fix: requirements.txt to reduce vulnerabilities

[ngnnpgn]

The following vulnerabilities are fixed by pinning transitive dependencies:

• https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
• https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
• https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
• https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
• https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
• https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933

[github-actions[bot]]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[infracost[bot]]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[billmetangmo]

Plan Result

CI link

Plan: 26 to add, 0 to change, 0 to destroy.

• Create
  • aws_api_gateway_deployment.test
  • aws_api_gateway_integration.integration
  • aws_api_gateway_method.method
  • aws_api_gateway_method_response.method_response_200
  • aws_api_gateway_resource.resource
  • aws_api_gateway_rest_api.api
  • aws_cloudwatch_event_rule.scheduler
  • aws_cloudwatch_event_target.target
  • aws_dynamodb_table.Link_table
  • aws_dynamodb_table.Register
  • aws_dynamodb_table.Users
  • aws_lambda_function.lambda
  • aws_lambda_function.scan
  • aws_lambda_layer_version.test_lambda_layer
  • aws_lambda_permission.allow_cloudwatch_to_call_check_foo
  • aws_lambda_permission.apigw_lambda
  • aws_s3_bucket.images
  • aws_s3_bucket.website
  • aws_s3_bucket_object.example_file
  • aws_s3_bucket_policy.website
  • aws_s3_bucket_public_access_block.website
  • local_file.index_page
  • module.cors.aws_api_gatewayintegration.
  • module.cors.aws_api_gateway_integrationresponse.
  • module.cors.aws_api_gatewaymethod.
  • module.cors.aws_api_gateway_methodresponse.

Change Result (Click me)

```hcl # aws_api_gateway_deployment.test will be created + resource "aws_api_gateway_deployment" "test" { + created_date = (known after apply) + execution_arn = (known after apply) + id = (known after apply) + invoke_url = (known after apply) + rest_api_id = (known after apply) + stage_name = "mtchoun-mouh-snyk-fix-werkzeug-dev" } # aws_api_gateway_integration.integration will be created + resource "aws_api_gateway_integration" "integration" { + cache_namespace = (known after apply) + connection_type = "INTERNET" + http_method = "POST" + id = (known after apply) + integration_http_method = "POST" + passthrough_behavior = (known after apply) + resource_id = (known after apply) + rest_api_id = (known after apply) + timeout_milliseconds = 29000 + type = "AWS_PROXY" + uri = (known after apply) } # aws_api_gateway_method.method will be created + resource "aws_api_gateway_method" "method" { + api_key_required = false + authorization = "NONE" + http_method = "POST" + id = (known after apply) + resource_id = (known after apply) + rest_api_id = (known after apply) } # aws_api_gateway_method_response.method_response_200 will be created + resource "aws_api_gateway_method_response" "method_response_200" { + http_method = "POST" + id = (known after apply) + resource_id = (known after apply) + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = true + "method.response.header.Access-Control-Allow-Methods" = false + "method.response.header.Access-Control-Allow-Origin" = true } + rest_api_id = (known after apply) + status_code = "200" } # aws_api_gateway_resource.resource will be created + resource "aws_api_gateway_resource" "resource" { + id = (known after apply) + parent_id = (known after apply) + path = (known after apply) + path_part = "register" + rest_api_id = (known after apply) } # aws_api_gateway_rest_api.api will be created + resource "aws_api_gateway_rest_api" "api" { + api_key_source = (known after apply) + arn = (known after apply) + binary_media_types = (known after apply) + created_date = (known after apply) + description = "Allow to register user for sending notifications later" + disable_execute_api_endpoint = (known after apply) + execution_arn = (known after apply) + id = (known after apply) + minimum_compression_size = -1 + name = "mtchoun-mouh-snyk-fix-werkzeug-user registration" + policy = (known after apply) + root_resource_id = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + endpoint_configuration { + types = [ + "REGIONAL", ] + vpc_endpoint_ids = (known after apply) } } # aws_cloudwatch_event_rule.scheduler will be created + resource "aws_cloudwatch_event_rule" "scheduler" { + arn = (known after apply) + description = "extract image - verify passport is out - send notifications" + event_bus_name = "default" + id = (known after apply) + is_enabled = true + name = "mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan" + name_prefix = (known after apply) + schedule_expression = "cron(0 8 ? * MON-FRI *)" + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } } # aws_cloudwatch_event_target.target will be created + resource "aws_cloudwatch_event_target" "target" { + arn = (known after apply) + event_bus_name = "default" + id = (known after apply) + rule = "mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan" + target_id = "lambda" } # aws_dynamodb_table.Link_table will be created + resource "aws_dynamodb_table" "Link_table" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "link" + id = (known after apply) + name = "mtchoun-mouh-snyk-fix-werkzeug-Link_table" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + write_capacity = 1 + attribute { + name = "link" + type = "S" } + point_in_time_recovery { + enabled = false } + server_side_encryption (known after apply) } # aws_dynamodb_table.Register will be created + resource "aws_dynamodb_table" "Register" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "Name" + id = (known after apply) + name = "mtchoun-mouh-snyk-fix-werkzeug-Register" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + write_capacity = 1 + attribute { + name = "Name" + type = "S" } + point_in_time_recovery { + enabled = false } + server_side_encryption (known after apply) } # aws_dynamodb_table.Users will be created + resource "aws_dynamodb_table" "Users" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "UserName" + id = (known after apply) + name = "mtchoun-mouh-snyk-fix-werkzeug-Users" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + write_capacity = 1 + attribute { + name = "UserName" + type = "S" } + point_in_time_recovery { + enabled = false } + server_side_encryption (known after apply) } # aws_lambda_function.lambda will be created + resource "aws_lambda_function" "lambda" { + arn = (known after apply) + filename = "api/lambda.zip" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam" + handler = "lambda.register_handler" + id = (known after apply) + invoke_arn = (known after apply) + last_modified = (known after apply) + layers = (known after apply) + memory_size = 128 + package_type = "Zip" + publish = false + qualified_arn = (known after apply) + reserved_concurrent_executions = -1 + role = "arn:aws:iam::053932140667:role/website-deployer" + runtime = "python3.8" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + source_code_hash = "aG/693OgtesclFbtQG3JpowPoOxVEki6ETbi5wlrhnw=" + source_code_size = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + timeout = 10 + version = (known after apply) + environment { + variables = { + "API_KEY" = (sensitive value) + "BUCKET_NAME" = "mtchoun-mouh-snyk-fix-werkzeug-djansang" + "ENV" = "mtchoun-mouh-snyk-fix-werkzeug" + "LINKS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Link_table" + "MAINTAINER_MAIL" = (sensitive value) + "REGION" = "eu-central-1" + "REGISTERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Register" + "SENTRY_DNS" = (sensitive value) + "USERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Users" } } + tracing_config (known after apply) } # aws_lambda_function.scan will be created + resource "aws_lambda_function" "scan" { + arn = (known after apply) + filename = "api/lambda.zip" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam" + handler = "lambda.scan_handler" + id = (known after apply) + invoke_arn = (known after apply) + last_modified = (known after apply) + memory_size = 128 + package_type = "Zip" + publish = false + qualified_arn = (known after apply) + reserved_concurrent_executions = -1 + role = "arn:aws:iam::053932140667:role/website-deployer" + runtime = "python3.8" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + source_code_hash = "aG/693OgtesclFbtQG3JpowPoOxVEki6ETbi5wlrhnw=" + source_code_size = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + timeout = 900 + version = (known after apply) + environment { + variables = { + "API_KEY" = (sensitive value) + "BUCKET_NAME" = "mtchoun-mouh-snyk-fix-werkzeug-djansang" + "ENV" = "mtchoun-mouh-snyk-fix-werkzeug" + "LINKS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Link_table" + "MAINTAINER_MAIL" = (sensitive value) + "REGION" = "eu-central-1" + "REGISTERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Register" + "SENTRY_DNS" = (sensitive value) + "USERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Users" } } + tracing_config (known after apply) } # aws_lambda_layer_version.test_lambda_layer will be created + resource "aws_lambda_layer_version" "test_lambda_layer" { + arn = (known after apply) + compatible_runtimes = [ + "python3.7", + "python3.8", ] + created_date = (known after apply) + filename = "make_lamda_layer/python.zip" + id = (known after apply) + layer_arn = (known after apply) + layer_name = "test_lambda_layer" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + source_code_hash = (known after apply) + source_code_size = (known after apply) + version = (known after apply) } # aws_lambda_permission.allow_cloudwatch_to_call_check_foo will be created + resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_foo" { + action = "lambda:InvokeFunction" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam" + id = (known after apply) + principal = "events.amazonaws.com" + source_arn = (known after apply) + statement_id = "AllowExecutionFromCloudWatch" } # aws_lambda_permission.apigw_lambda will be created + resource "aws_lambda_permission" "apigw_lambda" { + action = "lambda:InvokeFunction" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam" + id = (known after apply) + principal = "apigateway.amazonaws.com" + source_arn = (known after apply) + statement_id = "AllowExecutionFromAPIGateway" } # aws_s3_bucket.images will be created + resource "aws_s3_bucket" "images" { + acceleration_status = (known after apply) + acl = "private" + arn = (known after apply) + bucket = "mtchoun-mouh-snyk-fix-werkzeug-djansang" + bucket_domain_name = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = true + hosted_zone_id = (known after apply) + id = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags = { + "Name" = "images" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "Name" = "images" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + website_domain = (known after apply) + website_endpoint = (known after apply) + versioning (known after apply) } # aws_s3_bucket.website will be created + resource "aws_s3_bucket" "website" { + acceleration_status = (known after apply) + acl = "private" + arn = (known after apply) + bucket = "mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm" + bucket_domain_name = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = true + hosted_zone_id = (known after apply) + id = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags = { + "Name" = "Website" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "Name" = "Website" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + website_domain = (known after apply) + website_endpoint = (known after apply) + cors_rule { + allowed_headers = [ + "*", ] + allowed_methods = [ + "PUT", + "POST", + "GET", ] + allowed_origins = [ + "*", ] } + versioning (known after apply) + website { + error_document = "error.html" + index_document = "index.html" } } # aws_s3_bucket_object.example_file will be created + resource "aws_s3_bucket_object" "example_file" { + acl = "private" + bucket = (known after apply) + bucket_key_enabled = (known after apply) + content_type = "text/html" + etag = (known after apply) + force_destroy = false + id = (known after apply) + key = "index.html" + kms_key_id = (known after apply) + server_side_encryption = (known after apply) + source = "../html/index.html" + storage_class = (known after apply) + tags_all = (known after apply) + version_id = (known after apply) } # aws_s3_bucket_policy.website will be created + resource "aws_s3_bucket_policy" "website" { + bucket = (known after apply) + id = (known after apply) + policy = (known after apply) } # aws_s3_bucket_public_access_block.website will be created + resource "aws_s3_bucket_public_access_block" "website" { + block_public_acls = false + block_public_policy = false + bucket = (known after apply) + id = (known after apply) + ignore_public_acls = false + restrict_public_buckets = false } # local_file.index_page will be created + resource "local_file" "index_page" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0777" + filename = "../html/index.html" + id = (known after apply) } # module.cors.aws_api_gateway_integration._ will be created + resource "aws_api_gateway_integration" "_" { + cache_namespace = (known after apply) + connection_type = "INTERNET" + content_handling = "CONVERT_TO_TEXT" + http_method = "OPTIONS" + id = (known after apply) + passthrough_behavior = (known after apply) + request_templates = { + "application/json" = jsonencode( { + statusCode = 200 } ) } + resource_id = (known after apply) + rest_api_id = (known after apply) + timeout_milliseconds = 29000 + type = "MOCK" } # module.cors.aws_api_gateway_integration_response._ will be created + resource "aws_api_gateway_integration_response" "_" { + http_method = "OPTIONS" + id = (known after apply) + resource_id = (known after apply) + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'" + "method.response.header.Access-Control-Allow-Methods" = "'OPTIONS,HEAD,GET,POST,PUT,PATCH,DELETE'" + "method.response.header.Access-Control-Allow-Origin" = "'*'" + "method.response.header.Access-Control-Max-Age" = "'7200'" } + rest_api_id = (known after apply) + status_code = "200" } # module.cors.aws_api_gateway_method._ will be created + resource "aws_api_gateway_method" "_" { + api_key_required = false + authorization = "NONE" + http_method = "OPTIONS" + id = (known after apply) + resource_id = (known after apply) + rest_api_id = (known after apply) } # module.cors.aws_api_gateway_method_response._ will be created + resource "aws_api_gateway_method_response" "_" { + http_method = "OPTIONS" + id = (known after apply) + resource_id = (known after apply) + response_models = { + "application/json" = "Empty" } + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = true + "method.response.header.Access-Control-Allow-Methods" = true + "method.response.header.Access-Control-Allow-Origin" = true + "method.response.header.Access-Control-Max-Age" = true } + rest_api_id = (known after apply) + status_code = "200" } Plan: 26 to add, 0 to change, 0 to destroy. Changes to Outputs: + register_table = "mtchoun-mouh-snyk-fix-werkzeug-Register" + stage_url = (known after apply) + website_url = (known after apply) ```

[billmetangmo]

:white_check_mark: Apply Succeeded

CI link

Apply complete! Resources: 26 added, 0 changed, 0 destroyed.

Details (Click me)

```hcl Running apply in the remote backend. Output will stream here. Pressing Ctrl-C will cancel the remote apply if it's still pending. If the apply started it will stop streaming the logs, but will not stop the apply running remotely. Preparing the remote apply... To view this run in a browser, visit: https://app.terraform.io/app/tfc-mongulu-cm/mtchoun-mouh-snyk-fix-werkzeug/runs/run-cc7v9P3PxtjmVhn9 Waiting for the plan to start... Terraform v1.9.6 on linux_amd64 Initializing plugins and modules... data.archive_file.lambda_zip: Reading... data.archive_file.lambda_zip: Read complete after 0s [id=a302387976ce74579a87a903dcc6149f70895053] data.aws_caller_identity.current: Reading... data.aws_iam_role.role: Reading... data.aws_caller_identity.current: Read complete after 0s [id=053932140667] data.aws_iam_role.role: Read complete after 0s [id=website-deployer] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_api_gateway_deployment.test will be created + resource "aws_api_gateway_deployment" "test" { + created_date = (known after apply) + execution_arn = (known after apply) + id = (known after apply) + invoke_url = (known after apply) + rest_api_id = (known after apply) + stage_name = "mtchoun-mouh-snyk-fix-werkzeug-dev" } # aws_api_gateway_integration.integration will be created + resource "aws_api_gateway_integration" "integration" { + cache_namespace = (known after apply) + connection_type = "INTERNET" + http_method = "POST" + id = (known after apply) + integration_http_method = "POST" + passthrough_behavior = (known after apply) + resource_id = (known after apply) + rest_api_id = (known after apply) + timeout_milliseconds = 29000 + type = "AWS_PROXY" + uri = (known after apply) } # aws_api_gateway_method.method will be created + resource "aws_api_gateway_method" "method" { + api_key_required = false + authorization = "NONE" + http_method = "POST" + id = (known after apply) + resource_id = (known after apply) + rest_api_id = (known after apply) } # aws_api_gateway_method_response.method_response_200 will be created + resource "aws_api_gateway_method_response" "method_response_200" { + http_method = "POST" + id = (known after apply) + resource_id = (known after apply) + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = true + "method.response.header.Access-Control-Allow-Methods" = false + "method.response.header.Access-Control-Allow-Origin" = true } + rest_api_id = (known after apply) + status_code = "200" } # aws_api_gateway_resource.resource will be created + resource "aws_api_gateway_resource" "resource" { + id = (known after apply) + parent_id = (known after apply) + path = (known after apply) + path_part = "register" + rest_api_id = (known after apply) } # aws_api_gateway_rest_api.api will be created + resource "aws_api_gateway_rest_api" "api" { + api_key_source = (known after apply) + arn = (known after apply) + binary_media_types = (known after apply) + created_date = (known after apply) + description = "Allow to register user for sending notifications later" + disable_execute_api_endpoint = (known after apply) + execution_arn = (known after apply) + id = (known after apply) + minimum_compression_size = -1 + name = "mtchoun-mouh-snyk-fix-werkzeug-user registration" + policy = (known after apply) + root_resource_id = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + endpoint_configuration { + types = [ + "REGIONAL", ] + vpc_endpoint_ids = (known after apply) } } # aws_cloudwatch_event_rule.scheduler will be created + resource "aws_cloudwatch_event_rule" "scheduler" { + arn = (known after apply) + description = "extract image - verify passport is out - send notifications" + event_bus_name = "default" + id = (known after apply) + is_enabled = true + name = "mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan" + name_prefix = (known after apply) + schedule_expression = "cron(0 8 ? * MON-FRI *)" + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } } # aws_cloudwatch_event_target.target will be created + resource "aws_cloudwatch_event_target" "target" { + arn = (known after apply) + event_bus_name = "default" + id = (known after apply) + rule = "mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan" + target_id = "lambda" } # aws_dynamodb_table.Link_table will be created + resource "aws_dynamodb_table" "Link_table" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "link" + id = (known after apply) + name = "mtchoun-mouh-snyk-fix-werkzeug-Link_table" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + write_capacity = 1 + attribute { + name = "link" + type = "S" } + point_in_time_recovery { + enabled = false } + server_side_encryption (known after apply) } # aws_dynamodb_table.Register will be created + resource "aws_dynamodb_table" "Register" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "Name" + id = (known after apply) + name = "mtchoun-mouh-snyk-fix-werkzeug-Register" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + write_capacity = 1 + attribute { + name = "Name" + type = "S" } + point_in_time_recovery { + enabled = false } + server_side_encryption (known after apply) } # aws_dynamodb_table.Users will be created + resource "aws_dynamodb_table" "Users" { + arn = (known after apply) + billing_mode = "PROVISIONED" + hash_key = "UserName" + id = (known after apply) + name = "mtchoun-mouh-snyk-fix-werkzeug-Users" + read_capacity = 1 + stream_arn = (known after apply) + stream_label = (known after apply) + stream_view_type = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + write_capacity = 1 + attribute { + name = "UserName" + type = "S" } + point_in_time_recovery { + enabled = false } + server_side_encryption (known after apply) } # aws_lambda_function.lambda will be created + resource "aws_lambda_function" "lambda" { + arn = (known after apply) + filename = "api/lambda.zip" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam" + handler = "lambda.register_handler" + id = (known after apply) + invoke_arn = (known after apply) + last_modified = (known after apply) + layers = (known after apply) + memory_size = 128 + package_type = "Zip" + publish = false + qualified_arn = (known after apply) + reserved_concurrent_executions = -1 + role = "arn:aws:iam::053932140667:role/website-deployer" + runtime = "python3.8" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + source_code_hash = "aG/693OgtesclFbtQG3JpowPoOxVEki6ETbi5wlrhnw=" + source_code_size = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + timeout = 10 + version = (known after apply) + environment { + variables = { + "API_KEY" = (sensitive value) + "BUCKET_NAME" = "mtchoun-mouh-snyk-fix-werkzeug-djansang" + "ENV" = "mtchoun-mouh-snyk-fix-werkzeug" + "LINKS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Link_table" + "MAINTAINER_MAIL" = (sensitive value) + "REGION" = "eu-central-1" + "REGISTERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Register" + "SENTRY_DNS" = (sensitive value) + "USERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Users" } } + tracing_config (known after apply) } # aws_lambda_function.scan will be created + resource "aws_lambda_function" "scan" { + arn = (known after apply) + filename = "api/lambda.zip" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam" + handler = "lambda.scan_handler" + id = (known after apply) + invoke_arn = (known after apply) + last_modified = (known after apply) + memory_size = 128 + package_type = "Zip" + publish = false + qualified_arn = (known after apply) + reserved_concurrent_executions = -1 + role = "arn:aws:iam::053932140667:role/website-deployer" + runtime = "python3.8" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + source_code_hash = "aG/693OgtesclFbtQG3JpowPoOxVEki6ETbi5wlrhnw=" + source_code_size = (known after apply) + tags = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + timeout = 900 + version = (known after apply) + environment { + variables = { + "API_KEY" = (sensitive value) + "BUCKET_NAME" = "mtchoun-mouh-snyk-fix-werkzeug-djansang" + "ENV" = "mtchoun-mouh-snyk-fix-werkzeug" + "LINKS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Link_table" + "MAINTAINER_MAIL" = (sensitive value) + "REGION" = "eu-central-1" + "REGISTERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Register" + "SENTRY_DNS" = (sensitive value) + "USERS_TABLE" = "mtchoun-mouh-snyk-fix-werkzeug-Users" } } + tracing_config (known after apply) } # aws_lambda_layer_version.test_lambda_layer will be created + resource "aws_lambda_layer_version" "test_lambda_layer" { + arn = (known after apply) + compatible_runtimes = [ + "python3.7", + "python3.8", ] + created_date = (known after apply) + filename = "make_lamda_layer/python.zip" + id = (known after apply) + layer_arn = (known after apply) + layer_name = "test_lambda_layer" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + source_code_hash = (known after apply) + source_code_size = (known after apply) + version = (known after apply) } # aws_lambda_permission.allow_cloudwatch_to_call_check_foo will be created + resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_foo" { + action = "lambda:InvokeFunction" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam" + id = (known after apply) + principal = "events.amazonaws.com" + source_arn = (known after apply) + statement_id = "AllowExecutionFromCloudWatch" } # aws_lambda_permission.apigw_lambda will be created + resource "aws_lambda_permission" "apigw_lambda" { + action = "lambda:InvokeFunction" + function_name = "mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam" + id = (known after apply) + principal = "apigateway.amazonaws.com" + source_arn = (known after apply) + statement_id = "AllowExecutionFromAPIGateway" } # aws_s3_bucket.images will be created + resource "aws_s3_bucket" "images" { + acceleration_status = (known after apply) + acl = "private" + arn = (known after apply) + bucket = "mtchoun-mouh-snyk-fix-werkzeug-djansang" + bucket_domain_name = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = true + hosted_zone_id = (known after apply) + id = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags = { + "Name" = "images" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "Name" = "images" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + website_domain = (known after apply) + website_endpoint = (known after apply) + versioning (known after apply) } # aws_s3_bucket.website will be created + resource "aws_s3_bucket" "website" { + acceleration_status = (known after apply) + acl = "private" + arn = (known after apply) + bucket = "mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm" + bucket_domain_name = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = true + hosted_zone_id = (known after apply) + id = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags = { + "Name" = "Website" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + tags_all = { + "Name" = "Website" + "environment" = "mtchoun-mouh-master" + "project" = "mtchoun-mouh" } + website_domain = (known after apply) + website_endpoint = (known after apply) + cors_rule { + allowed_headers = [ + "*", ] + allowed_methods = [ + "PUT", + "POST", + "GET", ] + allowed_origins = [ + "*", ] } + versioning (known after apply) + website { + error_document = "error.html" + index_document = "index.html" } } # aws_s3_bucket_object.example_file will be created + resource "aws_s3_bucket_object" "example_file" { + acl = "private" + bucket = (known after apply) + bucket_key_enabled = (known after apply) + content_type = "text/html" + etag = (known after apply) + force_destroy = false + id = (known after apply) + key = "index.html" + kms_key_id = (known after apply) + server_side_encryption = (known after apply) + source = "../html/index.html" + storage_class = (known after apply) + tags_all = (known after apply) + version_id = (known after apply) } # aws_s3_bucket_policy.website will be created + resource "aws_s3_bucket_policy" "website" { + bucket = (known after apply) + id = (known after apply) + policy = (known after apply) } # aws_s3_bucket_public_access_block.website will be created + resource "aws_s3_bucket_public_access_block" "website" { + block_public_acls = false + block_public_policy = false + bucket = (known after apply) + id = (known after apply) + ignore_public_acls = false + restrict_public_buckets = false } # local_file.index_page will be created + resource "local_file" "index_page" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0777" + filename = "../html/index.html" + id = (known after apply) } # module.cors.aws_api_gateway_integration._ will be created + resource "aws_api_gateway_integration" "_" { + cache_namespace = (known after apply) + connection_type = "INTERNET" + content_handling = "CONVERT_TO_TEXT" + http_method = "OPTIONS" + id = (known after apply) + passthrough_behavior = (known after apply) + request_templates = { + "application/json" = jsonencode( { + statusCode = 200 } ) } + resource_id = (known after apply) + rest_api_id = (known after apply) + timeout_milliseconds = 29000 + type = "MOCK" } # module.cors.aws_api_gateway_integration_response._ will be created + resource "aws_api_gateway_integration_response" "_" { + http_method = "OPTIONS" + id = (known after apply) + resource_id = (known after apply) + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'" + "method.response.header.Access-Control-Allow-Methods" = "'OPTIONS,HEAD,GET,POST,PUT,PATCH,DELETE'" + "method.response.header.Access-Control-Allow-Origin" = "'*'" + "method.response.header.Access-Control-Max-Age" = "'7200'" } + rest_api_id = (known after apply) + status_code = "200" } # module.cors.aws_api_gateway_method._ will be created + resource "aws_api_gateway_method" "_" { + api_key_required = false + authorization = "NONE" + http_method = "OPTIONS" + id = (known after apply) + resource_id = (known after apply) + rest_api_id = (known after apply) } # module.cors.aws_api_gateway_method_response._ will be created + resource "aws_api_gateway_method_response" "_" { + http_method = "OPTIONS" + id = (known after apply) + resource_id = (known after apply) + response_models = { + "application/json" = "Empty" } + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = true + "method.response.header.Access-Control-Allow-Methods" = true + "method.response.header.Access-Control-Allow-Origin" = true + "method.response.header.Access-Control-Max-Age" = true } + rest_api_id = (known after apply) + status_code = "200" } Plan: 26 to add, 0 to change, 0 to destroy. Changes to Outputs: + register_table = "mtchoun-mouh-snyk-fix-werkzeug-Register" + stage_url = (known after apply) + website_url = (known after apply) ------------------------------------------------------------------------ Cost estimation: Resources: 3 of 5 estimated $1.6848/mo +$1.6848 ------------------------------------------------------------------------ aws_lambda_layer_version.test_lambda_layer: Creating... aws_cloudwatch_event_rule.scheduler: Creating... aws_api_gateway_rest_api.api: Creating... aws_dynamodb_table.Register: Creating... aws_dynamodb_table.Users: Creating... aws_dynamodb_table.Link_table: Creating... aws_s3_bucket.images: Creating... aws_lambda_function.scan: Creating... aws_s3_bucket.website: Creating... aws_cloudwatch_event_rule.scheduler: Creation complete after 1s [id=mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan] aws_api_gateway_rest_api.api: Creation complete after 1s [id=qyz3uxbg3f] aws_api_gateway_resource.resource: Creating... aws_api_gateway_resource.resource: Creation complete after 1s [id=m808a2] aws_api_gateway_method.method: Creating... module.cors.aws_api_gateway_method._: Creating... aws_api_gateway_method.method: Creation complete after 0s [id=agm-qyz3uxbg3f-m808a2-POST] aws_api_gateway_method_response.method_response_200: Creating... module.cors.aws_api_gateway_method._: Creation complete after 0s [id=agm-qyz3uxbg3f-m808a2-OPTIONS] module.cors.aws_api_gateway_method_response._: Creating... module.cors.aws_api_gateway_integration._: Creating... aws_api_gateway_method_response.method_response_200: Creation complete after 0s [id=agmr-qyz3uxbg3f-m808a2-POST-200] module.cors.aws_api_gateway_method_response._: Creation complete after 1s [id=agmr-qyz3uxbg3f-m808a2-OPTIONS-200] module.cors.aws_api_gateway_integration._: Creation complete after 1s [id=agi-qyz3uxbg3f-m808a2-OPTIONS] module.cors.aws_api_gateway_integration_response._: Creating... module.cors.aws_api_gateway_integration_response._: Creation complete after 0s [id=agir-qyz3uxbg3f-m808a2-OPTIONS-200] aws_dynamodb_table.Register: Creation complete after 6s [id=mtchoun-mouh-snyk-fix-werkzeug-Register] aws_s3_bucket.images: Creation complete after 6s [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] aws_lambda_function.scan: Creation complete after 7s [id=mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam] aws_lambda_permission.allow_cloudwatch_to_call_check_foo: Creating... aws_cloudwatch_event_target.target: Creating... aws_s3_bucket.website: Creation complete after 7s [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_s3_bucket_public_access_block.website: Creating... aws_lambda_permission.allow_cloudwatch_to_call_check_foo: Creation complete after 0s [id=AllowExecutionFromCloudWatch] aws_cloudwatch_event_target.target: Creation complete after 1s [id=mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan-lambda] aws_lambda_layer_version.test_lambda_layer: Creation complete after 8s [id=arn:aws:lambda:eu-central-1:053932140667:layer:test_lambda_layer:9] aws_lambda_function.lambda: Creating... aws_s3_bucket_public_access_block.website: Creation complete after 1s [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_s3_bucket_policy.website: Creating... aws_s3_bucket_policy.website: Creation complete after 0s [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_dynamodb_table.Link_table: Creation complete after 9s [id=mtchoun-mouh-snyk-fix-werkzeug-Link_table] aws_dynamodb_table.Users: Still creating... [10s elapsed] aws_dynamodb_table.Users: Creation complete after 10s [id=mtchoun-mouh-snyk-fix-werkzeug-Users] aws_lambda_function.lambda: Creation complete after 8s [id=mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam] aws_lambda_permission.apigw_lambda: Creating... aws_api_gateway_integration.integration: Creating... aws_api_gateway_integration.integration: Creation complete after 1s [id=agi-qyz3uxbg3f-m808a2-POST] aws_api_gateway_deployment.test: Creating... aws_lambda_permission.apigw_lambda: Creation complete after 1s [id=AllowExecutionFromAPIGateway] aws_api_gateway_deployment.test: Creation complete after 1s [id=3ljwzn] local_file.index_page: Creating... local_file.index_page: Creation complete after 0s [id=504f2bacdec0b4fcb16af56cd7185e92f24a1c5e] aws_s3_bucket_object.example_file: Creating... aws_s3_bucket_object.example_file: Creation complete after 1s [id=index.html] Apply complete! Resources: 26 added, 0 changed, 0 destroyed. Outputs: register_table = "mtchoun-mouh-snyk-fix-werkzeug-Register" stage_url = "https://qyz3uxbg3f.execute-api.eu-central-1.amazonaws.com/mtchoun-mouh-snyk-fix-werkzeug-dev" website_url = "http://mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm.s3-website.eu-central-1.amazonaws.com" ```

[billmetangmo]

Plan Result

CI link

Plan: 1 to add, 2 to change, 0 to destroy.

• Create
  • local_file.index_page
• Update
  • aws_s3_bucket.images
  • aws_s3_bucket.website

Change Result (Click me)

```hcl # aws_s3_bucket.images will be updated in-place ~ resource "aws_s3_bucket" "images" { id = "mtchoun-mouh-snyk-fix-werkzeug-djansang" tags = { "Name" = "images" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (11 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (1 unchanged block hidden) } # aws_s3_bucket.website will be updated in-place ~ resource "aws_s3_bucket" "website" { id = "mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm" tags = { "Name" = "Website" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (13 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (3 unchanged blocks hidden) } # local_file.index_page will be created + resource "local_file" "index_page" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0777" + filename = "../html/index.html" + id = (known after apply) } Plan: 1 to add, 2 to change, 0 to destroy. ```

[billmetangmo]

:white_check_mark: Apply Succeeded

CI link

Apply complete! Resources: 1 added, 2 changed, 0 destroyed.

Details (Click me)

```hcl Running apply in the remote backend. Output will stream here. Pressing Ctrl-C will cancel the remote apply if it's still pending. If the apply started it will stop streaming the logs, but will not stop the apply running remotely. Preparing the remote apply... To view this run in a browser, visit: https://app.terraform.io/app/tfc-mongulu-cm/mtchoun-mouh-snyk-fix-werkzeug/runs/run-QcM4WHVx2v8AvdBt Waiting for the plan to start... Terraform v1.9.6 on linux_amd64 Initializing plugins and modules... data.archive_file.lambda_zip: Reading... data.archive_file.lambda_zip: Read complete after 0s [id=a302387976ce74579a87a903dcc6149f70895053] data.aws_iam_role.role: Reading... aws_cloudwatch_event_rule.scheduler: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan] data.aws_caller_identity.current: Reading... aws_dynamodb_table.Users: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-Users] aws_api_gateway_rest_api.api: Refreshing state... [id=qyz3uxbg3f] aws_lambda_layer_version.test_lambda_layer: Refreshing state... [id=arn:aws:lambda:eu-central-1:053932140667:layer:test_lambda_layer:9] aws_dynamodb_table.Register: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-Register] aws_s3_bucket.website: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_dynamodb_table.Link_table: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-Link_table] aws_s3_bucket.images: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] data.aws_caller_identity.current: Read complete after 0s [id=053932140667] data.aws_iam_role.role: Read complete after 0s [id=website-deployer] aws_lambda_function.scan: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam] aws_lambda_function.lambda: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam] aws_api_gateway_resource.resource: Refreshing state... [id=m808a2] aws_api_gateway_method.method: Refreshing state... [id=agm-qyz3uxbg3f-m808a2-POST] module.cors.aws_api_gateway_method._: Refreshing state... [id=agm-qyz3uxbg3f-m808a2-OPTIONS] aws_lambda_permission.allow_cloudwatch_to_call_check_foo: Refreshing state... [id=AllowExecutionFromCloudWatch] aws_cloudwatch_event_target.target: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan-lambda] module.cors.aws_api_gateway_method_response._: Refreshing state... [id=agmr-qyz3uxbg3f-m808a2-OPTIONS-200] module.cors.aws_api_gateway_integration._: Refreshing state... [id=agi-qyz3uxbg3f-m808a2-OPTIONS] aws_lambda_permission.apigw_lambda: Refreshing state... [id=AllowExecutionFromAPIGateway] aws_api_gateway_method_response.method_response_200: Refreshing state... [id=agmr-qyz3uxbg3f-m808a2-POST-200] aws_api_gateway_integration.integration: Refreshing state... [id=agi-qyz3uxbg3f-m808a2-POST] aws_api_gateway_deployment.test: Refreshing state... [id=3ljwzn] module.cors.aws_api_gateway_integration_response._: Refreshing state... [id=agir-qyz3uxbg3f-m808a2-OPTIONS-200] local_file.index_page: Refreshing state... [id=504f2bacdec0b4fcb16af56cd7185e92f24a1c5e] aws_s3_bucket_public_access_block.website: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_s3_bucket_object.example_file: Refreshing state... [id=index.html] aws_s3_bucket_policy.website: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # aws_s3_bucket.images will be updated in-place ~ resource "aws_s3_bucket" "images" { id = "mtchoun-mouh-snyk-fix-werkzeug-djansang" tags = { "Name" = "images" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (11 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (1 unchanged block hidden) } # aws_s3_bucket.website will be updated in-place ~ resource "aws_s3_bucket" "website" { id = "mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm" tags = { "Name" = "Website" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (13 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (3 unchanged blocks hidden) } # local_file.index_page will be created + resource "local_file" "index_page" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0777" + filename = "../html/index.html" + id = (known after apply) } Plan: 1 to add, 2 to change, 0 to destroy. ------------------------------------------------------------------------ Cost estimation: Resources: 3 of 5 estimated $1.6848/mo +$0.0 ------------------------------------------------------------------------ aws_s3_bucket.images: Modifying... [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] aws_s3_bucket.website: Modifying... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] local_file.index_page: Creating... local_file.index_page: Creation complete after 0s [id=504f2bacdec0b4fcb16af56cd7185e92f24a1c5e] aws_s3_bucket.images: Modifications complete after 5s [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] aws_s3_bucket.website: Modifications complete after 5s [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] Apply complete! Resources: 1 added, 2 changed, 0 destroyed. Outputs: register_table = "mtchoun-mouh-snyk-fix-werkzeug-Register" stage_url = "https://qyz3uxbg3f.execute-api.eu-central-1.amazonaws.com/mtchoun-mouh-snyk-fix-werkzeug-dev" website_url = "http://mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm.s3-website.eu-central-1.amazonaws.com" ```

[billmetangmo]

Plan Result

CI link

Plan: 1 to add, 2 to change, 0 to destroy.

• Create
  • local_file.index_page
• Update
  • aws_s3_bucket.images
  • aws_s3_bucket.website

Change Result (Click me)

```hcl # aws_s3_bucket.images will be updated in-place ~ resource "aws_s3_bucket" "images" { id = "mtchoun-mouh-snyk-fix-werkzeug-djansang" tags = { "Name" = "images" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (11 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (1 unchanged block hidden) } # aws_s3_bucket.website will be updated in-place ~ resource "aws_s3_bucket" "website" { id = "mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm" tags = { "Name" = "Website" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (13 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (3 unchanged blocks hidden) } # local_file.index_page will be created + resource "local_file" "index_page" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0777" + filename = "../html/index.html" + id = (known after apply) } Plan: 1 to add, 2 to change, 0 to destroy. ```

[billmetangmo]

:white_check_mark: Apply Succeeded

CI link

Apply complete! Resources: 1 added, 2 changed, 0 destroyed.

Details (Click me)

```hcl Running apply in the remote backend. Output will stream here. Pressing Ctrl-C will cancel the remote apply if it's still pending. If the apply started it will stop streaming the logs, but will not stop the apply running remotely. Preparing the remote apply... To view this run in a browser, visit: https://app.terraform.io/app/tfc-mongulu-cm/mtchoun-mouh-snyk-fix-werkzeug/runs/run-V2K3trQE7t9m64Qz Waiting for the plan to start... Terraform v1.9.6 on linux_amd64 Initializing plugins and modules... data.archive_file.lambda_zip: Reading... data.archive_file.lambda_zip: Read complete after 0s [id=a302387976ce74579a87a903dcc6149f70895053] data.aws_iam_role.role: Reading... aws_cloudwatch_event_rule.scheduler: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan] aws_dynamodb_table.Link_table: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-Link_table] aws_api_gateway_rest_api.api: Refreshing state... [id=qyz3uxbg3f] aws_s3_bucket.images: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] data.aws_caller_identity.current: Reading... aws_lambda_layer_version.test_lambda_layer: Refreshing state... [id=arn:aws:lambda:eu-central-1:053932140667:layer:test_lambda_layer:9] aws_s3_bucket.website: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_dynamodb_table.Users: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-Users] aws_dynamodb_table.Register: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-Register] data.aws_caller_identity.current: Read complete after 0s [id=053932140667] data.aws_iam_role.role: Read complete after 0s [id=website-deployer] aws_lambda_function.scan: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-scan_user_consulcam] aws_lambda_function.lambda: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-user_registration_consulcam] aws_api_gateway_resource.resource: Refreshing state... [id=m808a2] aws_api_gateway_method.method: Refreshing state... [id=agm-qyz3uxbg3f-m808a2-POST] module.cors.aws_api_gateway_method._: Refreshing state... [id=agm-qyz3uxbg3f-m808a2-OPTIONS] aws_lambda_permission.allow_cloudwatch_to_call_check_foo: Refreshing state... [id=AllowExecutionFromCloudWatch] aws_cloudwatch_event_target.target: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-trigger_user_scan-lambda] module.cors.aws_api_gateway_method_response._: Refreshing state... [id=agmr-qyz3uxbg3f-m808a2-OPTIONS-200] module.cors.aws_api_gateway_integration._: Refreshing state... [id=agi-qyz3uxbg3f-m808a2-OPTIONS] aws_api_gateway_method_response.method_response_200: Refreshing state... [id=agmr-qyz3uxbg3f-m808a2-POST-200] aws_lambda_permission.apigw_lambda: Refreshing state... [id=AllowExecutionFromAPIGateway] aws_api_gateway_integration.integration: Refreshing state... [id=agi-qyz3uxbg3f-m808a2-POST] module.cors.aws_api_gateway_integration_response._: Refreshing state... [id=agir-qyz3uxbg3f-m808a2-OPTIONS-200] aws_api_gateway_deployment.test: Refreshing state... [id=3ljwzn] local_file.index_page: Refreshing state... [id=504f2bacdec0b4fcb16af56cd7185e92f24a1c5e] aws_s3_bucket_public_access_block.website: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] aws_s3_bucket_object.example_file: Refreshing state... [id=index.html] aws_s3_bucket_policy.website: Refreshing state... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # aws_s3_bucket.images will be updated in-place ~ resource "aws_s3_bucket" "images" { id = "mtchoun-mouh-snyk-fix-werkzeug-djansang" tags = { "Name" = "images" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (11 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (1 unchanged block hidden) } # aws_s3_bucket.website will be updated in-place ~ resource "aws_s3_bucket" "website" { id = "mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm" tags = { "Name" = "Website" "environment" = "mtchoun-mouh-master" "project" = "mtchoun-mouh" } # (13 unchanged attributes hidden) - server_side_encryption_configuration { - rule { - bucket_key_enabled = false -> null - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" -> null # (1 unchanged attribute hidden) } } } # (3 unchanged blocks hidden) } # local_file.index_page will be created + resource "local_file" "index_page" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "0777" + filename = "../html/index.html" + id = (known after apply) } Plan: 1 to add, 2 to change, 0 to destroy. ------------------------------------------------------------------------ Cost estimation: Resources: 3 of 5 estimated $1.6848/mo +$0.0 ------------------------------------------------------------------------ aws_s3_bucket.images: Modifying... [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] aws_s3_bucket.website: Modifying... [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] local_file.index_page: Creating... local_file.index_page: Creation complete after 0s [id=504f2bacdec0b4fcb16af56cd7185e92f24a1c5e] aws_s3_bucket.images: Modifications complete after 5s [id=mtchoun-mouh-snyk-fix-werkzeug-djansang] aws_s3_bucket.website: Modifications complete after 5s [id=mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm] Apply complete! Resources: 1 added, 2 changed, 0 destroyed. Outputs: register_table = "mtchoun-mouh-snyk-fix-werkzeug-Register" stage_url = "https://qyz3uxbg3f.execute-api.eu-central-1.amazonaws.com/mtchoun-mouh-snyk-fix-werkzeug-dev" website_url = "http://mtchoun-mouh-snyk-fix-werkzeug-mtchoun-mouh.mongulu.cm.s3-website.eu-central-1.amazonaws.com" ```