feat: create new oonith ecs_cluster

Terraform Run Output 🤖

Format and Style 🖌`failure`

Initialization ⚙️`success`

Validation 🤖`success`

Validation Output

``` $ terraform validate Success! The configuration is valid. ```

Plan 📖`success`

Plan: 10 to add, 1 to change, 0 to destroy.

Show Plan

``` $ terraform plan Acquiring state lock. This may take a few moments... module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758] module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203] random_id.artifact_id: Refreshing state... [id=8Ujqew] random_password.jwt_secret: Refreshing state... [id=none] random_password.prometheus_metrics_password: Refreshing state... [id=none] module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670] module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading... module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster] module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth] module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading... aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ] module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading... aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b] module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading... module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role] module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=2785224313] module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi] aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS] module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257] aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw] module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role] data.aws_availability_zones.available: Reading... module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops] module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended] module.ooniapi_oonirun.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/879f6ecd-9260-489a-a120-a578677fe254] module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Reading... module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 1s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended] module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt] module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [id=admin+dev@ooni.org] module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role] module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth] module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy] module.ooniapi_frontend.aws_acm_certificate.ooniapi: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2] module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy] module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Reading... data.aws_availability_zones.available: Read complete after 1s [id=eu-central-1] module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr] module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading... module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd] module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx] module.ooniapi_ooniauth.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/2202d88a-dd01-478d-af5c-e71ed70817c3] module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 0s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id] module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github] module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:14] module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading... module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun] module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun] module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257] module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth] module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT] module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:11] module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy] module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role] aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005] module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster] module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role] aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008] module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt|terraform-20240310164138349500000001] module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster] module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy] module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops] module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIY7OIFEQBN] module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001] module.ooniapi_oonirun.aws_route53_record.ooniapi_service_validation["oonirun.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__2eedf4cd60d6661d37cc36317849f2a4.oonirun.api.dev.ooni.io._CNAME] module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006] module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun] module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007] module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME] module.ooniapi_ooniauth.aws_route53_record.ooniapi_service_validation["ooniauth.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__e8e7f4bd29329533805dd684fb3c1cf5.ooniauth.api.dev.ooni.io._CNAME] module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240313203054132800000001] aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528] module.oonipg.random_password.pg_password: Refreshing state... [id=none] module.terraform_state_backend.data.aws_region.current: Reading... module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1] module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC] module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9] module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading... module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363] module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading... module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363] module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock] module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi: Refreshing state... [id=2024-03-10 17:19:18.261 +0000 UTC] module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002] module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1] module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1] module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth] module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun] module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth] module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun] module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1] module.network.aws_subnet.main[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef] module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-mapped/1d4e4c4789864cd3] module.network.aws_subnet.main[0]: Refreshing state... [id=subnet-0e7a4478be988463f] module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-0a9cdefae27025e5d] module.ooni_backendproxy.aws_security_group.nginx_sg: Refreshing state... [id=sg-0a06ff444314a32ea] module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-direct/930ce65884ee161e] module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-direct/d9d4c36932007629] module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-mapped/11f47c7ba02ce5b5] module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooni-backendproxy/f8ec3c5af20fff6f] module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-067fbf5952f79c6d0] module.network.aws_route_table.r: Refreshing state... [id=rtb-0bbf2b9ab4843cb17] module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng] module.ooni_backendproxy.aws_launch_template.ooni_backendproxy: Refreshing state... [id=lt-02ae2b46369a252fe] module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0ba21672c9ad75937] module.network.aws_route_table_association.a[1]: Refreshing state... [id=rtbassoc-06b1cb607df775424] module.network.aws_route_table_association.a[0]: Refreshing state... [id=rtbassoc-042ec84b0762fc826] module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6] module.ooniapi_oonirun.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-oonirun/b9f74ff75fec23f6] module.ooniapi_ooniauth.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniauth/b23b435019fd8ab3] module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64] module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.ooni_backendproxy.aws_autoscaling_group.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001] module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003] module.ooniapi_frontend.aws_route53_record.ooniapi: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A] module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1] module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd] module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z] module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.ooniapi_ooniauth.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/6a4847ad88d80668] module.ooniapi_ooniauth.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/65afb2dc6b055829] module.ooniapi_ooniauth.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.api.dev.ooni.io_A] module.ooniapi_oonirun.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.api.dev.ooni.io_A] module.ooniapi_oonirun.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/b7c2581f2b3ac357] module.ooniapi_oonirun.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/f8565f9258861bb5] module.ooni_backendproxy.aws_autoscaling_attachment.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001-20240310171855273500000002] module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4] module.ooniapi_oonirun.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 17:00:38.999 +0000 UTC] module.ooniapi_ooniauth.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 19:35:39.331 +0000 UTC] aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004] aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME] module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5] module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc] module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td] module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun] module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform planned the following actions, but then encountered a problem: # aws_codestarconnections_connection.ooniapi has moved to aws_codestarconnections_connection.oonidevops resource "aws_codestarconnections_connection" "oonidevops" { id = "arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528" name = "ooniapi" tags = {} # (4 unchanged attributes hidden) } # aws_s3_bucket.oonith_codepipeline_bucket will be created + resource "aws_s3_bucket" "oonith_codepipeline_bucket" { + acceleration_status = (known after apply) + acl = (known after apply) + arn = (known after apply) + bucket = "codepipeline-oonith-eu-central-1-f148ea7b" + bucket_domain_name = (known after apply) + bucket_prefix = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = false + hosted_zone_id = (known after apply) + id = (known after apply) + object_lock_enabled = (known after apply) + policy = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags_all = (known after apply) + website_domain = (known after apply) + website_endpoint = (known after apply) } # module.oonidevops_github_user.aws_iam_user.oonidevops_github will be updated in-place ~ resource "aws_iam_user" "oonidevops_github" { id = "oonidevops-github" name = "oonidevops-github" ~ tags = { - "AKIA5FTZELIY34UMRZ6H" = "ooni-devops-github-user" -> null "Environment" = "dev" "Name" = "oonidevops-dev" "Repository" = "https://github.com/ooni/devops" } ~ tags_all = { - "AKIA5FTZELIY34UMRZ6H" = "ooni-devops-github-user" -> null # (3 unchanged elements hidden) } # (4 unchanged attributes hidden) } # module.oonith_cluster.aws_autoscaling_group.container_host will be created + resource "aws_autoscaling_group" "container_host" { + arn = (known after apply) + availability_zones = (known after apply) + default_cooldown = (known after apply) + desired_capacity = 2 + force_delete = false + force_delete_warm_pool = false + health_check_grace_period = 300 + health_check_type = (known after apply) + id = (known after apply) + ignore_failed_scaling_activities = false + load_balancers = (known after apply) + max_size = 6 + metrics_granularity = "1Minute" + min_size = 2 + name = (known after apply) + name_prefix = "oonith-ecs-cluster" + predicted_capacity = (known after apply) + protect_from_scale_in = false + service_linked_role_arn = (known after apply) + target_group_arns = (known after apply) + vpc_zone_identifier = [ + "subnet-0b18966cccfc9d5ef", + "subnet-0e7a4478be988463f", ] + wait_for_capacity_timeout = "10m" + warm_pool_size = (known after apply) + instance_refresh { + strategy = "Rolling" + triggers = [ + "tag", ] + preferences { + max_healthy_percentage = 100 + min_healthy_percentage = 50 + scale_in_protected_instances = "Ignore" + skip_matching = false + standby_instances = "Ignore" } } + launch_template { + id = (known after apply) + name = (known after apply) + version = "$Latest" } } # module.oonith_cluster.aws_cloudwatch_log_group.ooniapi_services will be created + resource "aws_cloudwatch_log_group" "ooniapi_services" { + arn = (known after apply) + id = (known after apply) + log_group_class = (known after apply) + name = "ooni-ecs-group/oonith-ecs-cluster" + name_prefix = (known after apply) + retention_in_days = 0 + skip_destroy = false + tags_all = (known after apply) } # module.oonith_cluster.aws_ecs_cluster.main will be created + resource "aws_ecs_cluster" "main" { + arn = (known after apply) + id = (known after apply) + name = "oonith-ecs-cluster" + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + tags_all = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + configuration { + execute_command_configuration { + logging = "OVERRIDE" + log_configuration { + cloud_watch_log_group_name = "ooni-ecs-group/oonith-ecs-cluster" } } } } # module.oonith_cluster.aws_iam_instance_profile.container_host will be created + resource "aws_iam_instance_profile" "container_host" { + arn = (known after apply) + create_date = (known after apply) + id = (known after apply) + name = "oonith-ecs-cluster" + name_prefix = (known after apply) + path = "/" + role = "oonith-ecs-cluster-container-host-role" + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + tags_all = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + unique_id = (known after apply) } # module.oonith_cluster.aws_iam_role.container_host will be created + resource "aws_iam_role" "container_host" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ec2.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "oonith-ecs-cluster-container-host-role" + name_prefix = (known after apply) + path = "/" + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + tags_all = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + unique_id = (known after apply) } # module.oonith_cluster.aws_iam_role_policy.container_host will be created + resource "aws_iam_role_policy" "container_host" { + id = (known after apply) + name = "oonith-ecs-cluster-instance-role-policy" + name_prefix = (known after apply) + policy = jsonencode( { + Statement = [ + { + Action = [ + "ec2:DescribeTags", + "ecs:CreateCluster", + "ecs:TagResource", + "ecs:UntagResource", + "ecs:DeregisterContainerInstance", + "ecs:DiscoverPollEndpoint", + "ecs:Poll", + "ecs:RegisterContainerInstance", + "ecs:StartTelemetrySession", + "ecs:UpdateContainerInstancesState", + "ecs:Submit*", + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "logs:CreateLogStream", + "logs:PutLogEvents", ] + Effect = "Allow" + Resource = "*" + Sid = "ecsInstanceRole" }, + { + Action = "ecs:TagResource" + Condition = { + StringEquals = { + "ecs:CreateAction" = [ + "CreateCluster", + "RegisterContainerInstance", ] } } + Effect = "Allow" + Resource = "*" }, + { + Action = [ + "logs:*", + "cloudwatch:GenerateQuery", ] + Effect = "Allow" + Resource = "*" + Sid = "CloudWatchLogsFullAccess" }, + { + Action = [ + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds", ] + Effect = "Allow" + Resource = "*" }, + { + Action = "secretsmanager:ListSecrets" + Effect = "Allow" + Resource = "*" }, + { + Action = [ + "ec2:Describe*", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:Describe*", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:RegisterTargets", ] + Effect = "Allow" + Resource = "*" }, ] + Version = "2012-10-17" } ) + role = "oonith-ecs-cluster-container-host-role" } # module.oonith_cluster.aws_launch_template.container_host will be created + resource "aws_launch_template" "container_host" { + arn = (known after apply) + default_version = (known after apply) + id = (known after apply) + image_id = (sensitive value) + instance_initiated_shutdown_behavior = "terminate" + instance_type = "t2.small" + key_name = "oonidevops" + latest_version = (known after apply) + name = (known after apply) + name_prefix = "oonith-ecs-cluster" + tags_all = (known after apply) + update_default_version = true + user_data = "IyEvYmluL2Jhc2gKCmNhdCA8PCdFT0YnID4+IC9ldGMvZWNzL2Vjcy5jb25maWcKRUNTX0NMVVNURVI9b29uaXRoLWVjcy1jbHVzdGVyCkVDU19MT0dMRVZFTD1kZWJ1ZwpFQ1NfQ09OVEFJTkVSX0lOU1RBTkNFX1RBR1M9eyJFbnZpcm9ubWVudCI6ImRldiIsIk5hbWUiOiJvb25pLXRpZXIwLXRoLWVjcy1jbHVzdGVyIiwiUmVwb3NpdG9yeSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9vb25pL2Rldm9wcyJ9CkVDU19FTkFCTEVfVEFTS19JQU1fUk9MRT10cnVlCkVPRgoK" + block_device_mappings { + device_name = "/dev/sdf" + ebs { + delete_on_termination = "true" + iops = (known after apply) + throughput = (known after apply) + volume_size = 5 + volume_type = (known after apply) } } + iam_instance_profile { + name = "oonith-ecs-cluster" } + network_interfaces { + associate_public_ip_address = "true" + delete_on_termination = "true" + security_groups = (known after apply) } + tag_specifications { + resource_type = "instance" + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } } } # module.oonith_cluster.aws_security_group.container_host will be created + resource "aws_security_group" "container_host" { + arn = (known after apply) + description = "controls direct access to application instances" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 22 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 22 }, + { + cidr_blocks = [] + description = "" + from_port = 32768 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = (known after apply) + self = false + to_port = 61000 }, ] + name = "oonith-ecs-cluster-container-host-sg" + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + tags_all = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + vpc_id = "vpc-0e382f3ad89286de9" } # module.oonith_cluster.aws_security_group.web will be created + resource "aws_security_group" "web" { + arn = (known after apply) + description = "controls access to the applications ELB web endpoint" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 443 }, + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 80 }, ] + name = "oonith-ecs-cluster-web-sg" + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + tags_all = { + "Environment" = "dev" + "Name" = "ooni-tier0-th-ecs-cluster" + "Repository" = "https://github.com/ooni/devops" } + vpc_id = "vpc-0e382f3ad89286de9" } Plan: 10 to add, 1 to change, 0 to destroy. ```


Pusher	@DecFox
Action	pull_request
Environment	dev
Workflow	.github/workflows/check_terraform.yml
Last updated	Wed, 20 Mar 2024 18:28:57 GMT

ooni / devops