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 300
      + to_port        = 80
    }

  # module.networking.aws_network_acl_rule.private_egress_https_vpc will be created
  + resource "aws_network_acl_rule" "private_egress_https_vpc" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 443
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 400
      + to_port        = 443
    }

  # module.networking.aws_network_acl_rule.private_egress_ssh_vpc will be created
  + resource "aws_network_acl_rule" "private_egress_ssh_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = true
      + from_port      = 22
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 22
    }

  # module.networking.aws_network_acl_rule.private_ingress_Allow_all_traffic will be created
  + resource "aws_network_acl_rule" "private_ingress_Allow_all_traffic" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 400
      + to_port        = 0
    }

  # module.networking.aws_network_acl_rule.private_ingress_ephemeral_vpc will be created
  + resource "aws_network_acl_rule" "private_ingress_ephemeral_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = false
      + from_port      = 1024
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 200
      + to_port        = 65535
    }

  # module.networking.aws_network_acl_rule.private_ingress_https_vpc will be created
  + resource "aws_network_acl_rule" "private_ingress_https_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = false
      + from_port      = 443
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 300
      + to_port        = 443
    }

  # module.networking.aws_network_acl_rule.private_ingress_ssh_vpc will be created
  + resource "aws_network_acl_rule" "private_ingress_ssh_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = false
      + from_port      = 22
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 22
    }

  # module.networking.aws_network_acl_rule.public_egress_Allow_all_traffic1 will be created
  + resource "aws_network_acl_rule" "public_egress_Allow_all_traffic1" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = true
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 700
      + to_port        = 0
    }

  # module.networking.aws_network_acl_rule.public_egress_ephemeral will be created
  + resource "aws_network_acl_rule" "public_egress_ephemeral" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 1024
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 200
      + to_port        = 65535
    }

  # module.networking.aws_network_acl_rule.public_egress_http will be created
  + resource "aws_network_acl_rule" "public_egress_http" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 80
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 500
      + to_port        = 80
    }

  # module.networking.aws_network_acl_rule.public_egress_https will be created
  + resource "aws_network_acl_rule" "public_egress_https" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 443
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 600
      + to_port        = 443
    }

  # module.networking.aws_network_acl_rule.public_egress_ping will be created
  + resource "aws_network_acl_rule" "public_egress_ping" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + icmp_code      = "-1"
      + icmp_type      = "8"
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "icmp"
      + rule_action    = "allow"
      + rule_number    = 300
    }

  # module.networking.aws_network_acl_rule.public_egress_ping_response will be created
  + resource "aws_network_acl_rule" "public_egress_ping_response" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + icmp_code      = "-1"
      + icmp_type      = "0"
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "icmp"
      + rule_action    = "allow"
      + rule_number    = 400
    }

  # module.networking.aws_network_acl_rule.public_egress_ssh_vpc will be created
  + resource "aws_network_acl_rule" "public_egress_ssh_vpc" {
      + cidr_block     = "10.0.0.0/16"
      + egress         = true
      + from_port      = 22
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 22
    }

  # module.networking.aws_network_acl_rule.public_ingress_Allow_all_traffic1 will be created
  + resource "aws_network_acl_rule" "public_ingress_Allow_all_traffic1" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 600
      + to_port        = 0
    }

  # module.networking.aws_network_acl_rule.public_ingress_echo_response_from_anywhere will be created
  + resource "aws_network_acl_rule" "public_ingress_echo_response_from_anywhere" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + icmp_code      = "-1"
      + icmp_type      = "0"
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "icmp"
      + rule_action    = "allow"
      + rule_number    = 200
    }

  # module.networking.aws_network_acl_rule.public_ingress_ephemeral will be created
  + resource "aws_network_acl_rule" "public_ingress_ephemeral" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 1024
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 400
      + to_port        = 65535
    }

  # module.networking.aws_network_acl_rule.public_ingress_https will be created
  + resource "aws_network_acl_rule" "public_ingress_https" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 443
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 500
      + to_port        = 443
    }

  # module.networking.aws_network_acl_rule.public_ingress_icmp_from_home_network will be created
  + resource "aws_network_acl_rule" "public_ingress_icmp_from_home_network" {
      + cidr_block     = "101.181.70.69/32"
      + egress         = false
      + icmp_code      = "-1"
      + icmp_type      = "-1"
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "icmp"
      + rule_action    = "allow"
      + rule_number    = 100
    }

  # module.networking.aws_network_acl_rule.public_ingress_ssh_from_home_network will be created
  + resource "aws_network_acl_rule" "public_ingress_ssh_from_home_network" {
      + cidr_block     = "101.181.70.69/32"
      + egress         = false
      + from_port      = 22
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "tcp"
      + rule_action    = "allow"
      + rule_number    = 300
      + to_port        = 22
    }

  # module.networking.aws_route_table.private will be created
  + resource "aws_route_table" "private" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + cidr_block                = "0.0.0.0/0"
              + egress_only_gateway_id    = ""
              + gateway_id                = (known after apply)
              + instance_id               = ""
              + ipv6_cidr_block           = ""
              + nat_gateway_id            = ""
              + network_interface_id      = ""
              + transit_gateway_id        = ""
              + vpc_peering_connection_id = ""
            },
        ]
      + tags             = {
          + "Name" = "wp_rt_private"
        }
      + vpc_id           = (known after apply)
    }

  # module.networking.aws_route_table.public will be created
  + resource "aws_route_table" "public" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + cidr_block                = "0.0.0.0/0"
              + egress_only_gateway_id    = ""
              + gateway_id                = (known after apply)
              + instance_id               = ""
              + ipv6_cidr_block           = ""
              + nat_gateway_id            = ""
              + network_interface_id      = ""
              + transit_gateway_id        = ""
              + vpc_peering_connection_id = ""
            },
        ]
      + tags             = {
          + "Name" = "wp_rt_public"
        }
      + vpc_id           = (known after apply)
    }

  # module.networking.aws_route_table_association.private_subnet[0] will be created
  + resource "aws_route_table_association" "private_subnet" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.networking.aws_route_table_association.private_subnet[1] will be created
  + resource "aws_route_table_association" "private_subnet" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.networking.aws_route_table_association.public_subnet[0] will be created
  + resource "aws_route_table_association" "public_subnet" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.networking.aws_route_table_association.public_subnet[1] will be created
  + resource "aws_route_table_association" "public_subnet" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.networking.aws_subnet.private[0] will be created
  + resource "aws_subnet" "private" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-southeast-2a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.0.10.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "wp_private_ap-southeast-2a"
        }
      + vpc_id                          = (known after apply)
    }

  # module.networking.aws_subnet.private[1] will be created
  + resource "aws_subnet" "private" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-southeast-2b"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.0.11.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "wp_private_ap-southeast-2b"
        }
      + vpc_id                          = (known after apply)
    }

  # module.networking.aws_subnet.public[0] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-southeast-2a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.0.0.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "wp_public_ap-southeast-2a"
        }
      + vpc_id                          = (known after apply)
    }

  # module.networking.aws_subnet.public[1] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-southeast-2b"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.0.1.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "wp_public_ap-southeast-2b"
        }
      + vpc_id                          = (known after apply)
    }

  # module.networking.aws_vpc.this will be created
  + resource "aws_vpc" "this" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "10.0.0.0/16"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = true
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Name" = "wp_vpc"
        }
    }

  # module.rds.aws_db_parameter_group.aurora_db_mysql57_parameter_group will be created
  + resource "aws_db_parameter_group" "aurora_db_mysql57_parameter_group" {
      + arn         = (known after apply)
      + description = "test-aurora57-parameter-group"
      + family      = "aurora-mysql5.7"
      + id          = (known after apply)
      + name        = "test-aurora57-parameter-group"
      + name_prefix = (known after apply)
    }

  # module.rds.aws_db_subnet_group.this will be created
  + resource "aws_db_subnet_group" "this" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "rdssubnet"
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)
      + tags        = {
          + "Name" = "RDS DB Subnet Group"
        }
    }

  # module.rds.aws_rds_cluster.this will be created
  + resource "aws_rds_cluster" "this" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = (known after apply)
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + copy_tags_to_snapshot           = false
      + database_name                   = "wordpress"
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "rdssubnet"
      + deletion_protection             = false
      + enable_http_endpoint            = false
      + endpoint                        = (known after apply)
      + engine                          = "aurora"
      + engine_mode                     = "serverless"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = (known after apply)
      + master_password                 = (sensitive value)
      + master_username                 = "root"
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + vpc_security_group_ids          = (known after apply)

      + scaling_configuration {
          + auto_pause               = true
          + max_capacity             = 256
          + min_capacity             = 2
          + seconds_until_auto_pause = 300
          + timeout_action           = "ForceApplyCapacityChange"
        }
    }

  # module.rds.aws_rds_cluster_parameter_group.aurora_cluster_mysql57_parameter_group will be created
  + resource "aws_rds_cluster_parameter_group" "aurora_cluster_mysql57_parameter_group" {
      + arn         = (known after apply)
      + description = "test-aurora57-cluster-parameter-group"
      + family      = "aurora5.6"
      + id          = (known after apply)
      + name        = "test-aurora57-cluster-parameter-group"
      + name_prefix = (known after apply)
    }

  # module.rds.aws_security_group.rds will be created
  + resource "aws_security_group" "rds" {
      + arn                    = (known after apply)
      + description            = "RDS SG"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "project1_ext1_rds_sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # module.rds.aws_security_group_rule.allow_baston_access will be created
  + resource "aws_security_group_rule" "allow_baston_access" {
      + from_port                = (known after apply)
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = (known after apply)
      + type                     = "ingress"
    }

  # module.rds.aws_security_group_rule.allow_ec2_access will be created
  + resource "aws_security_group_rule" "allow_ec2_access" {
      + from_port                = (known after apply)
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = (known after apply)
      + type                     = "ingress"
    }

  # module.rds.aws_ssm_parameter.db_host will be created
  + resource "aws_ssm_parameter" "db_host" {
      + arn       = (known after apply)
      + data_type = (known after apply)
      + id        = (known after apply)
      + key_id    = (known after apply)
      + name      = "/wordpress/WORDPRESS_DB_HOST"
      + overwrite = true
      + tier      = "Standard"
      + type      = "SecureString"
      + value     = (sensitive value)
      + version   = (known after apply)
    }

  # module.rds.aws_ssm_parameter.db_name will be created
  + resource "aws_ssm_parameter" "db_name" {
      + arn       = (known after apply)
      + data_type = (known after apply)
      + id        = (known after apply)
      + key_id    = (known after apply)
      + name      = "/wordpress/WORDPRESS_DB_NAME"
      + overwrite = true
      + tier      = "Standard"
      + type      = "SecureString"
      + value     = (sensitive value)
      + version   = (known after apply)
    }

  # module.rds.aws_ssm_parameter.db_password will be created
  + resource "aws_ssm_parameter" "db_password" {
      + arn       = (known after apply)
      + data_type = (known after apply)
      + id        = (known after apply)
      + key_id    = (known after apply)
      + name      = "/wordpress/WORDPRESS_DB_PASSWORD"
      + overwrite = false
      + tier      = "Standard"
      + type      = "SecureString"
      + value     = (sensitive value)
      + version   = (known after apply)
    }

  # module.rds.aws_ssm_parameter.db_user will be created
  + resource "aws_ssm_parameter" "db_user" {
      + arn       = (known after apply)
      + data_type = (known after apply)
      + id        = (known after apply)
      + key_id    = (known after apply)
      + name      = "/wordpress/WORDPRESS_DB_USER"
      + overwrite = false
      + tier      = "Standard"
      + type      = "SecureString"
      + value     = (sensitive value)
      + version   = (known after apply)
    }

  # module.rds.random_password.rds_password will be created
  + resource "random_password" "rds_password" {
      + id          = (known after apply)
      + length      = 10
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

Plan: 80 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + bastion_ssh_command = (known after apply)
  + ecr_url             = (known after apply)
  ~ mysql_command       = {
      ~ command  = null -> (known after apply)
      ~ password = null -> (known after apply)
    }

------------------------------------------------------------------------

This plan was saved to: project1_tf_plan

To perform exactly these actions, run the following command to apply:
    terraform apply "project1_tf_plan"