Skip to content

Instantly share code, notes, and snippets.

@koomar

koomar/terraform

Created November 15, 2024 01:17
Show Gist options
  • Save koomar/510fb4a6a106f8e4c9b48f7089279bea to your computer and use it in GitHub Desktop.
Save koomar/510fb4a6a106f8e4c9b48f7089279bea to your computer and use it in GitHub Desktop.
Download ZIP
Raw
terraform
Terraform will perform the following actions:
# module.api.aws_security_group_rule.api_to_kafka will be destroyed
- resource "aws_security_group_rule" "api_to_kafka" {
- cidr_blocks = [
- "10.0.0.0/16",
] -> null
- from_port = 9090 -> null
- id = "sgrule-2178268983" -> null
- protocol = "tcp" -> null
- security_group_id = "sg-01b34b0cf05129e7d" -> null
- security_group_rule_id = "sgr-081170c8f0be3b557" -> null
- self = false -> null
- to_port = 9100 -> null
- type = "egress" -> null
}
# module.cloudwatch_kms_key.aws_kms_key.<concealed by 1Password> will be updated in-place
~ resource "aws_kms_key" "<concealed by 1Password>" {
id = "c242ccdc-f629-4281-bbaa-efcb0da06253"
~ policy = jsonencode(
~ {
~ Statement = [
~ {
~ Principal = {
~ AWS = [
- "arn:aws:iam::792589095231:user/nick",
- "arn:aws:iam::792589095231:role/human-superusers",
+ "arn:aws:iam::792589095231:user/sunil",
"arn:aws:iam::792589095231:user/simon",
- "arn:aws:iam::792589095231:user/alex",
- "arn:aws:iam::792589095231:user/eric",
- "arn:aws:iam::792589095231:user/isaac",
+ "arn:aws:iam::792589095231:user/pranavib",
"arn:aws:iam::792589095231:user/paul",
+ "arn:aws:iam::792589095231:user/nick",
"arn:aws:iam::792589095231:user/jacob",
- "arn:aws:iam::792589095231:user/acv",
- "arn:aws:iam::792589095231:user/sunil",
- "arn:aws:iam::792589095231:role/human-engineers",
+ "arn:aws:iam::792589095231:user/isaac",
"arn:aws:iam::792589095231:user/grant.zhu",
+ "arn:aws:iam::792589095231:user/eric",
"arn:aws:iam::792589095231:user/apt",
- "AIDA3RCP52E7W5H5S6GCB",
"arn:aws:iam::792589095231:user/andy",
- "arn:aws:iam::792589095231:user/abhijeet",
- "AIDA3RCP52E7TGDM6RPK5",
+ "arn:aws:iam::792589095231:user/alex",
"arn:aws:iam::792589095231:user/adam",
+ "arn:aws:iam::792589095231:user/acv",
+ "arn:aws:iam::792589095231:user/acoles",
+ "arn:aws:iam::792589095231:user/abhijeet",
+ "arn:aws:iam::792589095231:role/human-superusers",
+ "arn:aws:iam::792589095231:role/human-engineers",
]
}
# (4 unchanged elements hidden)
},
~ {
~ Principal = {
~ Service = [
- "cloudwatch.amazonaws.com",
"s3.amazonaws.com",
+ "cloudwatch.amazonaws.com",
]
}
# (4 unchanged elements hidden)
},
]
# (1 unchanged element hidden)
}
)
tags = {}
# (11 unchanged attributes hidden)
}
# module.api.module.lease_upload.data.aws_iam_policy_document.<concealed by 1Password> will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "<concealed by 1Password>" {
~ id = "2987607607" -> (known after apply)
~ json = jsonencode(
{
- Statement = [
- {
- Action = "sns:Publish"
- Effect = "Allow"
- Principal = {
- Service = "s3.amazonaws.com"
}
- Resource = "arn:aws:sns:us-west-2:792589095231:api-dhleaseupload"
- Sid = "AllowCloudwatchPublishAlarms"
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
- version = "2012-10-17" -> null
~ statement {
- not_actions = [] -> null
- not_resources = [] -> null
# (4 unchanged attributes hidden)
# (1 unchanged block hidden)
}
}
# module.api.module.lease_upload.aws_sns_topic_policy.<concealed by 1Password> will be updated in-place
~ resource "aws_sns_topic_policy" "<concealed by 1Password>" {
id = "arn:aws:sns:us-west-2:792589095231:api-dhleaseupload"
~ policy = jsonencode(
{
- Statement = [
- {
- Action = "sns:Publish"
- Effect = "Allow"
- Principal = {
- Service = "s3.amazonaws.com"
}
- Resource = "arn:aws:sns:us-west-2:792589095231:api-dhleaseupload"
- Sid = "AllowCloudwatchPublishAlarms"
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
# (2 unchanged attributes hidden)
}
# module.api.module.metric_alarm.data.aws_iam_policy_document.<concealed by 1Password> will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "<concealed by 1Password>" {
~ id = "3865594335" -> (known after apply)
~ json = jsonencode(
{
- Statement = [
- {
- Action = "sns:Publish"
- Effect = "Allow"
- Principal = {
- Service = "cloudwatch.amazonaws.com"
}
- Resource = "arn:aws:sns:us-west-2:792589095231:api-metric-alarms"
- Sid = "AllowCloudwatchPublishAlarms"
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
- version = "2012-10-17" -> null
~ statement {
- not_actions = [] -> null
- not_resources = [] -> null
# (4 unchanged attributes hidden)
# (1 unchanged block hidden)
}
}
# module.api.module.metric_alarm.aws_sns_topic_policy.<concealed by 1Password> will be updated in-place
~ resource "aws_sns_topic_policy" "<concealed by 1Password>" {
id = "arn:aws:sns:us-west-2:792589095231:api-metric-alarms"
~ policy = jsonencode(
{
- Statement = [
- {
- Action = "sns:Publish"
- Effect = "Allow"
- Principal = {
- Service = "cloudwatch.amazonaws.com"
}
- Resource = "arn:aws:sns:us-west-2:792589095231:api-metric-alarms"
- Sid = "AllowCloudwatchPublishAlarms"
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
# (2 unchanged attributes hidden)
}
# module.api.module.svc.aws_autoscaling_group.<concealed by 1Password> must be replaced
+/- resource "aws_autoscaling_group" "<concealed by 1Password>" {
~ arn = "arn:aws:autoscaling:us-west-2:792589095231:autoScalingGroup:3ab3c42c-3e80-4024-ba74-b170f9152d2c:autoScalingGroupName/api-v4-group20191217214459121800000002-89" -> (known after apply)
~ availability_zones = [
- "us-west-2a",
- "us-west-2b",
- "us-west-2c",
- "us-west-2d",
] -> (known after apply)
- capacity_rebalance = false -> null
~ <concealed by 1Password>_cooldown = 300 -> (known after apply)
- <concealed by 1Password>_instance_warmup = 0 -> null
~ health_check_type = "EC2" -> "ELB"
~ id = "api-v4-group20191217214459121800000002-89" -> (known after apply)
~ load_balancers = [] -> (known after apply)
~ name = "api-v4-group20191217214459121800000002-89" -> (known after apply) # forces replacement
+ name_prefix = (known after apply)
~ predicted_capacity = 0 -> (known after apply)
~ service_linked_role_arn = "arn:aws:iam::792589095231:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" -> (known after apply)
- suspended_processes = [] -> null
~ warm_pool_size = 0 -> (known after apply)
# (16 unchanged attributes hidden)
~ launch_template {
id = "lt-021d1b2418be2b759"
~ name = "group20191217214459121800000002" -> (known after apply)
# (1 unchanged attribute hidden)
}
+ mixed_instances_policy {
+ instances_distribution {
+ on_demand_allocation_strategy = (known after apply)
+ on_demand_base_capacity = (known after apply)
+ on_demand_percentage_above_base_capacity = (known after apply)
+ spot_allocation_strategy = (known after apply)
+ spot_instance_pools = (known after apply)
+ spot_max_price = (known after apply)
}
+ launch_template {
+ launch_template_specification {
+ launch_template_id = (known after apply)
+ launch_template_name = (known after apply)
+ version = (known after apply)
}
+ override {
+ instance_type = (known after apply)
+ weighted_capacity = (known after apply)
+ instance_requirements {
+ accelerator_manufacturers = (known after apply)
+ accelerator_names = (known after apply)
+ accelerator_types = (known after apply)
+ allowed_instance_types = (known after apply)
+ bare_metal = (known after apply)
+ burstable_performance = (known after apply)
+ cpu_manufacturers = (known after apply)
+ excluded_instance_types = (known after apply)
+ instance_generations = (known after apply)
+ local_storage = (known after apply)
+ local_storage_types = (known after apply)
+ on_demand_max_price_percentage_over_lowest_price = (known after apply)
+ require_hibernate_support = (known after apply)
+ spot_max_price_percentage_over_lowest_price = (known after apply)
+ accelerator_count {
+ max = (known after apply)
+ min = (known after apply)
}
+ accelerator_total_memory_mib {
+ max = (known after apply)
+ min = (known after apply)
}
+ baseline_ebs_bandwidth_mbps {
+ max = (known after apply)
+ min = (known after apply)
}
+ memory_gib_per_vcpu {
+ max = (known after apply)
+ min = (known after apply)
}
+ memory_mib {
+ max = (known after apply)
+ min = (known after apply)
}
+ network_bandwidth_gbps {
+ max = (known after apply)
+ min = (known after apply)
}
+ network_interface_count {
+ max = (known after apply)
+ min = (known after apply)
}
+ total_local_storage_gb {
+ max = (known after apply)
+ min = (known after apply)
}
+ vcpu_count {
+ max = (known after apply)
+ min = (known after apply)
}
}
+ launch_template_specification {
+ launch_template_id = (known after apply)
+ launch_template_name = (known after apply)
+ version = (known after apply)
}
}
}
}
- traffic_source {
- identifier = "arn:aws:elasticloadbalancing:us-west-2:792589095231:targetgroup/api-instances/435ea65ed849fd3c" -> null
- type = "elbv2" -> null
}
- traffic_source {
- identifier = "arn:aws:elasticloadbalancing:us-west-2:792589095231:targetgroup/api-wg-instances/85a8239a302879d7" -> null
- type = "elbv2" -> null
}
- traffic_source {
- identifier = "arn:aws:elasticloadbalancing:us-west-2:792589095231:targetgroup/login-instances/fed341f830583be7" -> null
- type = "elbv2" -> null
}
+ traffic_source {
+ identifier = (known after apply)
+ type = (known after apply)
}
# (4 unchanged blocks hidden)
}
# module.api.module.svc.aws_cloudwatch_metric_alarm.cpu[0] will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "cpu" {
~ dimensions = {
- "AutoScalingGroupName" = "api-v4-group20191217214459121800000002-89"
} -> (known after apply)
id = "api-cpu"
tags = {}
# (17 unchanged attributes hidden)
}
# module.api.module.svc.aws_iam_role.instance_user will be updated in-place
~ resource "aws_iam_role" "instance_user" {
~ assume_role_policy = jsonencode(
~ {
~ Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
Sid = "AssumeCodeRole"
},
~ {
~ Principal = {
~ AWS = [
- "AIDA3RCP52E7TGDM6RPK5",
- "arn:aws:iam::792589095231:user/acv",
- "arn:aws:iam::792589095231:user/andy",
- "arn:aws:iam::792589095231:user/alex",
- "arn:aws:iam::792589095231:user/adam",
- "arn:aws:iam::792589095231:user/paul",
- "arn:aws:iam::792589095231:user/isaac",
+ "arn:aws:iam::792589095231:user/sunil",
"arn:aws:iam::792589095231:user/simon",
- "arn:aws:iam::792589095231:user/eric",
"arn:aws:iam::792589095231:user/pranavib",
+ "arn:aws:iam::792589095231:user/paul",
+ "arn:aws:iam::792589095231:user/nick",
"arn:aws:iam::792589095231:user/jacob",
- "arn:aws:iam::792589095231:user/sunil",
- "arn:aws:iam::792589095231:user/abhijeet",
- "arn:aws:iam::792589095231:user/apt",
+ "arn:aws:iam::792589095231:user/isaac",
"arn:aws:iam::792589095231:user/grant.zhu",
- "arn:aws:iam::792589095231:user/nick",
+ "arn:aws:iam::792589095231:user/eric",
+ "arn:aws:iam::792589095231:user/apt",
+ "arn:aws:iam::792589095231:user/andy",
+ "arn:aws:iam::792589095231:user/alex",
+ "arn:aws:iam::792589095231:user/adam",
+ "arn:aws:iam::792589095231:user/acv",
+ "arn:aws:iam::792589095231:user/acoles",
+ "arn:aws:iam::792589095231:user/abhijeet",
]
}
# (3 unchanged elements hidden)
},
]
# (1 unchanged element hidden)
}
)
id = "api-instance-user"
name = "api-instance-user"
tags = {}
# (8 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# module.api.module.svc.aws_iam_role_policy.external will be updated in-place
~ resource "aws_iam_role_policy" "external" {
id = "api-instance-user:api-external-policy"
name = "api-external-policy"
~ policy = jsonencode(
~ {
~ Statement = [
# (21 unchanged elements hidden)
{
Action = "kms:Sign"
Condition = {
ForAnyValue:StringLike = {
kms:ResourceAliases = "alias/*-console-login-key"
}
}
Effect = "Allow"
Resource = "*"
Sid = "AllowSigning"
},
- {
- Action = "kafka:Get*"
- Effect = "Allow"
- Resource = "*"
- Sid = "AllowKafkaGetAccess"
},
- {
- Action = [
- "kafka-cluster:DescribeCluster",
- "kafka-cluster:Connect",
- "kafka-cluster:*",
]
- Effect = "Allow"
- Resource = "arn:aws:kafka:*:*:cluster/stats/*"
- Sid = "AllowKafkaAccess"
},
- {
- Action = [
- "kafka-cluster:WriteData",
- "kafka-cluster:ReadData",
- "kafka-cluster:*Topic*",
]
- Effect = "Allow"
- Resource = "arn:aws:kafka:*:*:topic/stats/*"
- Sid = "AllowKafkaTopicAccess"
},
]
# (1 unchanged element hidden)
}
)
# (1 unchanged attribute hidden)
}
# module.api.module.svc.aws_launch_template.<concealed by 1Password> will be updated in-place
~ resource "aws_launch_template" "<concealed by 1Password>" {
id = "lt-021d1b2418be2b759"
~ instance_type = "t3a.medium" -> "t3a.large"
~ latest_version = 89 -> (known after apply)
name = "group20191217214459121800000002"
tags = {}
# (11 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Plan: 1 to add, 7 to change, 2 to destroy.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment